tr.watchcpm.com/aff_c?offer_id=10741&aff_id=68306&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_id=2&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bcaff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2
172.255.248.119302 Found 530 B URL User Request GET HTTP/1.1 tr.watchcpm.com/aff_c?offer_id=10741&aff_id=68306&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_id=2&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bcaff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint3A:70:3F:8B:A0:FA:06:0C:02:90:23:AC:D3:4E:E8:F0:16:00:6F:27
ValidityWed, 31 Jan 2024 09:28:37 GMT - Tue, 30 Apr 2024 09:28:36 GMT
File type HTML document, ASCII text, with very long lines (530), with no line terminators
Hash 5e7a96edbeff996042e03d062bc06b15
66c8055dcfdf2de9d5eb435504c9f5d24de8b590
d9776e0eee548a84cbe520ffc453ce15a776ebff346e2228ba94192bf3379809
GET /aff_c?offer_id=10741&aff_id=68306&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_id=2&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bcaff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2aff_c?offer_id=9949&aff_id=2&aff_sub5=banner/rd.html?go=https://howric.com/client?camp=s35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2 HTTP/1.1
Host: tr.watchcpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 17 Apr 2024 22:28:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 530
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=tr.watchcpm.com; Path=/; Expires=Fri, 17 May 2024 22:28:44 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: aff_c?offer_id=9949&aff_id=2&aff_sub5=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2
Vary: Accept
Cache-Control: no-store, no-cache
tr.watchcpm.com/aff_c?offer_id=9949&aff_id=2&aff_sub5=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2
172.255.248.119302 Found 556 B URL User Request GET HTTP/1.1 tr.watchcpm.com/aff_c?offer_id=9949&aff_id=2&aff_sub5=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint3A:70:3F:8B:A0:FA:06:0C:02:90:23:AC:D3:4E:E8:F0:16:00:6F:27
ValidityWed, 31 Jan 2024 09:28:37 GMT - Tue, 30 Apr 2024 09:28:36 GMT
File type HTML document, ASCII text, with very long lines (556), with no line terminators
Hash 92aa4542e3c1ada7976cd6214b3ebbe7
411ca430b123a787b68aeb193867d41201143ad7
0ffb660560d1325420042bcac8e478445fa8c809a1e0f49c166b09089affe67c
GET /aff_c?offer_id=9949&aff_id=2&aff_sub5=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&aff_sub=68306&source=68306&aff_sub2=banner&click_id=31_68306_10741_e160712df98a744c87d5164a18e6b0bc&last=2 HTTP/1.1
Host: tr.watchcpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 17 Apr 2024 22:28:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 556
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=tr.watchcpm.com; Path=/; Expires=Fri, 17 May 2024 22:28:44 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
9949=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd; Domain=tr.watchcpm.com; Path=/; Expires=Fri, 17 May 2024 22:28:44 GMT; Secure; SameSite=None
op_9949=0; Domain=tr.watchcpm.com; Path=/; Expires=Fri, 17 May 2024 22:28:44 GMT
user_id=3db3f82a-673c-4e90-8606-0896134485ae_3945b40bb671e025787851274a550695; Domain=tr.watchcpm.com; Path=/; Expires=Mon, 16 Apr 2029 22:28:44 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds3%26aff_id%3D2%26aff_sub%3D2%26source%3D2%26aff_sub2%3Dbanner%252Frd.html%253Fgo%253Dhttps%253A%252F%252Fhowric.com%252Fclient%253Fcamp%253Ds35%26click_id%3D32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
Vary: Accept
Cache-Control: no-store, no-cache
tr.watchcpm.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds3%26aff_id%3D2%26aff_sub%3D2%26source%3D2%26aff_sub2%3Dbanner%252Frd.html%253Fgo%253Dhttps%253A%252F%252Fhowric.com%252Fclient%253Fcamp%253Ds35%26click_id%3D32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
