r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2b424d8c01b211c56d5b44b92e4e4153
b1fdab18f23271eee58ae1482f8af25badc2ffda
1c82a5fd2bc3f16a66becb5e1924e8c9edd39386622dc2e5ed296442f4307b2b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C82A5FD2BC3F16A66BECB5E1924E8C9EDD39386622DC2E5ED296442F4307B2B"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5233
Expires: Sun, 16 Oct 2022 02:58:14 GMT
Date: Sun, 16 Oct 2022 01:31:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 16 Oct 2022 00:50:20 GMT
Expires: Sun, 16 Oct 2022 01:16:41 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nE-aN3onQVMJCLZT_OCNOG9hfIjMa-ZILgFRSCIwmBiMro5eS3FgYg==
Age: 2441
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18720
Expires: Sun, 16 Oct 2022 06:43:01 GMT
Date: Sun, 16 Oct 2022 01:31:01 GMT
Connection: keep-alive
wallpaper.a5zhukao.com/wallpaper/increment_views/19390
74.206.228.78302 Moved Temporarily 145 B URL HTTP/1.1 wallpaper.a5zhukao.com/wallpaper/increment_views/19390
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bfe2c1d1b36c62666ce9ba537d324bd4
4d52a7c6d2909a506a4e81559eb24e8af077c741
5216ad883da8fe250db6892c9abca11bae07572d49a4c48a3c42276ffe6a9fb8
Analyzer Verdict Alert fortinet Malware
GET /wallpaper/increment_views/19390 HTTP/1.1
Host: wallpaper.a5zhukao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Sun, 16 Oct 2022 01:31:01 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://wallpaper.a5zhukao.com/
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lr2rbrbONJK5wlOS8LyPFUvN5Ton3oFDW+tbq94/5BdoT/QxTa8AvB8fVChza433RXNsHysRwqI=
x-amz-request-id: 5P6VNK89R90ZEMEQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 16 Oct 2022 01:02:48 GMT
age: 1693
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 01:31:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
wallpaper.a5zhukao.com/
74.206.228.78200 OK 248 B IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 115d7883ae6f01996c135ee06d12a23b
720aeaef053bcf570377181190db4f1234b8d8fd
fc5be43fc8cca82df639dd63500424191808379d1ddcb28d057ebfdb9a97ff17
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: wallpaper.a5zhukao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sun, 16 Oct 2022 01:31:01 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 16 Oct 2022 01:07:43 GMT
Expires: Sun, 16 Oct 2022 02:04:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5JT7FEaUoY1haBG0r_Ws7zpXwsbFEQ--1xdqwiiSm5vW9Ke6ksWzuA==
Age: 1398
wallpaper.a5zhukao.com/favicon.ico
74.206.228.78404 Not Found 114 B URL HTTP/1.1 wallpaper.a5zhukao.com/favicon.ico
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 021ffd3b4e081732edb9f2fa096e8ef2
4b0c71d74bf395719f8f91e4903609e37b513046
71dc6b3c545761e64c88967c0f8005939255df258bf60e122b238095d0c9659c
GET /favicon.ico HTTP/1.1
Host: wallpaper.a5zhukao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wallpaper.a5zhukao.com/
HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Sun, 16 Oct 2022 01:31:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5438
Cache-Control: max-age=115591
