filmaijums.net/2747-hana-hanna-2011.html
93.115.28.104200 OK 500 B URL HTTP/1.1 filmaijums.net/2747-hana-hanna-2011.html
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (500), with no line terminators
Hash d51c72132c41be5e5856d7bd6d8c25d3
e202f27e152dae315f509ba9441724944b106af2
2a61c43ebd5e64329179c8a4cbfeebd17208df8899cb64b802f275e6e7d50128
Analyzer Verdict Alert fortinet Phishing
GET /2747-hana-hanna-2011.html HTTP/1.1
Host: filmaijums.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 500
content-type: text/html; charset=utf-8
date: Sun, 25 Dec 2022 01:09:32 GMT
server: nginx
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ad598540c6639aaaa344fb3ce4f3162f
b0b9f86d50de7dc23bdc7aee2f45d79a06165afc
4e9aaff330ce0c9c11f6bb8502fe21296b1845151bace75f73908a3194d5d0a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E9AAFF330CE0C9C11F6BB8502FE21296B1845151BACE75F73908A3194D5D0A1"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18187
Expires: Sun, 25 Dec 2022 06:12:41 GMT
Date: Sun, 25 Dec 2022 01:09:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ede732d48f2c32ad5e3b899bb4348df9
15fa12733818b3ae39f3022a715ed0f431b28242
446c9bf6bc38a43f5758f6f44f89ad76eff44eb8779cf7e62bbfeb002b298dee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "446C9BF6BC38A43F5758F6F44F89AD76EFF44EB8779CF7E62BBFEB002B298DEE"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7111
Expires: Sun, 25 Dec 2022 03:08:05 GMT
Date: Sun, 25 Dec 2022 01:09:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 25 Dec 2022 00:46:19 GMT
content-type: application/json
age: 1395
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6b1d63d9d906daa309dc263b4991bbe9
04680ddd86781d46dfe6a9671571b3ad1f3758f3
46fff7230b88de4cd81dfb0feb783d2dec27e49041f9257d2fb891030781bf6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46FFF7230B88DE4CD81DFB0FEB783D2DEC27E49041F9257D2FB891030781BF6C"
Last-Modified: Fri, 23 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3997
Expires: Sun, 25 Dec 2022 02:16:11 GMT
Date: Sun, 25 Dec 2022 01:09:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4hKN/NMQJhyvCo+rKd59cp2Q9HvcGqgyYLlcz03+yxk9iDRC4WZlqyzBUE3FXhnaxqoguyxcswo=
x-amz-request-id: TQ7ZS4MTG6B6VVT8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 25 Dec 2022 00:56:49 GMT
age: 765
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Dec 2022 01:09:34 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
filmaijums.net/favicon.ico
93.115.28.104404 Not Found 9 B URL HTTP/1.1 filmaijums.net/favicon.ico
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: filmaijums.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://filmaijums.net/2747-hana-hanna-2011.html
Cookie: sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 25 Dec 2022 01:09:33 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 25 Dec 2022 00:33:27 GMT
age: 2167
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3382
Cache-Control: max-age=118417
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 01:09:34 GMT
Etag: "63a6c129-1d7"
Expires: Mon, 26 Dec 2022 10:03:11 GMT
Last-Modified: Sat, 24 Dec 2022 09:06:49 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
filmaijums.net/2747-hana-hanna-2011.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MTkzNzc3MywiaWF0IjoxNjcxOTMwNTczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3B1N3Z0OGpvNDJhMG1kbDgxM2wycTgiLCJuYmYiOjE2NzE5MzA1NzMsInRzIjoxNjcxOTMwNTczODY5NjUwfQ.lt3_Y3STW1ZVfTydWnl93Ag9zXkgppGuH0zPnuKogCI&sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38
