8.8.8.8:53

172.67.186.213:443

GET /tpxznkkju/x2-convert.php HTTP/2.0
host: flvto.bz
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 301
date: Wed, 05 Jul 2023 16:13:48 GMT
x-powered-by: Express
location: /tpx/x2-convert.php
set-cookie: connect.sid=s%3ASwKHcp400v9Gm55E1dvK-nBDftysCqGk.iz6ZKECscpomjZN6aA%2BBnY%2FmPcTqjxlj5dTfYycmP6o; Path=/; Expires=Wed, 05 Jul 2023 17:13:48 GMT; HttpOnly
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xQHKkQkhAPP8HmtgN70pm1bTk01MLkUt3B2Z9HjPZWKKmh8hec7s4AQZVc28lV82PIzLq1N1lAQGmoRZTB4yI7%2BlzPMQl5XnwxvtJwNe9nai2qz91mznS7eX6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7e20e5ba9928b88b-AMS
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

95.216.153.131:443

GET /js/re-ads-zone.js HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:13:49 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 455
Last-Modified: Fri, 26 May 2023 06:28:20 GMT
Connection: keep-alive
ETag: "64705184-1c7"
Accept-Ranges: bytes

95.216.153.131:443

GET /js/multiPageCore.js HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:13:49 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 26 May 2023 06:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64705184-1e89"
Content-Encoding: gzip

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

95.101.74.213:80

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 05 Jul 2023 17:13:49 GMT
Date: Wed, 05 Jul 2023 16:13:49 GMT
Connection: keep-alive

95.216.153.131:443

GET /js/multiPageExample.js HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:13:49 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 847
Last-Modified: Fri, 26 May 2023 06:28:20 GMT
Connection: keep-alive
ETag: "64705184-34f"
Accept-Ranges: bytes

95.216.153.131:443

GET /js/progressStep.js HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:14:29 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 26 May 2023 06:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64705184-16c0"
Content-Encoding: gzip

8.8.8.8:53

95.101.74.147:443

GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=e9ae190d-1cd5-4da5-8503-ca32f25aee14&ocid=windows-windowsShell-feeds&user=m-fa8e403e370641a38e8d864e13395814&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {FA70D926-E1F3-47D1-8072-3C281BF806AB}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: FA8E403E370641A38E8D864E13395814
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1688573628
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: 2D395BBC68034C4A8CB6305E67A75893
cookie: MUID=FA8E403E370641A38E8D864E13395814

HTTP/2.0 200
content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: BingRecoCode:Success;coldStart:1;lowT:0;tbn:0;lowC:0;winbadge:1;SageUser:0;coldStartUpsell:1;IsRecoNewUser:1;partialResponse:1
x-wpo-activityid: 44F4C7A2-26EF-4239-9B4E-D9DA719BFACE|2023-07-05T16:13:49.9554791Z|fabric:/wpo|FRC|WPO_13
ddd-feednewsitemcount: 1
ddd-activityid: 44f4c7a2-26ef-4239-9b4e-d9da719bface
ddd-strategyexecutionlatency: 00:00:00.1708249
ddd-debugid: 44f4c7a2-26ef-4239-9b4e-d9da719bface|2023-07-05T16:13:49.9669427Z|fabric:/winfeed|FRC|WinFeed_699
onewebservicelatency: 172
x-msedge-responseinfo: 172
x-ceto-ref: 64a596bd892b4e4ebd70599fec217a08|2023-07-05T16:13:49.768Z
expires: Wed, 05 Jul 2023 16:13:49 GMT
date: Wed, 05 Jul 2023 16:13:49 GMT
content-length: 4506
akamai-request-bc: [a=92.123.71.147,b=1041455574,c=g,n=NL__SCHIPHOL,o=20940],[a=20.74.25.147,c=o]
server-timing: clientrtt; dur=38, clienttt; dur=216, origin; dur=215 , cdntime; dur=1
akamai-cache-status: Miss from child
akamai-server-ip: 92.123.71.147
akamai-request-id: 3e1359d6
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin

8.8.8.8:53

142.250.179.170:443

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAnGNUOCKTSalxIFDQ5LEYE=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CMziygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