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 01:31:02 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 09:37:33 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
a5zhukao.com/
173.239.8.164200 OK 181 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0596ea80280cbd6acaa581b9a0e4372b
5bbbfaccf51398737f916e714efdd72cf341b5aa
1bda89b6abeeb94359693ee2d3c0e6f9ffd80e1494e11a0f5408087ebf84e4ba
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: a5zhukao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://wallpaper.a5zhukao.com
Connection: keep-alive
Referer: http://wallpaper.a5zhukao.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 16 Oct 2022 01:31:02 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MSwidHMiOjE2NjU4ODM4NjIsImhhc2giOiJhOWIwZDU1YSJ9;Expires=Sun, 16-Oct-2022 02:31:02 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
push.services.mozilla.com/
34.210.158.59101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.158.59:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1BNfA2+ZbvEtqEYkFGY2zQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zFVQ4Hzl4F8nC1hOkVUa7MZeIQY=
a5zhukao.com/favicon.ico
173.239.8.164404 Not Found 114 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: a5zhukao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://a5zhukao.com/
Connection: keep-alive
Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MSwidHMiOjE2NjU4ODM4NjIsImhhc2giOiJhOWIwZDU1YSJ9
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Sun, 16 Oct 2022 01:31:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
q2.quotes.com/31ce7ec6-4cf2-11ed-895c-e809a128bbf6
23.19.76.168200 OK 170 B URL HTTP/1.1 q2.quotes.com/31ce7ec6-4cf2-11ed-895c-e809a128bbf6
IP 23.19.76.168:0
ASN #395954 LEASEWEB-USA-LAX-11
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 49d4bc29a17c5540a97e892696bc77f6
1fbcddb453e8759be07de2b306ee18591f3dc5ef
0a0b2ed41ca0d2fe82fe7a673f9d9a08c53893013b36c4b7149915f598fe6b86
GET /31ce7ec6-4cf2-11ed-895c-e809a128bbf6 HTTP/1.1
Host: q2.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://a5zhukao.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Sun, 16 Oct 2022 01:31:01 GMT
server: nginx
q2.quotes.com/31ce7ec6-4cf2-11ed-895c-e809a128bbf6?hr=1
23.19.76.168302 Found 11 B URL HTTP/1.1 q2.quotes.com/31ce7ec6-4cf2-11ed-895c-e809a128bbf6?hr=1
IP 23.19.76.168:0
ASN #395954 LEASEWEB-USA-LAX-11
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /31ce7ec6-4cf2-11ed-895c-e809a128bbf6?hr=1 HTTP/1.1
Host: q2.quotes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 16 Oct 2022 01:31:02 GMT
location: http://btpnative.com/click?data=YWl6UjI4ekpfa1dXWHZjRDJaSzNZV2d6U2hUUUFIQUJOUVNZendtdWxCd3JXeXlwMTA5cGV4eGVUZHo0Q3F3aFVFeVhyRjZIVnNHY2hnVkRBVnRGUUVSekpSSUlfdldkeTBWd0FSYzJpUHI4VXlBZmhTRkZlM1Q4LWxkNlN3ZUc3LXJSeTBnc2ZyLTVjSEk2aUFSUHVnMg2&id=9ec179fc-e4d1-4337-a993-d807886a0c83
server: nginx
btpnative.com/click?data=YWl6UjI4ekpfa1dXWHZjRDJaSzNZV2d6U2hUUUFIQUJOUVNZendtdWxCd3JXeXlwMTA5cGV4eGVUZHo0Q3F3aFVFeVhyRjZIVnNHY2hnVkRBVnRGUUVSekpSSUlfdldkeTBWd0FSYzJpUHI4VXlBZmhTRkZlM1Q4LWxkNlN3ZUc3LXJSeTBnc2ZyLTVjSEk2aUFSUHVnMg2&id=9ec179fc-e4d1-4337-a993-d807886a0c83