172.255.248.119200 OK 255 B URL User Request GET HTTP/1.1 tr.watchcpm.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds3%26aff_id%3D2%26aff_sub%3D2%26source%3D2%26aff_sub2%3Dbanner%252Frd.html%253Fgo%253Dhttps%253A%252F%252Fhowric.com%252Fclient%253Fcamp%253Ds35%26click_id%3D32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint3A:70:3F:8B:A0:FA:06:0C:02:90:23:AC:D3:4E:E8:F0:16:00:6F:27
ValidityWed, 31 Jan 2024 09:28:37 GMT - Tue, 30 Apr 2024 09:28:36 GMT
File type HTML document, ASCII text
Hash d032811d8a01caff2a5ce141a657ca0e
7cfb5ac640b5496f18939ee73dc89cccf77125cc
e2efe220662dd9a54582aa6ab3f6d9fcaf0341710d0b01aa051fc09258ff9e6e
GET /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds3%26aff_id%3D2%26aff_sub%3D2%26source%3D2%26aff_sub2%3Dbanner%252Frd.html%253Fgo%253Dhttps%253A%252F%252Fhowric.com%252Fclient%253Fcamp%253Ds35%26click_id%3D32_2_9949_6ed11a12a87ce6555e4b58241a7949bd HTTP/1.1
Host: tr.watchcpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; 9949=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd; op_9949=0; user_id=3db3f82a-673c-4e90-8606-0896134485ae_3945b40bb671e025787851274a550695
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 22:28:44 GMT
Content-Type: text/html
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip
tr.watchcpm.com/favicon.ico
172.255.248.119 106 B URL tr.watchcpm.com/favicon.ico
IP 172.255.248.119:0
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint3A:70:3F:8B:A0:FA:06:0C:02:90:23:AC:D3:4E:E8:F0:16:00:6F:27
ValidityWed, 31 Jan 2024 09:28:37 GMT - Tue, 30 Apr 2024 09:28:36 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: tr.watchcpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tr.watchcpm.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds3%26aff_id%3D2%26aff_sub%3D2%26source%3D2%26aff_sub2%3Dbanner%252Frd.html%253Fgo%253Dhttps%253A%252F%252Fhowric.com%252Fclient%253Fcamp%253Ds35%26click_id%3D32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
Cookie: language=en; 9949=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd; op_9949=0; user_id=3db3f82a-673c-4e90-8606-0896134485ae_3945b40bb671e025787851274a550695
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 17 Apr 2024 22:28:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
oacenom.com/ckset
172.67.176.78 117 B IP 172.67.176.78:0
Hash 5a489b84582189daab05400f9de7cbc4
7ab452e7a48916b060665038db30cad3911da9b1
0a36e188d22db3ca4a223e70a3c4a3b74c75e36b50c33c08a5a03f6b52c31720
POST /ckset HTTP/1.1
Host: oacenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 201 Created
date: Wed, 17 Apr 2024 22:28:45 GMT
content-type: application/json; charset=utf-8
content-length: 117
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: mastidencook=759bd952-6663-4266-98c4-aa9a4bd238e2_eb9626a60b4bf2fb932bef9f2a1ad1b4; Domain=oacenom.com; Path=/; Expires=Mon, 16 Apr 2029 22:28:45 GMT; Secure; SameSite=None
etag: W/"75-erRS56SJFrBgZlA42zDK05EdqbE"
access-control-allow-origin: https://queitho.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xyjYVb%2F0c3c22UF%2BcVLxMfyfCvpUCdLzTA8wH6c08T4WU7V0AsSbLuW6vWYVqSHKujhAS7aaD8Kn8T6F7TBiYPcsnJNwIwAC%2BKh%2BhfPKRck%2FYRnDn5z5BZ%2FtPFmkpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875fd9975facb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
queitho.com/visit?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=s3&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
172.67.169.237 903 B URL queitho.com/visit?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=s3&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
IP 172.67.169.237:0
Hash d06c508694516a0b77973d525144b0c7
4a51a78335dc79e356caf9006bc8f70818df08c6
ea806af8e425b550740b9387b84c5bac826669139cc0462573ab2a60ed530aca
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /visit?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=s3&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 439