95.216.153.131:443

OPTIONS /convert/get-rtb-url HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://flvto.bz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-Fetch-Dest: empty
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:14:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://flvto.bz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
Access-Control-Allow-Credentials: true
Allow: HEAD, GET
Cache-Control: no-cache, no-store, must-revalidate

95.216.153.131:443

GET /convert/get-rtb-url HTTP/1.1
Host: easymp3mix.com
Connection: keep-alive
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-type: application/json
Accept: */*
Origin: https://flvto.bz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 05 Jul 2023 16:14:28 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 137
Connection: keep-alive
Access-Control-Allow-Origin: https://flvto.bz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers: X-Total-Count
Access-Control-Allow-Methods: POST, PUT, GET, PATCH, OPTIONS, DELETE
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, must-revalidate

8.8.8.8:53

116.202.21.68:443

OPTIONS /direct-info/SKKUXCabYfhlU3e4ViP5yQ/1688575468/17/?lang=en HTTP/1.1
Host: cuttlefly.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://flvto.bz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-Fetch-Dest: empty
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Jul 2023 16:14:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://flvto.bz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS

116.202.21.68:443

GET /direct-info/SKKUXCabYfhlU3e4ViP5yQ/1688575468/17/?lang=en HTTP/1.1
Host: cuttlefly.com
Connection: keep-alive
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-type: application/json
Accept: */*
Origin: https://flvto.bz
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://flvto.bz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Jul 2023 16:14:29 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: https://flvto.bz
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip

8.8.8.8:53

31.220.27.135:443

GET /h/1107/m2weuqpzsr7fvz45tobhms7c5clyuudd327ld4xxyhcfewdilzbfiwaloyuxipno4xao2ra3h6xezc2m75bmlmlkqjz6tvcszbf3vy5dt26pzwh5gwbespfiin43wn7b2xckkqebothl74uappihf7o4rpyfnw2lmpow6sa5ax4eaw7lgrfzkrsxinyuvmrqoobhuumijbtim36y6w2uxjlojw44ys6p2fid7fk327p57htrqiy5w4eqkny3u3kh5rkk7zhx2jv6qtcmpf2ew2ydpjvxeyl3ijcfcaskingweqt5k5zv22l2pxixg3ecjsmpf6nflhsestvnl6thtetk2z4zw75ypcowjide6faz42uum2ieyv2yub3vesfvlrgn6rtv4vtthutx4t75zs3ikttfcq4wx32w4ww5x5xvu4ttdycvyhc5eoyhycsm25zxqufqoxdepznljt4wbq5jikqfpqnzosuto3r3fiqscecdaqduef2nmvbxqw3sly2ssladirox64dcfzyewzqefm5xgngdon2oumfnvx5fhykinzdgyucljgmur5kiltvuuvoeqihiqwrv4ihexidaexc2gqfvolv6zbkxube2bowq4lj2xtnbcfuw2pcdfuvdy3sairkamssaibqui6d6vhmoxjpvzwunyp3a23dlpis2m2rnjgpdxwhivhonomvprwetwrvsnym52kuj7cesww3voicbkfct4m2ckq7tobiflaov2faueycckqbecz7xwn2jovo25zoa5vceszr6jram3lcekha2mos7cxuvbtd7taa4a23sjfqxpdlglllpoa3g7vy7zjwmej6dsyjseyngmcko6wqt77tsqv2a====?u=https%3A%2F%2Fapi.tradeclouddata.com%2Fc1bd2f73-c211-4d3c-81a7-6adbae154d94%3Fzoneid%3D1391536521930159%26cost%3D0.007847167%26clickid%3Dcnvba6f50e5532542ebeb30584f2852fc7c HTTP/2.0
host: s.viirsons.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://flvto.bz/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx/1.23.2
date: Wed, 05 Jul 2023 16:14:29 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Width, Viewport-Width, DPR, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
content-encoding: gzip