93.115.28.104302 Found 11 B URL HTTP/1.1 filmaijums.net/2747-hana-hanna-2011.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MTkzNzc3MywiaWF0IjoxNjcxOTMwNTczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3B1N3Z0OGpvNDJhMG1kbDgxM2wycTgiLCJuYmYiOjE2NzE5MzA1NzMsInRzIjoxNjcxOTMwNTczODY5NjUwfQ.lt3_Y3STW1ZVfTydWnl93Ag9zXkgppGuH0zPnuKogCI&sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /2747-hana-hanna-2011.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MTkzNzc3MywiaWF0IjoxNjcxOTMwNTczLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3B1N3Z0OGpvNDJhMG1kbDgxM2wycTgiLCJuYmYiOjE2NzE5MzA1NzMsInRzIjoxNjcxOTMwNTczODY5NjUwfQ.lt3_Y3STW1ZVfTydWnl93Ag9zXkgppGuH0zPnuKogCI&sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38 HTTP/1.1
Host: filmaijums.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://filmaijums.net/2747-hana-hanna-2011.html
Cookie: sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 25 Dec 2022 01:09:34 GMT
location: http://btpnative.com/click?data=dnNvekxHb2JJczdpZEp5UTBmN201QzBma2NXUlVrcXhHYjBrcTMzUk16TnE2a18zWDNPUTJfMFNIejRsSS1kNGNLRkRLdjdCWmtXNlJYSTJBZUJvZU1PVjl3clFFSFZsT0hzQlJHMW1USUxibDlJZWoySXhHWmU5bkJyVXd4QjRWM1ZRWXRzY0pOaGZQRnQ1WGZsc2dBMg2&id=96fcc22d-2e0a-4b89-8695-e8c20f1c8652
server: nginx
set-cookie: sid=7f5cf1a6-83f0-11ed-a20d-fbe6bb84df38; path=/; domain=.filmaijums.net; expires=Fri, 12 Jan 2091 04:23:42 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
54.69.181.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.69.181.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gLjeC98iep5cOjCy2MOuaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EH74lsRnSphJ0d2MT/XbFBEtNj8=
btpnative.com/click?data=dnNvekxHb2JJczdpZEp5UTBmN201QzBma2NXUlVrcXhHYjBrcTMzUk16TnE2a18zWDNPUTJfMFNIejRsSS1kNGNLRkRLdjdCWmtXNlJYSTJBZUJvZU1PVjl3clFFSFZsT0hzQlJHMW1USUxibDlJZWoySXhHWmU5bkJyVXd4QjRWM1ZRWXRzY0pOaGZQRnQ1WGZsc2dBMg2&id=96fcc22d-2e0a-4b89-8695-e8c20f1c8652
192.99.158.241200 OK 5.5 kB URL HTTP/1.1 btpnative.com/click?data=dnNvekxHb2JJczdpZEp5UTBmN201QzBma2NXUlVrcXhHYjBrcTMzUk16TnE2a18zWDNPUTJfMFNIejRsSS1kNGNLRkRLdjdCWmtXNlJYSTJBZUJvZU1PVjl3clFFSFZsT0hzQlJHMW1USUxibDlJZWoySXhHWmU5bkJyVXd4QjRWM1ZRWXRzY0pOaGZQRnQ1WGZsc2dBMg2&id=96fcc22d-2e0a-4b89-8695-e8c20f1c8652
IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash 789e64d1b3d970223b9ece60cf53d857
4478d04a90ff606ed53e95f5c0f8305c9f83d9e0
51433f45a0c96e918d140aadc6c1863da55dc68bfd342fd1be2756bf8625a15f
GET /click?data=dnNvekxHb2JJczdpZEp5UTBmN201QzBma2NXUlVrcXhHYjBrcTMzUk16TnE2a18zWDNPUTJfMFNIejRsSS1kNGNLRkRLdjdCWmtXNlJYSTJBZUJvZU1PVjl3clFFSFZsT0hzQlJHMW1USUxibDlJZWoySXhHWmU5bkJyVXd4QjRWM1ZRWXRzY0pOaGZQRnQ1WGZsc2dBMg2&id=96fcc22d-2e0a-4b89-8695-e8c20f1c8652 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://filmaijums.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: LBWGvKBrpWIJheD=LBWGvKBrpWIJheD; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 25 Dec 2022 01:09:34 GMT
Content-Length: 5470
btpnative.com/Redirect/
192.99.158.241302 Found 1.6 kB IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1491), with CRLF line terminators
Hash 4b74b5adea008f86a679463539208792
95d38780f27818652abdec1d620e432de96c9dba
d000a79cd2e80d103f0fafcfb0c46d6c33c471141a6db78f5a8c6e013587fba1
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=dnNvekxHb2JJczdpZEp5UTBmN201QzBma2NXUlVrcXhHYjBrcTMzUk16TnE2a18zWDNPUTJfMFNIejRsSS1kNGNLRkRLdjdCWmtXNlJYSTJBZUJvZU1PVjl3clFFSFZsT0hzQlJHMW1USUxibDlJZWoySXhHWmU5bkJyVXd4QjRWM1ZRWXRzY0pOaGZQRnQ1WGZsc2dBMg2&id=96fcc22d-2e0a-4b89-8695-e8c20f1c8652
Cookie: LBWGvKBrpWIJheD=LBWGvKBrpWIJheD