209.15.13.136200 OK 2.2 kB URL HTTP/1.1 btpnative.com/click?data=YWl6UjI4ekpfa1dXWHZjRDJaSzNZV2d6U2hUUUFIQUJOUVNZendtdWxCd3JXeXlwMTA5cGV4eGVUZHo0Q3F3aFVFeVhyRjZIVnNHY2hnVkRBVnRGUUVSekpSSUlfdldkeTBWd0FSYzJpUHI4VXlBZmhTRkZlM1Q4LWxkNlN3ZUc3LXJSeTBnc2ZyLTVjSEk2aUFSUHVnMg2&id=9ec179fc-e4d1-4337-a993-d807886a0c83
IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash ba9b7caabffd9e43037c782ea22f282f
3f6bd1634eddaa40068efb173818f8cb2d3c7092
5558439505df0f5ade1e245d32319e6a8f0ccab1bee88f0a0edb3c2e51908ffe
GET /click?data=YWl6UjI4ekpfa1dXWHZjRDJaSzNZV2d6U2hUUUFIQUJOUVNZendtdWxCd3JXeXlwMTA5cGV4eGVUZHo0Q3F3aFVFeVhyRjZIVnNHY2hnVkRBVnRGUUVSekpSSUlfdldkeTBWd0FSYzJpUHI4VXlBZmhTRkZlM1Q4LWxkNlN3ZUc3LXJSeTBnc2ZyLTVjSEk2aUFSUHVnMg2&id=9ec179fc-e4d1-4337-a993-d807886a0c83 HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: gKjktmFqsrJwBEd=gKjktmFqsrJwBEd; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 16 Oct 2022 01:31:03 GMT
Content-Length: 2182
btpnative.com/Redirect/
209.15.13.136302 Found 1.9 kB IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1801), with CRLF line terminators
Hash a9c99997706eeace9f7e9a1ee1d93784
d0617b7baf5fccca1ee7af4fb38944b0cd5d318e
72193702a2c2132b97505fcfd2ff3aba0682b3c403b2376f4717f884ccaa8e09
POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=YWl6UjI4ekpfa1dXWHZjRDJaSzNZV2d6U2hUUUFIQUJOUVNZendtdWxCd3JXeXlwMTA5cGV4eGVUZHo0Q3F3aFVFeVhyRjZIVnNHY2hnVkRBVnRGUUVSekpSSUlfdldkeTBWd0FSYzJpUHI4VXlBZmhTRkZlM1Q4LWxkNlN3ZUc3LXJSeTBnc2ZyLTVjSEk2aUFSUHVnMg2&id=9ec179fc-e4d1-4337-a993-d807886a0c83
Cookie: gKjktmFqsrJwBEd=gKjktmFqsrJwBEd
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lWMsiKRANMk2AZ64o-JmCYkDm2e6ndKFovD2R0JbB9Iv1iLFd3h9zFdBbFIbAfpyJLcmnRvo_TTX33SFt45BoFZmtPojMJtdG2cgl7TmpI-61WFcO7dbSh-vTeldx1qkO9ESKDhi8gxWJCyyDq165kFdqtf4-isyqBzJixV0eEwtdOyX9BAZWcM7x-S6GKSRkA_z17TOA8_lyxsKVTDHY0IX4_VKsbWmiq3pFRoRLcSpQ0BBv5VkVMeAWCvNcWAzl5skuEt1SyCQMWWpmhrN9aSjn4iTZdrwpNECcOoeQkVnEXYxAToDNrh_oFAVVJDosTDqJ8LZa0NtOG5cjwdNLxqhdLq_Oywo9YTx-MmZRQImZ1AaqHcf3mal25YHGDVWp9Bj17n3sG2cpWz1QXny7YWCT8ndoT3dq7WB6yGrnHLiN7gWNUs8uybTttXbVACG1tLzkmekGBQCJUg1DLL6WynBN47bx9omHSCXDNdj7pGV43D7W3EInOMrh7YsShD5KpOz9yZlfydiDVCHzxpk_u93NCBxwc-gKWUv4LA6oOOiXgEVJXfktpVbKWgd_ki5Esos2DVgpgqXz-b8HnrZpYk5oV9QIep9K0duREN-0Af6PnmJ8etuo_Q9rLnKUjPDJNRTi83x83140vQN3ECVMRT8ZRZC-3vG6XCJfwnN1ufxemmeeF79KbbjNYmKTECy8g5cpGPGZ0Ep1TKAsEbe7gUVjMMTDAYgwk9d4cYI0JnlcFe1WYpZdaCRC3_QcBGLZC52eU2_9PAVK__vqBnTHiJ-kIMxiGhqlteZ8dgO7kqBC9HYxeMyAfMS2TDxcIUxcB24f5TAFclZh-Wjuru_x_pf069cGuYd0HFnDQUfF-yPJ4X0zAEhxg5PNVKbna__Ml15KXkbVKOFp7lQFFnqk42TrIVg8RtLJ9bP-kjf_QbeJknuhSjKuV-ZalDvZtzi3cfHjsOGFnXjqo-d9Baih1DWJKdobf0trqJWRKVHwpUoASf10ihCbo89V5ioOooUHhaTGrLV_mBWGzu6VpZcBnVRmV8YJoUdyDc_kFNLUHsYJ2eqyiBiNjTH8ez4I0SiWOjsUfqMK_8904OJHgcaqExfIb3rLfDWc3_b_Gpk1DjqcwuIa5K5WqFBHYX6-hTZA99w0ugrKUlfR5pB4UltLANpb_vUK1ucLQ5_sSFyy0lLVxe4j04gTKBixNhV-gd28vTuY9-ZkjfmsS3wM3BlY-b9FGm9BAjf02PzHTGqXpsxAXRRvdCeDgxcRvs12WRBtVd0FFIwNy6mR5pB4UltLAOO6H1NCxtoHUHJGQwW3XzEe-D6rVyesox2m7bbWF_ij_tkgeX_MFxg2cXWIgVA99st29acLDvw5i1YbpShQmzFEtLrZWBjpXGZ9LN7o_Nu0nW_Wic5C24wWjqAn3EI1YiQ7QQTqPD6evNsBTmehIsTUuJey8q33ZYjZt6uxry2NwXB9BXVuRTe8dJ5SZeVZLnTxMXSdzHBietCmL7UR-B_fhnTn2T2FXzYgG7afTXkyA