31.220.27.135:443

POST /cnt/api/index HTTP/2.0
host: s.viirsons.com
content-length: 3415
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
device-memory: 8
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
viewport-width: 1280
content-type: text/plain;charset=UTF-8
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
dpr: 1
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://s.viirsons.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://s.viirsons.com/h/1107/m2weuqpzsr7fvz45tobhms7c5clyuudd327ld4xxyhcfewdilzbfiwaloyuxipno4xao2ra3h6xezc2m75bmlmlkqjz6tvcszbf3vy5dt26pzwh5gwbespfiin43wn7b2xckkqebothl74uappihf7o4rpyfnw2lmpow6sa5ax4eaw7lgrfzkrsxinyuvmrqoobhuumijbtim36y6w2uxjlojw44ys6p2fid7fk327p57htrqiy5w4eqkny3u3kh5rkk7zhx2jv6qtcmpf2ew2ydpjvxeyl3ijcfcaskingweqt5k5zv22l2pxixg3ecjsmpf6nflhsestvnl6thtetk2z4zw75ypcowjide6faz42uum2ieyv2yub3vesfvlrgn6rtv4vtthutx4t75zs3ikttfcq4wx32w4ww5x5xvu4ttdycvyhc5eoyhycsm25zxqufqoxdepznljt4wbq5jikqfpqnzosuto3r3fiqscecdaqduef2nmvbxqw3sly2ssladirox64dcfzyewzqefm5xgngdon2oumfnvx5fhykinzdgyucljgmur5kiltvuuvoeqihiqwrv4ihexidaexc2gqfvolv6zbkxube2bowq4lj2xtnbcfuw2pcdfuvdy3sairkamssaibqui6d6vhmoxjpvzwunyp3a23dlpis2m2rnjgpdxwhivhonomvprwetwrvsnym52kuj7cesww3voicbkfct4m2ckq7tobiflaov2faueycckqbecz7xwn2jovo25zoa5vceszr6jram3lcekha2mos7cxuvbtd7taa4a23sjfqxpdlglllpoa3g7vy7zjwmej6dsyjseyngmcko6wqt77tsqv2a====?u=https%3A%2F%2Fapi.tradeclouddata.com%2Fc1bd2f73-c211-4d3c-81a7-6adbae154d94%3Fzoneid%3D1391536521930159%26cost%3D0.007847167%26clickid%3Dcnvba6f50e5532542ebeb30584f2852fc7c
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 204
server: nginx/1.23.2
date: Wed, 05 Jul 2023 16:14:29 GMT

31.220.27.135:443

GET /favicon.ico HTTP/2.0
host: s.viirsons.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
device-memory: 8
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
viewport-width: 1280
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "10.0.0"
dpr: 1
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://s.viirsons.com/h/1107/m2weuqpzsr7fvz45tobhms7c5clyuudd327ld4xxyhcfewdilzbfiwaloyuxipno4xao2ra3h6xezc2m75bmlmlkqjz6tvcszbf3vy5dt26pzwh5gwbespfiin43wn7b2xckkqebothl74uappihf7o4rpyfnw2lmpow6sa5ax4eaw7lgrfzkrsxinyuvmrqoobhuumijbtim36y6w2uxjlojw44ys6p2fid7fk327p57htrqiy5w4eqkny3u3kh5rkk7zhx2jv6qtcmpf2ew2ydpjvxeyl3ijcfcaskingweqt5k5zv22l2pxixg3ecjsmpf6nflhsestvnl6thtetk2z4zw75ypcowjide6faz42uum2ieyv2yub3vesfvlrgn6rtv4vtthutx4t75zs3ikttfcq4wx32w4ww5x5xvu4ttdycvyhc5eoyhycsm25zxqufqoxdepznljt4wbq5jikqfpqnzosuto3r3fiqscecdaqduef2nmvbxqw3sly2ssladirox64dcfzyewzqefm5xgngdon2oumfnvx5fhykinzdgyucljgmur5kiltvuuvoeqihiqwrv4ihexidaexc2gqfvolv6zbkxube2bowq4lj2xtnbcfuw2pcdfuvdy3sairkamssaibqui6d6vhmoxjpvzwunyp3a23dlpis2m2rnjgpdxwhivhonomvprwetwrvsnym52kuj7cesww3voicbkfct4m2ckq7tobiflaov2faueycckqbecz7xwn2jovo25zoa5vceszr6jram3lcekha2mos7cxuvbtd7taa4a23sjfqxpdlglllpoa3g7vy7zjwmej6dsyjseyngmcko6wqt77tsqv2a====?u=https%3A%2F%2Fapi.tradeclouddata.com%2Fc1bd2f73-c211-4d3c-81a7-6adbae154d94%3Fzoneid%3D1391536521930159%26cost%3D0.007847167%26clickid%3Dcnvba6f50e5532542ebeb30584f2852fc7c
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx/1.23.2
date: Wed, 05 Jul 2023 16:14:29 GMT
content-type: application/json
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://s.viirsons.com