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nx2PzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmbtbz86wY80LHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXiFljJhYAgiJdDYp3zASJdod8BYZLSg7lNGNv3kspiJi7ZzTsHqM1rBAW7LQk93R5yeWFHVHTRuY-O4qYmnE-GvD6fXD_HFp6N9g_VHggU2Zruw8Y03efqYn-1N3MqzwDxXxA-Oruc-AxveYye6PUoRjJ9QT4ZiNKHq7ASpkLzw4rKiXEhfdygu_FDpAiX5cNoOEF2AGV3-Qfr5ek0ZmDZ8AehLA0JUBAasmL-sSxwj13xMubA-h6UUXN8vts4OW--XCDOPwi1OVGFTteajVQHXYiS4kYDVbYW1OE2lfB9bk0H2mg3Ck53MhNReYq8npg8lv01m5YXqmTzuSCbxBETXABXuCP7HePYIZWc0h1BCjnemHTFSCknMQsVZnYMDqVV_AmQeZNXCT4vmvc-7395Z4f5gmck_3FZ8KBMP8e1kV3nEICYO5uP9Hh5K10ACi_JFYLelzlhdPKc8ubyB4Egju2X-r1YsEAcsV8ixM7JLdz_Iz9k8HncZku9iyxP0M0hJWYM0H8yNlsEaaNH6Sd-_kx9Lp551AKBVkyGrbaaUzwXqEHsPtwi7YP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCUxN2LCQO8kYCtjYTj2awIYvwjg9mpKjXXpGGLtrKAA5_yqSHKyk6OBwoY2wwx05XgY64PFK9k0aZHWGMQciDxH9CFTf0UAieZMdlAg3wgFpaDEoQxbexcwnHrtMfE7V7qB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniv9XSxU3d9-FqhkU9ipFAQayrkZT5706hgdsAL4XwvVO5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aAWiaETa6gBQD2PGHlVjGfW8xWoddNyIhscPUAn6_mYpOfA7F2LD7xZpai5EQsiewDEsIaFmtSZppPazBTZm97QQs4zoE9Vgg0dRWAT5y5pgMzOeNwHfS3kiAyWBGPGlwO14ABKgxle9q1US5aoqlsnRRV4fognQnDmMMKiT1gysoStBFy6hW_1KYBuY1kwETunq3YN_0ZLzPyIHnumzzbls7W9H-fy0_uaHrLZE3F_n
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 25 Dec 2022 01:09:35 GMT
Content-Length: 1563
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash a772332050a5007ea6fe550137ec3d2e
6e3df1eeb6720883e6f3746e8a009744cdf1232a
4e0c8d289048f065aa7397821ee8555c2bb7bc9df93d76f066c3103476c6fd06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Dec 2022 01:09:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 22 Dec 2022 07:25:42 GMT
Expires: Thu, 29 Dec 2022 07:25:41 GMT
Etag: "6e3df1eeb6720883e6f3746e8a009744cdf1232a"
Cache-Control: max-age=367564,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77edb1346ace0b02-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12498
Expires: Sun, 25 Dec 2022 04:37:54 GMT
Date: Sun, 25 Dec 2022 01:09:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12498
Expires: Sun, 25 Dec 2022 04:37:54 GMT
Date: Sun, 25 Dec 2022 01:09:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12498
Expires: Sun, 25 Dec 2022 04:37:54 GMT
Date: Sun, 25 Dec 2022 01:09:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12498
Expires: Sun, 25 Dec 2022 04:37:54 GMT
Date: Sun, 25 Dec 2022 01:09:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aabf647f1b24d12d0bb809b1f84d433e
977626b728fa873144fef657bbe35345e82dac03
1695305ac78989c748b3a4edc5e5f1ac6f09bbea197b79a0d56aa4fc88734a46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98850704-5690-44ef-82a6-a47115c815b5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13469
x-amzn-requestid: b0d46c6a-beb1-4b33-929d-5cb524819f4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbpyhFlsoAMFT7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15676-3a82b1a8304f4fd926987f31;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 06:30:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cB3VUPzOfV8QQoWBdXTXq4FcqBlLhsyV41NCZXmCitwT4ddV9TgZxg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 19:50:42 GMT
age: 19134
etag: "977626b728fa873144fef657bbe35345e82dac03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e89b02f98520ca6888ef5be50bc38880
94446097c59ae77bc9e417928d54aaa38a13c337
2f2f303eae60e4ea8ee889424431125fa32728726b70e27536cf903a99af1c6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52c03f0a-a30c-400b-be52-c45ddd21f3f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10398
x-amzn-requestid: a6543702-6966-4b61-9f6b-c7f6fd2e498a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dobFjGwOoAMFR3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a67223-751bae6516ad4a6d0164b505;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 03:29:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dCvz-xI53uQCPt1LUwMuTUUlgbbl4xqV-bhW9HO0F-EHU_3Vqw7XYw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 08:58:14 GMT
age: 58282
etag: "94446097c59ae77bc9e417928d54aaa38a13c337"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F237d473d-09af-427f-905d-b2ea81c4ff36.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F237d473d-09af-427f-905d-b2ea81c4ff36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 895ae57df1a92851dc865b19bfe38626