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 16 Oct 2022 01:31:03 GMT
Content-Length: 1873
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sun, 16 Oct 2022 02:10:03 GMT
Date: Sun, 16 Oct 2022 01:31:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sun, 16 Oct 2022 02:10:03 GMT
Date: Sun, 16 Oct 2022 01:31:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sun, 16 Oct 2022 02:10:03 GMT
Date: Sun, 16 Oct 2022 01:31:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sun, 16 Oct 2022 02:10:03 GMT
Date: Sun, 16 Oct 2022 01:31:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Sun, 16 Oct 2022 02:10:03 GMT
Date: Sun, 16 Oct 2022 01:31:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0dee97568c5306e8334fcc9dce195ccb
194a7c40cdfae31844fa711d53142ea98f007a92
bf4e94f2062baf118da68b2fe3f5f38e20f21fe85900cdc69509119e757707c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c75eb52-0ce4-4b74-92b3-a3670b609024.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8579
x-amzn-requestid: c473888c-7989-4b4d-a5e7-f5f3149e145c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5NEfdoAMFaWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a1-4a1d1eb16fc64022768f622d;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: icdYFhmC1BY6tDrbYts7bOdjWH55Fkl-CkRdRhqKEuF4MJNFdLA-sQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:24:22 GMT
age: 11201
etag: "194a7c40cdfae31844fa711d53142ea98f007a92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df5f38c3dc43ccc382d0274bffb6b350
9a305072cce8bb61ca3753bb98b999695fb4706e
20ff21892e65787fecbadca0f59c05e54dee3a1359271839dab0ee5c9e796ab0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6367
x-amzn-requestid: 485c3cf9-d305-4540-8eef-8304d1103ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5EHbOoAMFWsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a0-2ac206d826bf23193740e74c;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j4GFPRLOwyEGJVrC4uk01vi858DLWzDtUNZkfmbJ1ybrMV4xEdOIVg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:50:24 GMT
age: 13239
etag: "9a305072cce8bb61ca3753bb98b999695fb4706e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1741327ab198a2decd032da4f0be91f9
3d9d9f0b0d64600e8b05301120393aaae04e0e6a
863e23e1f5ddb2cfbf19b76817ddb28f646fe53af97e9ca714bbd5d6078fc712
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: e29643cd-9d6f-4d27-897d-cb5460fe4735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM6ZGdBIAMFalA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2842-4555e10b7c637c3f792b9cf0;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GL1Ay0ooLsCV3C180mUcMK64TLmAjDcgvll_geN0aN8hNPVVwwfQ0w==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:37:10 GMT
etag: "3d9d9f0b0d64600e8b05301120393aaae04e0e6a"
content-type: image/jpeg
age: 10433