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

3.225.140.174:443

GET /c1bd2f73-c211-4d3c-81a7-6adbae154d94?zoneid=1391536521930159&cost=0.007847167&clickid=cnvba6f50e5532542ebeb30584f2852fc7c HTTP/2.0
host: api.tradeclouddata.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://s.viirsons.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 307
server: nginx
date: Wed, 05 Jul 2023 16:14:30 GMT
content-length: 0
accept-ch: sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-full-version-list,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://api.tradeclouddata.com/c1bd2f73-c211-4d3c-81a7-6adbae154d94/2?zoneid=1391536521930159&cost=0.007847167&clickid=cnvba6f50e5532542ebeb30584f2852fc7c
pragma: no-cache

3.225.140.174:443

GET /c1bd2f73-c211-4d3c-81a7-6adbae154d94/2?zoneid=1391536521930159&cost=0.007847167&clickid=cnvba6f50e5532542ebeb30584f2852fc7c HTTP/2.0
host: api.tradeclouddata.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
referer: https://s.viirsons.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 302
server: nginx
date: Wed, 05 Jul 2023 16:14:30 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://adblockertool.com/?scenario=promo5v1ns&step2=v7&trackingdomain=api.tradeclouddata.com&source_id=96689f38-15f3-48d5-b59c-391fd0d7710c&cep=AKfG-E07-yQgY6wanbHzIj3VtiU43fpVpizoH848D1oP0fNg7fs89uGguDFmNGcg-BCqFR4BrO_YvN1qz1RVO2wilEHBpfp2PJj6qGDghEw0FHTGEN5XQkPhJXIBw3khzclUybCXBkMlOpUyzTmsVRoKl33n7P_hmzkUNeJAHSyVMLyskIgBOiWzCaLoldr5rf8G6ckxe0whEOcOnbckzatZBANhXOORksHkm2MGpGLsNFSv_KAEQX8RXTBgOsRC_ksA7xXvAD_q-SVTkNbBRws1PyqKj9hY40ml4Gryec2xkoTyhcNHroWDU9AZw_IrroanA8C27IVAjpAhIfCqfpQGYx9AiDr_eg7WMn2I9kwQWfTgLBkNWqMUbVOfMgiqfiLhKNo6pwcESYxfR2Q1NUXTjutxQjaBNchlz-xrNH_R27kNdVkkQOHcqmQV_NB8V98wNuasg1Ku_MHC4zg5VVX6-nQO1ACTKELuphK7EF52NAFKzMIYxm9Sx9Z3y2dQ&lptoken=167988e9570d54be70e3&zoneid=1391536521930159&cost=0.007847167&clickid=cnvba6f50e5532542ebeb30584f2852fc7c
pragma: no-cache
set-cookie: c1bd2f73-c211-4d3c-81a7-6adbae154d94-v4=IW1UNGQ6Bbt0I61oBZM1B58XWAlFbJx8XzGplw8XDd4; Max-Age=86400; Expires=Thu, 06-Jul-2023 16:14:30 GMT; Domain=api.tradeclouddata.com; Path=/; Secure; HttpOnly;SameSite=None
set-cookie: cep-v4=jqBr06sQHQp-WUO668iXpMmAWLmd1e_RlD7lu8pvZDkOun6P7TUirMTf4IQcD88cI6Y2v6C9cizWPYU_TNSdehSvQt2RxVDlkUbzDkZqgd2D6mP40SptHveb1Nu8nt3uhiNsQJr2HTwAInTD46rYvi0Bogzl-hzwXsjFUPYvzza78jsDGvEerfa88P_TvZP-xjthB_YpUQKZ1KzXNvXgbxEW8CXk15Bgd7e7RCZ-rIqp-uO0Ry6op_LHDE0pf10CqSen2vdTvOt3F8pWy1A2ZyAJce2Ge3V5keVl03H4DJrfuAdylPc4wO39CoN5oNMxGlGxndjga7uPR3g1i67oKQuwIggJLJw3SgQU66H8Cc5KRWo9n5tQxoB5CdbnOosL7y4Ubgo-HNwTkGNT5tAXlTjMZIrEiHWk5ceWsQHj31msh5wpfH0m-Y7TdDzMn7OIQEwDvNE1rWkHaY6Mty53DnusThVPW-Q-vfbkSxFaj_bPJH3koyG2WdXjuNsQpoiT; Max-Age=86400; Expires=Thu, 06-Jul-2023 16:14:30 GMT; Domain=api.tradeclouddata.com; Path=/; Secure; HttpOnly;SameSite=None