7cf8089655257b54481202e64e5ce614f7aa96b9
1d1729f550c9f7618801ad0e41058d1580cc0aa212ee89889cb2dc820998ea62
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F237d473d-09af-427f-905d-b2ea81c4ff36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12274
x-amzn-requestid: c67ab8b8-3b1b-4507-88e7-ac791295b930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlovjHsZIAMF3NQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a554c9-43f65b974c585f861ca94d15;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rru1mv6KVNSOyXt3oKF0XQnb-irylMld_dB0Iy03cGygWU0fqr5R-g==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 21:39:32 GMT
age: 12604
etag: "7cf8089655257b54481202e64e5ce614f7aa96b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d780f4b4a5928afafeea1348a117ab7
f0623d0355e6b57a5b9bed048b93e1b6b102dfe9
ad6dd8216b30147c99abfff2d1672d731ff940b2fb1da015d3fd5b0b96d11d0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90be501d-93e5-40ba-98d6-b790fc50966b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10502
x-amzn-requestid: 0a596e68-f3f0-498c-814b-a3d817e86da8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlFRJEewIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51c07-46950460413c17dc5bfdac51;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:09:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OccraMmAu-U7fzNDN-fx9R2mPLt4ZuhvHU_VRYGE4A9i7TBCI67cYQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 03:36:35 GMT
age: 77581
etag: "f0623d0355e6b57a5b9bed048b93e1b6b102dfe9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 060f377fc7bb087a495ce5bb536d246f
64d4ff943882dd8f80e860505218e321d2951465
36566e692827354e1d91c9223e3c3ddc78de454b7a2ba3a4240f93869bc021ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F534406aa-3cfc-4a91-b7aa-f80f72f66437.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10071
x-amzn-requestid: c32aaf36-e6d2-4dbc-8bb6-91aaa85657b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJ4rHjPoAMFxFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebd04-3ee9cc203213ff6d2963696a;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:11:00 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xdL7TgKIkDaxdkkLKSILVUiiNYWxNjHMhaFY5zo6qTRVl0LZpLCgVw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 da4fa914888b330b3e8a08632b8e41be.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 02:15:40 GMT
age: 82436
etag: "64d4ff943882dd8f80e860505218e321d2951465"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6d13f6c1d756476b4d249a5adf8a7c6
cfefff041364cdfe8ebc88d42204f42a782758ec
6046387c2117ee84c8b4323efcdb5efd8356b7f56493ec729d3dc6e105214cd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdf5688c-654b-47a0-9c5f-8352f65e5715.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15283
x-amzn-requestid: 06d729e0-735e-4b7f-8315-31288bae004c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlnB-HZQIAMFRhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a5520c-73879f297d98c86e3e41984c;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 07:00:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QWZcUCtzfW8l3tSLeTU2FoYT30U24ehbs0VD2rcyUbZW5NO2wo3K0Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 07:24:17 GMT
age: 63919