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 201 Created
date: Wed, 17 Apr 2024 22:28:45 GMT
content-type: application/json; charset=utf-8
content-length: 903
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 17 May 2024 22:28:45 GMT
userId=ad6a22ec-8857-49f9-b303-b4eb08c94bc8_fd27c530df3532e1e50f3fe744edcd31; Domain=queitho.com; Path=/; Expires=Mon, 16 Apr 2029 22:28:45 GMT; Secure; SameSite=None
cache-control: no-store, no-store, no-cache
etag: W/"387-SlGngzXceeNWyvkAa8j3CBjfCMY"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X2I7RH8nNvt%2Fghk2KLMswVNMQwRcXUyc4LlS6pr7OYv1BKYRmGe0v9Sv9k4u%2Fm1J3HYgq33grtbM0LPVvlj5jS3f1gZYxX9NeQJRvKcfDeQ3prRIS6SmzcgDm17CxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875fd997ebb356a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
queitho.com/fl?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=&sid=s3&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<=
172.67.169.237 1.5 kB URL queitho.com/fl?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=&sid=s3&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<=
IP 172.67.169.237:0
Hash b7627bcd637d6d3b2b8d18b66039a881
f7801e0b488eecc1b7d8779fac487fb25e5550cc
e26bf471635fbd8dc0af72129b5c77f96b1f58649a394c68cc9ffa14226b7973
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fl?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=&sid=s3&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 446
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=ad6a22ec-8857-49f9-b303-b4eb08c94bc8_fd27c530df3532e1e50f3fe744edcd31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Wed, 17 Apr 2024 22:28:45 GMT
content-type: application/json; charset=utf-8
content-length: 1454
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 17 May 2024 22:28:45 GMT
cache-control: no-store, no-store, no-cache
etag: W/"5ae-94AeC0iO7MG32HefrEh/sl5VUMw"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hU5tL7jAJAuSzJCxqzEtQGe1oUQ0XX6hRAIJ3%2FAXaO37atR2moaQKfhmRb1bE%2FftVhDGP0pM53Hdy07osQq7AlYLOVURSo8uCXija%2FQjjYtyS9EMYCS24sbwj%2BAMTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875fd998391e56aa-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/ofp?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=0&sid=s3&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<=0
172.67.169.237 223 B URL queitho.com/ofp?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=0&sid=s3&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<=0
IP 172.67.169.237:0
Hash d9be17f363d0cd6aec3cb25e22ff0a6d
3885ac155262ce4d45489e61df732da4739d7652
8beef0229eb607cadff54b2387bd9779a74a7f892f4798be0b287d93d3ef57c5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /ofp?aff_id=2&aff_sub=2&aff_sub2=banner%2Frd.html%3Fgo%3Dhttps%3A%2F%2Fhowric.com%2Fclient%3Fcamp%3Ds35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd&source=2&ttype=direct&camp=f109&sl_cid=214ab2eb-76e2-44df-bf43-a694698d505c_dc4deaa511ee4f1a492c1b31d7b32a8d&p_camp=&bstep=0&sid=s3&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Ftr.watchcpm.com%2F<=0 HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 453
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=ad6a22ec-8857-49f9-b303-b4eb08c94bc8_fd27c530df3532e1e50f3fe744edcd31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Wed, 17 Apr 2024 22:28:45 GMT
content-type: application/json; charset=utf-8
content-length: 223
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 17 May 2024 22:28:45 GMT
cache-control: no-store, no-store, no-cache
etag: W/"df-OIWsFVJizk1FSJ5h33MtpHOddlI"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xIKmXyF0%2BbAKl6BKiC1bY0CppwLn1x%2BwsrKwWCofZXhtWaTpRiMMXshA%2BYhpTm0P8YINJPs87QVfVG2cfyu1ga9kQjFsSOHoWhZtlvLSyEghSh%2BrP70qzUB6u3rD5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875fd99949d656aa-OSL
alt-svc: h3=":443"; ma=86400
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash f9a9063ca94bbff94bf1f864f29cdaf2