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9cf0a31c-c85d-44f5-805c-d721336ee8be.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9cf0a31c-c85d-44f5-805c-d721336ee8be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8134d82ebf2ab56f6263871af7dddd04
04f84545a02a942336e70de3c4bf25dafcb8552b
e85d244c6a2aaa6fd45303d88a01ae8cacb1efa0f8cda21f2fe48b53d8ca3a97
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9cf0a31c-c85d-44f5-805c-d721336ee8be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9524
x-amzn-requestid: 5bbf3c66-5b84-4783-884f-b5f677c834fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WZKGQfIAMFbVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d107-57a5d87b0a9b44842ca2808d;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TlCP-tVS6w3UjqI-z3QggnoUcZpexq8Jq-qJ4ti0XrHK5Pa_TF139Q==
via: 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 03:57:10 GMT
age: 77633
etag: "04f84545a02a942336e70de3c4bf25dafcb8552b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 440811a19987ddee099df289d9b61e79
ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1
1309e9dcb36858de70ef82900ec1ad429fbb795ddb9823fd1c290b18f4e2c1a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9623
x-amzn-requestid: b3d5bd8d-111b-4d50-9720-71f72c62f860
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7Q8oFLRIAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347951d-613e5e810f420e4c0ba3e6f6;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 04:33:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OA9iHADyiam26eo88jYDECifkqeBaTjsuoeHD2YOy0aZJZEGhG-xow==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 14047
etag: "ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6432c2bf0bab32f918d931dd98a6e1e4
bba4f37b146e5aea2b6490f8f7da63fa61ffc849
bde0d98cb1dcd70f22cd2aee5860eb0cd824d1bb12ab18245ab8eed06a79cf1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7337
x-amzn-requestid: 43a16c4d-c5b9-4d01-8ba4-e811b09e96b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WYqEwVoAMFe5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d104-121eda8b7a73518849342e7a;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z8x5zYoU_lGHWGt8ZhQFB6G9gS1Q4YhG_AxOdLCqIpZkXp_-f45ExA==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 03:51:32 GMT
age: 77971
etag: "bba4f37b146e5aea2b6490f8f7da63fa61ffc849"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ba32d2193e0a71f5869aab674f0d3d1f
e06d66516fcd4e6f37e83433f599f0e94905ec03
0a9331955c11b612bc9a3ae5107b3daa9f333ea4c9ea41039b92461967aba583
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 01:31:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 14 Oct 2022 07:20:06 GMT
Expires: Fri, 21 Oct 2022 07:20:05 GMT
Etag: "e06d66516fcd4e6f37e83433f599f0e94905ec03"
Cache-Control: max-age=452340,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75ad08657ce7b524-OSL
mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lWMsiKRANMk2AZ64o-JmCYkDm2e6ndKFovD2R0JbB9Iv1iLFd3h9zFdBbFIbAfpyJLcmnRvo_TTX33SFt45BoFZmtPojMJtdG2cgl7TmpI-61WFcO7dbSh-vTeldx1qkO9ESKDhi8gxWJCyyDq165kFdqtf4-isyqBzJixV0eEwtdOyX9BAZWcM7x-S6GKSRkA_z17TOA8_lyxsKVTDHY0IX4_VKsbWmiq3pFRoRLcSpQ0BBv5VkVMeAWCvNcWAzl5skuEt1SyCQMWWpmhrN9aSjn4iTZdrwpNECcOoeQkVnEXYxAToDNrh_oFAVVJDosTDqJ8LZa0NtOG5cjwdNLxqhdLq_Oywo9YTx-MmZRQImZ1AaqHcf3mal25YHGDVWp9Bj17n3sG2cpWz1QXny7YWCT8ndoT3dq7WB6yGrnHLiN7gWNUs8uybTttXbVACG1tLzkmekGBQCJUg1DLL6WynBN47bx9omHSCXDNdj7pGV43D7W3EInOMrh7YsShD5KpOz9yZlfydiDVCHzxpk_u93NCBxwc-gKWUv4LA6oOOiXgEVJXfktpVbKWgd_ki5Esos2DVgpgqXz-b8HnrZpYk5oV9QIep9K0duREN-0Af6PnmJ8etuo_Q9rLnKUjPDJNRTi83x83140vQN3ECVMRT8ZRZC-3vG6XCJfwnN1ufxemmeeF79KbbjNYmKTECy8g5cpGPGZ0Ep1TKAsEbe7gUVjMMTDAYgwk9d4cYI0JnlcFe1WYpZdaCRC3_QcBGLZC52eU2_9PAVK__vqBnTHiJ-kIMxiGhqlteZ8dgO7kqBC9HYxeMyAfMS2TDxcIUxcB24f5TAFclZh-Wjuru_x_pf069cGuYd0HFnDQUfF-yPJ4X0zAEhxg5PNVKbna__Ml15KXkbVKOFp7lQFFnqk42TrIVg8RtLJ9bP-kjf_QbeJknuhSjKuV-ZalDvZtzi3cfHjsOGFnXjqo-d9Baih1DWJKdobf0trqJWRKVHwpUoASf10ihCbo89V5ioOooUHhaTGrLV_mBWGzu6VpZcBnVRmV8YJoUdyDc_kFNLUHsYJ2eqyiBiNjTH8ez4I0SiWOjsUfqMK_8904OJHgcaqExfIb3rLfDWc3_b_Gpk1DjqcwuIa5K5WqFBHYX6-hTZA99w0ugrKUlfR5pB4UltLANpb_vUK1ucLQ5_sSFyy0lLVxe4j04gTKBixNhV-gd28vTuY9-ZkjfmsS3wM3BlY-b9FGm9BAjf02PzHTGqXpsxAXRRvdCeDgxcRvs12WRBtVd0FFIwNy6mR5pB4UltLAOO6H1NCxtoHUHJGQwW3XzEe-D6rVyesox2m7bbWF_ij_tkgeX_MFxg2cXWIgVA99st29acLDvw5i1YbpShQmzFEtLrZWBjpXGZ9LN7o_Nu0nW_Wic5C24wWjqAn3EI1YiQ7QQTqPD6evNsBTmehIsTUuJey8q33ZYjZt6uxry2NwXB9BXVuRTe8dJ5SZeVZLnTxMXSdzHBietCmL7UR-B_fhnTn2T2FXzYgG7afTXkyA
108.168.193.189302 Found 0 B URL HTTP/2 mybetterck.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lWMsiKRANMk2AZ64o-JmCYkDm2e6ndKFovD2R0JbB9Iv1iLFd3h9zFdBbFIbAfpyJLcmnRvo_TTX33SFt45BoFZmtPojMJtdG2cgl7TmpI-61WFcO7dbSh-vTeldx1qkO9ESKDhi8gxWJCyyDq165kFdqtf4-isyqBzJixV0eEwtdOyX9BAZWcM7x-S6GKSRkA_z17TOA8_lyxsKVTDHY0IX4_VKsbWmiq3pFRoRLcSpQ0BBv5VkVMeAWCvNcWAzl5skuEt1SyCQMWWpmhrN9aSjn4iTZdrwpNECcOoeQkVnEXYxAToDNrh_oFAVVJDosTDqJ8LZa0NtOG5cjwdNLxqhdLq_Oywo9YTx-MmZRQImZ1AaqHcf3mal25YHGDVWp9Bj17n3sG2cpWz1QXny7YWCT8ndoT3dq7WB6yGrnHLiN7gWNUs8uybTttXbVACG1tLzkmekGBQCJUg1DLL6WynBN47bx9omHSCXDNdj7pGV43D7W3EInOMrh7YsShD5KpOz9yZlfydiDVCHzxpk_u93NCBxwc-gKWUv4LA6oOOiXgEVJXfktpVbKWgd_ki5Esos2DVgpgqXz-b8HnrZpYk5oV9QIep9K0duREN-0Af6PnmJ8etuo_Q9rLnKUjPDJNRTi83x83140vQN3ECVMRT8ZRZC-3vG6XCJfwnN1ufxemmeeF79KbbjNYmKTECy8g5cpGPGZ0Ep1TKAsEbe7gUVjMMTDAYgwk9d4cYI0JnlcFe1WYpZdaCRC3_QcBGLZC52eU2_9PAVK__vqBnTHiJ-kIMxiGhqlteZ8dgO7kqBC9HYxeMyAfMS2TDxcIUxcB24f5TAFclZh-Wjuru_x_pf069cGuYd0HFnDQUfF-yPJ4X0zAEhxg5PNVKbna__Ml15KXkbVKOFp7lQFFnqk42TrIVg8RtLJ9bP-kjf_QbeJknuhSjKuV-ZalDvZtzi3cfHjsOGFnXjqo-d9Baih1DWJKdobf0trqJWRKVHwpUoASf10ihCbo89V5ioOooUHhaTGrLV_mBWGzu6VpZcBnVRmV8YJoUdyDc_kFNLUHsYJ2eqyiBiNjTH8ez4I0SiWOjsUfqMK_8904OJHgcaqExfIb3rLfDWc3_b_Gpk1DjqcwuIa5K5WqFBHYX6-hTZA99w0ugrKUlfR5pB4UltLANpb_vUK1ucLQ5_sSFyy0lLVxe4j04gTKBixNhV-gd28vTuY9-ZkjfmsS3wM3BlY-b9FGm9BAjf02PzHTGqXpsxAXRRvdCeDgxcRvs12WRBtVd0FFIwNy6mR5pB4UltLAOO6H1NCxtoHUHJGQwW3XzEe-D6rVyesox2m7bbWF_ij_tkgeX_MFxg2cXWIgVA99st29acLDvw5i1YbpShQmzFEtLrZWBjpXGZ9LN7o_Nu0nW_Wic5C24wWjqAn3EI1YiQ7QQTqPD6evNsBTmehIsTUuJey8q33ZYjZt6uxry2NwXB9BXVuRTe8dJ5SZeVZLnTxMXSdzHBietCmL7UR-B_fhnTn2T2FXzYgG7afTXkyA