etag: "cfefff041364cdfe8ebc88d42204f42a782758ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nx2PzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmbtbz86wY80LHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXiFljJhYAgiJdDYp3zASJdod8BYZLSg7lNGNv3kspiJi7ZzTsHqM1rBAW7LQk93R5yeWFHVHTRuY-O4qYmnE-GvD6fXD_HFp6N9g_VHggU2Zruw8Y03efqYn-1N3MqzwDxXxA-Oruc-AxveYye6PUoRjJ9QT4ZiNKHq7ASpkLzw4rKiXEhfdygu_FDpAiX5cNoOEF2AGV3-Qfr5ek0ZmDZ8AehLA0JUBAasmL-sSxwj13xMubA-h6UUXN8vts4OW--XCDOPwi1OVGFTteajVQHXYiS4kYDVbYW1OE2lfB9bk0H2mg3Ck53MhNReYq8npg8lv01m5YXqmTzuSCbxBETXABXuCP7HePYIZWc0h1BCjnemHTFSCknMQsVZnYMDqVV_AmQeZNXCT4vmvc-7395Z4f5gmck_3FZ8KBMP8e1kV3nEICYO5uP9Hh5K10ACi_JFYLelzlhdPKc8ubyB4Egju2X-r1YsEAcsV8ixM7JLdz_Iz9k8HncZku9iyxP0M0hJWYM0H8yNlsEaaNH6Sd-_kx9Lp551AKBVkyGrbaaUzwXqEHsPtwi7YP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCUxN2LCQO8kYCtjYTj2awIYvwjg9mpKjXXpGGLtrKAA5_yqSHKyk6OBwoY2wwx05XgY64PFK9k0aZHWGMQciDxH9CFTf0UAieZMdlAg3wgFpaDEoQxbexcwnHrtMfE7V7qB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniv9XSxU3d9-FqhkU9ipFAQayrkZT5706hgdsAL4XwvVO5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aAWiaETa6gBQD2PGHlVjGfW8xWoddNyIhscPUAn6_mYpOfA7F2LD7xZpai5EQsiewDEsIaFmtSZppPazBTZm97QQs4zoE9Vgg0dRWAT5y5pgMzOeNwHfS3kiAyWBGPGlwO14ABKgxle9q1US5aoqlsnRRV4fognQnDmMMKiT1gysoStBFy6hW_1KYBuY1kwETunq3YN_0ZLzPyIHnumzzbls7W9H-fy0_uaHrLZE3F_n
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nx2PzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmbtbz86wY80LHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXiFljJhYAgiJdDYp3zASJdod8BYZLSg7lNGNv3kspiJi7ZzTsHqM1rBAW7LQk93R5yeWFHVHTRuY-O4qYmnE-GvD6fXD_HFp6N9g_VHggU2Zruw8Y03efqYn-1N3MqzwDxXxA-Oruc-AxveYye6PUoRjJ9QT4ZiNKHq7ASpkLzw4rKiXEhfdygu_FDpAiX5cNoOEF2AGV3-Qfr5ek0ZmDZ8AehLA0JUBAasmL-sSxwj13xMubA-h6UUXN8vts4OW--XCDOPwi1OVGFTteajVQHXYiS4kYDVbYW1OE2lfB9bk0H2mg3Ck53MhNReYq8npg8lv01m5YXqmTzuSCbxBETXABXuCP7HePYIZWc0h1BCjnemHTFSCknMQsVZnYMDqVV_AmQeZNXCT4vmvc-7395Z4f5gmck_3FZ8KBMP8e1kV3nEICYO5uP9Hh5K10ACi_JFYLelzlhdPKc8ubyB4Egju2X-r1YsEAcsV8ixM7JLdz_Iz9k8HncZku9iyxP0M0hJWYM0H8yNlsEaaNH6Sd-_kx9Lp551AKBVkyGrbaaUzwXqEHsPtwi7YP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCUxN2LCQO8kYCtjYTj2awIYvwjg9mpKjXXpGGLtrKAA5_yqSHKyk6OBwoY2wwx05XgY64PFK9k0aZHWGMQciDxH9CFTf0UAieZMdlAg3wgFpaDEoQxbexcwnHrtMfE7V7qB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniv9XSxU3d9-FqhkU9ipFAQayrkZT5706hgdsAL4XwvVO5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aAWiaETa6gBQD2PGHlVjGfW8xWoddNyIhscPUAn6_mYpOfA7F2LD7xZpai5EQsiewDEsIaFmtSZppPazBTZm97QQs4zoE9Vgg0dRWAT5y5pgMzOeNwHfS3kiAyWBGPGlwO14ABKgxle9q1US5aoqlsnRRV4fognQnDmMMKiT1gysoStBFy6hW_1KYBuY1kwETunq3YN_0ZLzPyIHnumzzbls7W9H-fy0_uaHrLZE3F_n
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nx2PzN2c9f2E7_vAN-6p8GpmDZG8TCuTZ6pDoEwlyap2kCgkrfFs9ISF3Ys-xo4FSmbtbz86wY80LHWVUL2gXgUyatsBFMaSTc1RQ5RxkQPBqyyTn3ctXNy_KjrzBLgOCzdi2TCO0dzmXiFljJhYAgiJdDYp3zASJdod8BYZLSg7lNGNv3kspiJi7ZzTsHqM1rBAW7LQk93R5yeWFHVHTRuY-O4qYmnE-GvD6fXD_HFp6N9g_VHggU2Zruw8Y03efqYn-1N3MqzwDxXxA-Oruc-AxveYye6PUoRjJ9QT4ZiNKHq7ASpkLzw4rKiXEhfdygu_FDpAiX5cNoOEF2AGV3-Qfr5ek0ZmDZ8AehLA0JUBAasmL-sSxwj13xMubA-h6UUXN8vts4OW--XCDOPwi1OVGFTteajVQHXYiS4kYDVbYW1OE2lfB9bk0H2mg3Ck53MhNReYq8npg8lv01m5YXqmTzuSCbxBETXABXuCP7HePYIZWc0h1BCjnemHTFSCknMQsVZnYMDqVV_AmQeZNXCT4vmvc-7395Z4f5gmck_3FZ8KBMP8e1kV3nEICYO5uP9Hh5K10ACi_JFYLelzlhdPKc8ubyB4Egju2X-r1YsEAcsV8ixM7JLdz_Iz9k8HncZku9iyxP0M0hJWYM0H8yNlsEaaNH6Sd-_kx9Lp551AKBVkyGrbaaUzwXqEHsPtwi7YP_pyjsuQ6QVyPVGBDxxrG6wWOQkvIgnLqTgMVcXjCUxN2LCQO8kYCtjYTj2awIYvwjg9mpKjXXpGGLtrKAA5_yqSHKyk6OBwoY2wwx05XgY64PFK9k0aZHWGMQciDxH9CFTf0UAieZMdlAg3wgFpaDEoQxbexcwnHrtMfE7V7qB6NUit6FEYLRbLirBn0pRRqtuLepC4v0N51OmuzI5M4LO0W6QPpvRLotEzuvHdd83JEZJQRRniv9XSxU3d9-FqhkU9ipFAQayrkZT5706hgdsAL4XwvVO5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aAWiaETa6gBQD2PGHlVjGfW8xWoddNyIhscPUAn6_mYpOfA7F2LD7xZpai5EQsiewDEsIaFmtSZppPazBTZm97QQs4zoE9Vgg0dRWAT5y5pgMzOeNwHfS3kiAyWBGPGlwO14ABKgxle9q1US5aoqlsnRRV4fognQnDmMMKiT1gysoStBFy6hW_1KYBuY1kwETunq3YN_0ZLzPyIHnumzzbls7W9H-fy0_uaHrLZE3F_n HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82593445701; loi=ad_490233_off_142374_aff_3322_cid_274639-579167938-FILMAIJUMS.NET_ts_1671930448
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 25 Dec 2022 01:09:36 GMT
content-length: 0