8.8.8.8:53

172.64.206.2:443

GET /?scenario=promo5v1ns&step2=v7&trackingdomain=api.tradeclouddata.com&source_id=96689f38-15f3-48d5-b59c-391fd0d7710c&cep=AKfG-E07-yQgY6wanbHzIj3VtiU43fpVpizoH848D1oP0fNg7fs89uGguDFmNGcg-BCqFR4BrO_YvN1qz1RVO2wilEHBpfp2PJj6qGDghEw0FHTGEN5XQkPhJXIBw3khzclUybCXBkMlOpUyzTmsVRoKl33n7P_hmzkUNeJAHSyVMLyskIgBOiWzCaLoldr5rf8G6ckxe0whEOcOnbckzatZBANhXOORksHkm2MGpGLsNFSv_KAEQX8RXTBgOsRC_ksA7xXvAD_q-SVTkNbBRws1PyqKj9hY40ml4Gryec2xkoTyhcNHroWDU9AZw_IrroanA8C27IVAjpAhIfCqfpQGYx9AiDr_eg7WMn2I9kwQWfTgLBkNWqMUbVOfMgiqfiLhKNo6pwcESYxfR2Q1NUXTjutxQjaBNchlz-xrNH_R27kNdVkkQOHcqmQV_NB8V98wNuasg1Ku_MHC4zg5VVX6-nQO1ACTKELuphK7EF52NAFKzMIYxm9Sx9Z3y2dQ&lptoken=167988e9570d54be70e3&zoneid=1391536521930159&cost=0.007847167&clickid=cnvba6f50e5532542ebeb30584f2852fc7c HTTP/2.0
host: adblockertool.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://s.viirsons.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Wed, 05 Jul 2023 16:14:30 GMT
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXy0q8SzwAtbjYKJkoz%2F9AlwRAhRcNHvvs94ZlsQSaldi7NkPrIo5r1MDmy%2BLM1gDMu1qGqE5PXORVAa9LKFD3sYq2t7kxnLZGsGKVs7dLZ%2Bv3H%2B0YgVDZjncn%2FIz%2FY6s7lSAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7e20e6c09f49b8c4-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

104.17.24.14:443

GET /ajax/libs/gsap/3.9.1/gsap.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://adblockertool.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Wed, 05 Jul 2023 16:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 22890
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61c68a7c-596a"
last-modified: Sat, 25 Dec 2021 03:05:32 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7776145
expires: Mon, 24 Jun 2024 16:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lbK1e5eKeNE0kViQBeGRPuNpMCFTLMb5ChvfQnBqoPI21I5TMPSX3nn%2Bp%2F%2BfDCkkwHGtgNNlk%2FyemJxBtO2gDrEaV1vExqPYXNXWEl62rFt6PCBq3imIttO%2Fuxq5KjNi9PA0JX8q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7e20e6c41e6f0c38-AMS
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

192.178.48.227:443

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 271
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53