3f4538f138bde5afa81872250fa25f1d7350cf4f
c645857057a8e98903705ebe4fab2e255d04fb85e3c441e7d713676e3df66785
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 22:28:45 GMT
Last-Modified: Wed, 17 Apr 2024 21:38:38 GMT
Server: ECAcc (ska/F7A3)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ak2wjOD2kO9v3UlsXzFqUV3UuKekehcH5eoefbnl0nK-ju4kd_8__Q==
Age: 3007
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash f9a9063ca94bbff94bf1f864f29cdaf2
3f4538f138bde5afa81872250fa25f1d7350cf4f
c645857057a8e98903705ebe4fab2e255d04fb85e3c441e7d713676e3df66785
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 22:28:46 GMT
Last-Modified: Wed, 17 Apr 2024 21:11:39 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1ew5LruUTfE2915qPOVqwiFXLtzJj11Cy9KkZR2UbiMsIhhNhFfVKA==
Age: 4627
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash 7d66ba6f5034a45c27e7a17667b65687
9469f1d355a4e3782a16eedf17976bbb6fe79a4e
6f817c56d1d8c3c62941947ae1d80245c673aaaee9b6864a3e0db935c72ad179
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 22:28:46 GMT
Last-Modified: Wed, 17 Apr 2024 21:38:49 GMT
Server: ECAcc (amb/6AD5)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lvv5QC0Vzm9aDj1hdIh8jMuDI9pWV4XUR5Ql29CymSmQgIZ90OOn2A==
Age: 2997
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash 7d66ba6f5034a45c27e7a17667b65687
9469f1d355a4e3782a16eedf17976bbb6fe79a4e
6f817c56d1d8c3c62941947ae1d80245c673aaaee9b6864a3e0db935c72ad179
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 22:28:46 GMT
Last-Modified: Wed, 17 Apr 2024 21:38:49 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4iJLIdpennuH8APGDb_GusiQPLF1rdqkQApuFvPruUjvuF-kNMmhkA==
Age: 2997
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash f9a9063ca94bbff94bf1f864f29cdaf2
3f4538f138bde5afa81872250fa25f1d7350cf4f
c645857057a8e98903705ebe4fab2e255d04fb85e3c441e7d713676e3df66785
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 22:28:46 GMT
Last-Modified: Wed, 17 Apr 2024 21:58:27 GMT
Server: ECAcc (ska/F7A5)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HMdCLsrt06iBqqINWIOKbSBgUWuFPrGgJ70p-VdudSktfHjlfA4QNg==
Age: 1819
cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
88.221.27.128200 OK 589 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type assembler source, ASCII text
Hash fb984c4fc6f9603c755e271685dcf17b
c51ce8be5fc93f8079f1c58edb9bd9f71ed3b564
abc470a646b5352f0a0372edf3f2ce2c62d64148682ff73c98799daabded1e96
GET /landings/285828/1704989181/css/popup.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: u276NTe/sCmuRfsuN/gguGn/xUgiZrd6zRB5UzFWDK1gtA3bfmrp0vykPOBlaIIVY+b35E63jK4=
x-amz-request-id: 885XRHEERTKHHPHZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "fb984c4fc6f9603c755e271685dcf17b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 589
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
88.221.27.128200 OK 667 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 5eaf241d81e3c64a39eba770ed834bb3
743084a68436d58ad9c602dcf22947aa713867c7
7d4adb96762d6e54b20618631f9d8a215d89af5d4e411227a71a2ec907a5c17d
GET /landings/285828/1704989181/css/timer.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 8d9zT0Y20/x2bJ85vxMFXD0i5U5r0jnZ3hUVlHyGqAlo1WkbkU4kchbsIiqbcIHekOQAEel0RiE=
x-amz-request-id: 65F072RHVWM0XBXT
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "5eaf241d81e3c64a39eba770ed834bb3"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 667
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
88.221.27.128200 OK 1.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash ab7655b7e0870e539ab60ed308b94176
6d2528a94402def11fcfab529ad51b98e8b6ec88
2e9c81b9fd7c0be920940728b172ecaf0e0652e147f345caa8ef36bf6ade8180
GET /landings/285828/1704989181/css/reviews.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 1EEptWOROEaGG5mO7Xd0pCVIx0s3pAnYMWBLbB7/UpyGfdG/4Rz96gqvh6vGsJNrUp+zJCVicEc=