set-cookie: rhid=82593445701; Max-Age=15552000; Expires=Fri, 23-Jun-2023 01:09:36 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKErQRcuoVv9SmAbmNZMBE6wn03uCMUnWYCjZuR1GPxlYmGaN95fhoJ8lfS_0xnUKOWO-_a2-ZUTh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNpO59tz-WSCCFEQvf2jKEYakLkhP7zYLcevaI8tzj08RwLMlaK_bUGEURC9_aMoRhuUpDZB1ExITCpDnQZyEZt89yZrhH3-Sbo2JqJN1DPk7vIJHDB-4duOOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTO3w7UryuuaRxSZrQqf3xBG1p2h3hBQbnXQPnuWlBambEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS-h785SbtCe0-Ka4-Ttz5Svw2ANG5lPW9dzfVCPkj8jZRJJ5RIdxA4s0GEbIfqCrNutvNzu-Qs20NOZxGGELgnw&si=1&oref=e6d3ec007ea0b378d585752f82a707a6&optunit=eu_NO5KiLJnPE-v54WHedg&rb=2Vb288azLYM&rr=1&abtg=0
X-Firefox-Spdy: h2
p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKErQRcuoVv9SmAbmNZMBE6wn03uCMUnWYCjZuR1GPxlYmGaN95fhoJ8lfS_0xnUKOWO-_a2-ZUTh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNpO59tz-WSCCFEQvf2jKEYakLkhP7zYLcevaI8tzj08RwLMlaK_bUGEURC9_aMoRhuUpDZB1ExITCpDnQZyEZt89yZrhH3-Sbo2JqJN1DPk7vIJHDB-4duOOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTO3w7UryuuaRxSZrQqf3xBG1p2h3hBQbnXQPnuWlBambEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS-h785SbtCe0-Ka4-Ttz5Svw2ANG5lPW9dzfVCPkj8jZRJJ5RIdxA4s0GEbIfqCrNutvNzu-Qs20NOZxGGELgnw&si=1&oref=e6d3ec007ea0b378d585752f82a707a6&optunit=eu_NO5KiLJnPE-v54WHedg&rb=2Vb288azLYM&rr=1&abtg=0
52.116.53.155302 Found 0 B URL HTTP/2 p274639.mybettermb.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKErQRcuoVv9SmAbmNZMBE6wn03uCMUnWYCjZuR1GPxlYmGaN95fhoJ8lfS_0xnUKOWO-_a2-ZUTh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNpO59tz-WSCCFEQvf2jKEYakLkhP7zYLcevaI8tzj08RwLMlaK_bUGEURC9_aMoRhuUpDZB1ExITCpDnQZyEZt89yZrhH3-Sbo2JqJN1DPk7vIJHDB-4duOOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTO3w7UryuuaRxSZrQqf3xBG1p2h3hBQbnXQPnuWlBambEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS-h785SbtCe0-Ka4-Ttz5Svw2ANG5lPW9dzfVCPkj8jZRJJ5RIdxA4s0GEbIfqCrNutvNzu-Qs20NOZxGGELgnw&si=1&oref=e6d3ec007ea0b378d585752f82a707a6&optunit=eu_NO5KiLJnPE-v54WHedg&rb=2Vb288azLYM&rr=1&abtg=0
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDKErQRcuoVv9SmAbmNZMBE6wn03uCMUnWYCjZuR1GPxlYmGaN95fhoJ8lfS_0xnUKOWO-_a2-ZUTh_XxP0KkeoJPYv00XJVcXnlDjvP4JXWiXaThdUnMclfyYWAdJYTdNpO59tz-WSCCFEQvf2jKEYakLkhP7zYLcevaI8tzj08RwLMlaK_bUGEURC9_aMoRhuUpDZB1ExITCpDnQZyEZt89yZrhH3-Sbo2JqJN1DPk7vIJHDB-4duOOF0SokHo2PZeYO9hdbD2Gn6oVmfmCmc-q0T2xsmJwnBfZ8RtWPEH2SnZADPOdLz_p-OGBQW3exAhKJncPyYXssKbYd4jRL3fz-AbClJeve1IAxxj8fbHTO3w7UryuuaRxSZrQqf3xBG1p2h3hBQbnXQPnuWlBambEt92mMgVgww&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS-h785SbtCe0-Ka4-Ttz5Svw2ANG5lPW9dzfVCPkj8jZRJJ5RIdxA4s0GEbIfqCrNutvNzu-Qs20NOZxGGELgnw&si=1&oref=e6d3ec007ea0b378d585752f82a707a6&optunit=eu_NO5KiLJnPE-v54WHedg&rb=2Vb288azLYM&rr=1&abtg=0 HTTP/1.1
Host: p274639.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82593445701; loi=ad_490233_off_142374_aff_3322_cid_274639-579167938-FILMAIJUMS.NET_ts_1671930448
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 25 Dec 2022 01:09:36 GMT
content-length: 0
set-cookie: rhid=82593445701; Max-Age=15552000; Expires=Fri, 23-Jun-2023 01:09:36 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-579167938-FILMAIJUMS.NET_ts_1671930576; Max-Age=3600; Expires=Sun, 25-Dec-2022 02:09:36 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16234941a3c5fc4d83bed82b46aa3778
336bebc2879dcffdd1c0343732c5559997823c92
63cce7f2da4d1dc7824ab1b380ca1c68196aaf46be8359314d86a1095a54a31f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63CCE7F2DA4D1DC7824AB1B380CA1C68196AAF46BE8359314D86A1095A54A31F"
Last-Modified: Sun, 25 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19700
Expires: Sun, 25 Dec 2022 06:37:56 GMT
Date: Sun, 25 Dec 2022 01:09:36 GMT
Connection: keep-alive
myfood.ltd/?v=20171031&s1=0