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzxpRTG9mCZxJfSMU3tyux_woPqiJVE9nxxwSB56cKSkXT2CTCm3P5TxbC7U30TJp2YOe9KpoUqG_KP9rM2-MnaYF4NN-Fy2QN7CyP0WpYsxEJnFYxcsUig_ZjafmTRh4cHzsOTmPHHzVVhTaMWwinq7RGLacBI37lWMsiKRANMk2AZ64o-JmCYkDm2e6ndKFovD2R0JbB9Iv1iLFd3h9zFdBbFIbAfpyJLcmnRvo_TTX33SFt45BoFZmtPojMJtdG2cgl7TmpI-61WFcO7dbSh-vTeldx1qkO9ESKDhi8gxWJCyyDq165kFdqtf4-isyqBzJixV0eEwtdOyX9BAZWcM7x-S6GKSRkA_z17TOA8_lyxsKVTDHY0IX4_VKsbWmiq3pFRoRLcSpQ0BBv5VkVMeAWCvNcWAzl5skuEt1SyCQMWWpmhrN9aSjn4iTZdrwpNECcOoeQkVnEXYxAToDNrh_oFAVVJDosTDqJ8LZa0NtOG5cjwdNLxqhdLq_Oywo9YTx-MmZRQImZ1AaqHcf3mal25YHGDVWp9Bj17n3sG2cpWz1QXny7YWCT8ndoT3dq7WB6yGrnHLiN7gWNUs8uybTttXbVACG1tLzkmekGBQCJUg1DLL6WynBN47bx9omHSCXDNdj7pGV43D7W3EInOMrh7YsShD5KpOz9yZlfydiDVCHzxpk_u93NCBxwc-gKWUv4LA6oOOiXgEVJXfktpVbKWgd_ki5Esos2DVgpgqXz-b8HnrZpYk5oV9QIep9K0duREN-0Af6PnmJ8etuo_Q9rLnKUjPDJNRTi83x83140vQN3ECVMRT8ZRZC-3vG6XCJfwnN1ufxemmeeF79KbbjNYmKTECy8g5cpGPGZ0Ep1TKAsEbe7gUVjMMTDAYgwk9d4cYI0JnlcFe1WYpZdaCRC3_QcBGLZC52eU2_9PAVK__vqBnTHiJ-kIMxiGhqlteZ8dgO7kqBC9HYxeMyAfMS2TDxcIUxcB24f5TAFclZh-Wjuru_x_pf069cGuYd0HFnDQUfF-yPJ4X0zAEhxg5PNVKbna__Ml15KXkbVKOFp7lQFFnqk42TrIVg8RtLJ9bP-kjf_QbeJknuhSjKuV-ZalDvZtzi3cfHjsOGFnXjqo-d9Baih1DWJKdobf0trqJWRKVHwpUoASf10ihCbo89V5ioOooUHhaTGrLV_mBWGzu6VpZcBnVRmV8YJoUdyDc_kFNLUHsYJ2eqyiBiNjTH8ez4I0SiWOjsUfqMK_8904OJHgcaqExfIb3rLfDWc3_b_Gpk1DjqcwuIa5K5WqFBHYX6-hTZA99w0ugrKUlfR5pB4UltLANpb_vUK1ucLQ5_sSFyy0lLVxe4j04gTKBixNhV-gd28vTuY9-ZkjfmsS3wM3BlY-b9FGm9BAjf02PzHTGqXpsxAXRRvdCeDgxcRvs12WRBtVd0FFIwNy6mR5pB4UltLAOO6H1NCxtoHUHJGQwW3XzEe-D6rVyesox2m7bbWF_ij_tkgeX_MFxg2cXWIgVA99st29acLDvw5i1YbpShQmzFEtLrZWBjpXGZ9LN7o_Nu0nW_Wic5C24wWjqAn3EI1YiQ7QQTqPD6evNsBTmehIsTUuJey8q33ZYjZt6uxry2NwXB9BXVuRTe8dJ5SZeVZLnTxMXSdzHBietCmL7UR-B_fhnTn2T2FXzYgG7afTXkyA HTTP/1.1
Host: mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 16 Oct 2022 01:31:04 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Fri, 14-Apr-2023 01:31:04 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDFfWvpnm7ZCJFLofLu_mNFJ5XlnqskMX62HbvyuoBQMqOP2XUpwVz2Yu2I2LQtntk1fV2mAmUE67GauW-dN4CgaHW-91s-9SXp9evdBwOSQSorHMfB3kJ1CFQ2uUcUYGHWGt6kL5zmyLa9sbXb0vi1na1I8RpyMsMgz2W36oLZKJKmFJd4jWIcN04Bp2cbLc2WYej1qyIyyZ-cl_tHArOqz7xdcTfKSE5XUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PW0bWMNZAgR76CbBsyEx-P9ZT4gk-eVXV8JbewQCztnWZhBcfa7dnW5UYjusQEVYDw79DsxxaaOIof1IUnX4xTf9XEd89Z_BXfaDXau3pH0CdUJb1SgtPMrb9PnH8UYB2kgoo2WP0jUGnTORAlHhCyX5EJo2RPerI6fAz2xm0jbSTdCSSk0HQobo4hmEPlRnzNQSkPP_zslyIGn2fbA7x7dBcvS231v-nbhaDpz3wbaeMRIHCs4tp-ELg4vWacia8T9PVemRXHa6qLNQslo6ZufqItqhQ6Scac&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjytt6p3A0Pqn5BMy_hLHm9CkYS3LmJuR-vWkB7LNvBsu7l414419Vs19QwHORB45nSGfnrhc4-0PYg&si=1&oref=7f243806895ccadff6a439c1162225ff&optunit=R5pB4UltLAOtK6Mz5FaVqw&rb=2Vb288azLYM&rr=0&abtg=0
X-Firefox-Spdy: h2