151.139.128.10200 OK 2.9 kB URL HTTP/2 myfood.ltd/?v=20171031&s1=0
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6859), with no line terminators
Hash 029ccb01ef612a9e6748494c60d24b69
d385f7671725be11701998c27571e94b1950f991
7ac429dc45b509b1bed9bdcdc5610868d510d979ce3cc06d48870511bf0425f5
GET /?v=20171031&s1=0 HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 2896
content-type: text/html
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb731-1ad4"
x-sp-metadata: HS256.CODhnp0GEocBCiQyMTJlYTJlOC0xNzM0LTRkNTktYTRkMy1hYjQ4YmEwNjEyZjYQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkMjlkMGExNGEtODg3NS00OTdhLTljN2QtYTRjZTQyYWY3MmExGNAWIhgIAhIUY2RzMjM2LnNrMS5od2Nkbi5uZXQ=.J2k8B5Dx3h4eg1aQdfKhwT7wVCpJp0YpgAjxiEf2L8s=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds236.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/main/css/style.css
151.139.128.10200 OK 19 kB URL HTTP/2 myfood.ltd/main/css/style.css
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (65134), with no line terminators
Hash a95a0c8bd1273406b8c8053fb3527d56
2a461dcfa2c4bf1d22727bfd7c3c2abc85d44343
55b46146d32f4ee365d4ca91d8b3b1c504a062b15bbc1ed60a22ac2d05be1db5
GET /main/css/style.css HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 18933
content-type: text/css
last-modified: Mon, 01 Mar 2021 09:43:15 GMT
accept-ranges: bytes
server: nginx
etag: W/"603cb733-1b1ac"
x-sp-metadata: HS256.CODhnp0GEocBCiQ0M2VlYTU4MC1lMGY2LTRkOGEtYjQyYy0xMmEyYTQwMGVlMjYQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkMDUwN2Q4MmEtZGFkNC00ZTVkLWExODItMTBhNmJlNjkyZWRjGPWTASIYCAISFGNkczI2MS5zazEuaHdjZG4ubmV0.zbJVLXbn0GNQWjI1KGrZXM1/sFemc1BFW45Hklku36s=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds261.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_1.jpg
151.139.128.10200 OK 74 kB URL HTTP/2 myfood.ltd/images/Superfood_1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x420, components 3\012- data
Hash c2c3ec0e55e648c2a85d4499714a9c11
073f2990a52da59a7d3b73583b30be3c2cf45523
b66cf7365382753dc6340bfa2fba89c368ca3b930a0833d8f64c4c34525fc2ec
GET /images/Superfood_1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-length: 74204
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-121dc"
x-sp-metadata: HS256.CODhnp0GEocBCiQ5ZjMzNDkyMy02NzAwLTRjNjgtYjQ0Zi02MzJkYWUyMzkwZTEQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkYTQ0MTY0MTMtMTAwYS00YzBmLWEzOTYtNmY1NWRhNzU3NGViGNzDBCIYCAISFGNkczI0Ny5zazEuaHdjZG4ubmV0.qrtSaR6lfA+YpWVFiubYpD2WQaRCMh7VFlJoAq15y1A=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds247.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/Superfood_2.jpg
151.139.128.10200 OK 52 kB URL HTTP/2 myfood.ltd/images/Superfood_2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, copyright=Bigstock], progressive, precision 8, 800x341, components 3\012- data
Hash b87af7248a82f58fe2ea5d0c7b030886
1d5a5b9752d7978c68b0d4a1689b3d8e6d322f0a
14da8c39c357dad0441b26d575c0000a9529c76d785680306a3cf51abe4cae81
GET /images/Superfood_2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-length: 51830
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:13 GMT
accept-ranges: bytes
server: nginx
etag: "603cb731-ca76"
x-sp-metadata: HS256.CODhnp0GEocBCiRhOTEyZDE0YS1mM2Y4LTQ0OTAtYTcyOS0xYmNhMzFmZTRiMzcQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkMjM0MmZjOTYtYmQ5Mi00YTJhLWFiM2QtMDQyMDEwNzA0MTFkGPaUAyIYCAISFGNkczIyMC5zazEuaHdjZG4ubmV0.st39BUUDO/fIF733lNG6xDiEUIT3ZJVNPGq5sBiccug=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds220.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-1.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-1.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash 62d0b6a649ac10e72bcb6ea3bbf57564
3e333889b0b66bfc6a32499f4c55878e2102b463
58dddc0a77632d920d096da6c6e2587c5859a4b4dd7af6dcd6eb8009ebc23ba6
GET /images/avatar-1.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-length: 11304
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-2c28"
x-sp-metadata: HS256.CODhnp0GEocBCiRmYmQ4ZTNjZS02MGE0LTQzYWQtOTE1ZS1jODc2OTQ2YTZkMjYQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkZDQwOTU2OGMtZWEwZC00YTY2LWEwODMtZjE2OWQ4MTRlYzA4GKhYIhgIAhIUY2RzMjE4LnNrMS5od2Nkbi5uZXQ=.LitZpZmx646qPbKpyzhZQw61p0ZCZZ4OutAxem+NsDY=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds218.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/images/avatar-2.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 myfood.ltd/images/avatar-2.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=128, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=128], progressive, precision 8, 128x128, components 3\012- data
Hash dd3881ed1b5b03b1d571edf89e12c466
61ca68c1c2d2ae7d286dfc0540f4ca8b357fdf3d
97b65e41dd547b310e1e860d2ae4717dba1d97bd36c0cd06c35749caa515e207
GET /images/avatar-2.jpg HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-length: 10665
content-type: image/jpeg
last-modified: Mon, 01 Mar 2021 09:43:12 GMT
accept-ranges: bytes
server: nginx
etag: "603cb730-29a9"
x-sp-metadata: HS256.CODhnp0GEocBCiQzNDI2YWIzMi1mOGMxLTQ3MDktYjIxNi02Yjg3ODAwZTk5MzAQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkM2I0NGUyNDktYmIyNy00N2FlLTgwYmUtN2IyZWE4MjUyY2IzGKlTIhgIAhIUY2RzMjAyLnNrMS5od2Nkbi5uZXQ=.4L5FXM8b2y+gn0iRHMUIdYISktlxAC/sVChyxcsVMdc=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds202.sk1.c
X-Firefox-Spdy: h2
myfood.ltd/main/js/main.js
151.139.128.10200 OK 39 kB URL HTTP/2 myfood.ltd/main/js/main.js
IP 151.139.128.10:0
File type Unicode text, UTF-8 text, with very long lines (60220)
Hash 181e3fa3b1de97ff4efd259bc2a2c8c7
52edf1dc36109cb57bea12689a48442e27f06ad1
ffa8984bea3bf0c0a0cb282e9a5a98b3435e63fb6a26dfe0351979fa9f827c40
GET /main/js/main.js HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-encoding: gzip
content-length: 38656
content-type: application/javascript
last-modified: Mon, 01 Mar 2021 09:43:14 GMT
accept-ranges: bytes
server: nginx
etag: "603cb732-1d57b"
x-sp-metadata: HS256.CODhnp0GEocBCiRmMDRmNzAzMy1lMGFlLTQyNTgtOGIyMi0yYTIwY2VkYTcyN2QQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkYTA3ZmQwZWUtYjQ1MC00YThkLTgyMjgtMWEzMDdkN2M1ZmY1GICuAiIYCAISFGNkczIyOC5zazEuaHdjZG4ubmV0.M69nJLpUeyUUnExBtLROYa9s8ZpuS0a9AiR/iRi+Nbc=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds228.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 9527d889a5b94c28b4dcd8809ffba513
b2ee81348df6ebc3f72fcd64b7767df0a1903fb5
9d3cfbc6c96f2da85420d44bdd58f8e860487d3cbf1ffda4d21477b566f23059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Dec 2022 01:09:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
myfood.ltd/favicon.ico
151.139.128.10200 OK 1.2 kB IP 151.139.128.10:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash b671b0407b8abf4ffb9946ee1596d992
79a116ffd13f1888451abd3cb8751cb2140f2fa4
1515616a51664df153b03397585ee45469cb936100992f870419514b17820649
GET /favicon.ico HTTP/1.1
Host: myfood.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myfood.ltd/?v=20171031&s1=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Dec 2022 01:09:36 GMT
cache-control: max-age=30
content-length: 1150
content-type: image/x-icon
last-modified: Wed, 28 Mar 2018 14:00:16 GMT
accept-ranges: bytes
server: nginx
etag: "5abb9ff0-47e"
x-sp-metadata: HS256.CODhnp0GEocBCiQzZTIyNmYzMC01OTgzLTRhOTQtYWY5OS0zNTUyYzFlMWNhNmQQwIKqy8GT/AIaBgjQxZ6dBiIMOTEuOTAuNDIuMTU0KO7uAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkZDFlMzVjODktZTJmNy00M2VmLWJkY2ItYmM2YjE1ZmUxZGQ0GP4IIhgIAhIUY2RzMjQwLnNrMS5od2Nkbi5uZXQ=.auBKop5yVOLjQZReXO8tzcx9bzgiwKv0QwsUwAACOgo=
x-hw: 1671930576.cds256.sk1.hn,1671930576.cds240.sk1.c
X-Firefox-Spdy: h2