p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDFfWvpnm7ZCJFLofLu_mNFJ5XlnqskMX62HbvyuoBQMqOP2XUpwVz2Yu2I2LQtntk1fV2mAmUE67GauW-dN4CgaHW-91s-9SXp9evdBwOSQSorHMfB3kJ1CFQ2uUcUYGHWGt6kL5zmyLa9sbXb0vi1na1I8RpyMsMgz2W36oLZKJKmFJd4jWIcN04Bp2cbLc2WYej1qyIyyZ-cl_tHArOqz7xdcTfKSE5XUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PW0bWMNZAgR76CbBsyEx-P9ZT4gk-eVXV8JbewQCztnWZhBcfa7dnW5UYjusQEVYDw79DsxxaaOIof1IUnX4xTf9XEd89Z_BXfaDXau3pH0CdUJb1SgtPMrb9PnH8UYB2kgoo2WP0jUGnTORAlHhCyX5EJo2RPerI6fAz2xm0jbSTdCSSk0HQobo4hmEPlRnzNQSkPP_zslyIGn2fbA7x7dBcvS231v-nbhaDpz3wbaeMRIHCs4tp-ELg4vWacia8T9PVemRXHa6qLNQslo6ZufqItqhQ6Scac&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjytt6p3A0Pqn5BMy_hLHm9CkYS3LmJuR-vWkB7LNvBsu7l414419Vs19QwHORB45nSGfnrhc4-0PYg&si=1&oref=7f243806895ccadff6a439c1162225ff&optunit=R5pB4UltLAOtK6Mz5FaVqw&rb=2Vb288azLYM&rr=0&abtg=0
108.168.193.189302 Found 0 B URL HTTP/2 p274639.mybetterck.com/adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDFfWvpnm7ZCJFLofLu_mNFJ5XlnqskMX62HbvyuoBQMqOP2XUpwVz2Yu2I2LQtntk1fV2mAmUE67GauW-dN4CgaHW-91s-9SXp9evdBwOSQSorHMfB3kJ1CFQ2uUcUYGHWGt6kL5zmyLa9sbXb0vi1na1I8RpyMsMgz2W36oLZKJKmFJd4jWIcN04Bp2cbLc2WYej1qyIyyZ-cl_tHArOqz7xdcTfKSE5XUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PW0bWMNZAgR76CbBsyEx-P9ZT4gk-eVXV8JbewQCztnWZhBcfa7dnW5UYjusQEVYDw79DsxxaaOIof1IUnX4xTf9XEd89Z_BXfaDXau3pH0CdUJb1SgtPMrb9PnH8UYB2kgoo2WP0jUGnTORAlHhCyX5EJo2RPerI6fAz2xm0jbSTdCSSk0HQobo4hmEPlRnzNQSkPP_zslyIGn2fbA7x7dBcvS231v-nbhaDpz3wbaeMRIHCs4tp-ELg4vWacia8T9PVemRXHa6qLNQslo6ZufqItqhQ6Scac&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjytt6p3A0Pqn5BMy_hLHm9CkYS3LmJuR-vWkB7LNvBsu7l414419Vs19QwHORB45nSGfnrhc4-0PYg&si=1&oref=7f243806895ccadff6a439c1162225ff&optunit=R5pB4UltLAOtK6Mz5FaVqw&rb=2Vb288azLYM&rr=0&abtg=0
IP 108.168.193.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adServe/domainClick?ai=gNSPw4YcvsCApKkKBx7IDFfWvpnm7ZCJFLofLu_mNFJ5XlnqskMX62HbvyuoBQMqOP2XUpwVz2Yu2I2LQtntk1fV2mAmUE67GauW-dN4CgaHW-91s-9SXp9evdBwOSQSorHMfB3kJ1CFQ2uUcUYGHWGt6kL5zmyLa9sbXb0vi1na1I8RpyMsMgz2W36oLZKJKmFJd4jWIcN04Bp2cbLc2WYej1qyIyyZ-cl_tHArOqz7xdcTfKSE5XUXj34qybWDAqM8rzIb-Pi5VPoQapVd8GzO00fgOqNi56xvBNQ30PW0bWMNZAgR76CbBsyEx-P9ZT4gk-eVXV8JbewQCztnWZhBcfa7dnW5UYjusQEVYDw79DsxxaaOIof1IUnX4xTf9XEd89Z_BXfaDXau3pH0CdUJb1SgtPMrb9PnH8UYB2kgoo2WP0jUGnTORAlHhCyX5EJo2RPerI6fAz2xm0jbSTdCSSk0HQobo4hmEPlRnzNQSkPP_zslyIGn2fbA7x7dBcvS231v-nbhaDpz3wbaeMRIHCs4tp-ELg4vWacia8T9PVemRXHa6qLNQslo6ZufqItqhQ6Scac&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxS2iJjOcrEjytt6p3A0Pqn5BMy_hLHm9CkYS3LmJuR-vWkB7LNvBsu7l414419Vs19QwHORB45nSGfnrhc4-0PYg&si=1&oref=7f243806895ccadff6a439c1162225ff&optunit=R5pB4UltLAOtK6Mz5FaVqw&rb=2Vb288azLYM&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybetterck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=81412752446
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 16 Oct 2022 01:31:04 GMT
content-length: 0
set-cookie: rhid=81412752446; Max-Age=15552000; Expires=Fri, 14-Apr-2023 01:31:04 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
loi=ad_490233_off_142374_aff_3322_cid_274639-429806629-A5ZHUKAO.COM_ts_1665883864; Max-Age=3600; Expires=Sun, 16-Oct-2022 02:31:04 GMT; Domain=mybetterck.com; Path=/; SameSite=None; secure;
location: https://myfood.ltd/?v=20171031&s1=0
X-Firefox-Spdy: h2