x-amz-request-id: EYADXEX0N0MD5DZD
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "ab7655b7e0870e539ab60ed308b94176"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 1029
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
88.221.27.128200 OK 2.7 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash e6d646e8547e3961d2ebf527b18bbf13
7302490aa895cb313625cad1ca902f270d35246e
4e8f270058992bd6af75e4242d0bd3778478f48fbe0a9d8d7ea3d0fcd9490e5f
GET /landings/285828/1704989181/css/style.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: HlwgEM/5Q7GXORFqe7NoSkHzr19kCE+OXRKT2CqjyaTKp1X1m+UcavUTqajAG9Xv2YWusANHcrM=
x-amz-request-id: H8K29JFTWDMZ5G9D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "e6d646e8547e3961d2ebf527b18bbf13"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 2702
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
88.221.27.128200 OK 906 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash a5e8bb74efe1c2b6fa13d0ef8d71c926
80855d0f0976667f260d513f90168e0e08736553
d1c19e3721d62556d0f5f65b160121ade1b0b07eaeb8e85d644a5ecb024fdebe
GET /landings/285828/1704989181/js/timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Baf2d3adVaccgohxkfRC6UKIZZzvv+3bojfGkg5NC7hBdxJjOj1WkkoHWKUPXG6hCEykS0yT2V8=
x-amz-request-id: 885MEJ5JV929J54V
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "a5e8bb74efe1c2b6fa13d0ef8d71c926"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 906
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
88.221.27.128200 OK 7.8 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (24228)
Hash 23d73c6bd6cbea8f06d0cc227896a827
3815cf11e1020ac70cc86789ba2adaf07d3db434
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
GET /landings/285828/1704989181/js/jquery.validate.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Cv8uQDGPImAYdjl6m7FUP8SRbDj4iJIEVb3GzfilYZNFFDZ6HwDiMCzuEL/tvbdOB+fabfHwNcQ=
x-amz-request-id: 7SHXX1AJ0VAYD78D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "23d73c6bd6cbea8f06d0cc227896a827"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 7815
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
88.221.27.128200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 768bd7d069903883d0d73244b9757368
11da78f1d8f9ff98741b963cdbeacfd8d026f325
f4bed9686a64594af1beaff7bc8242212ae19f6d3eaa5ef083e939037d5a2c53
GET /landings/285828/1704989181/js/translates.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: bPA8k4trwjt5amV0QNuR0WbJW1QCfN+heiDfaw/g0+fX9dfwdmPSIupFfkOuziROpNrNY5nNd5Y=
x-amz-request-id: 885Y5RXRYM1PB8GB
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "768bd7d069903883d0d73244b9757368"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 30207
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
88.221.27.128200 OK 14 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 9061bd0c6ff627d3a43a9e6c125350a7
ddd7b182a17fed4e7f13250599fe9fe3eb63b907
2898923c357cf44fb75bfeb3236d1e237d16bc112466176f0be582d156ee9b04
GET /landings/285828/1704989181/js/translates-review.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: G3Int/dytdYQZrhomaYn42X7EB5m8daORezFcc/NLQ6eWWsvZSWnTkfl+ijEzGyjAKKj5MDrWAs=
x-amz-request-id: 65F9RYW11AZNSRFP
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "9061bd0c6ff627d3a43a9e6c125350a7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 14059
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
88.221.27.128200 OK 1.3 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 5f373fa5bf21c44b9ad23b70ef96e73d
068ef5b63ab18924a286f2c0c3ec46545e08c678
7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77
GET /landings/285828/1704989181/js/title_tanslate.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: XPMu2/CkNG7d3Qsp9XjAlNjL0eO6DHbZnZh4rF3cZuYbUngu9TsYTtkh4Jgc+tfTh9eVK36AmaU=
x-amz-request-id: 65F0JYBF9RH7ZMBR
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
88.221.27.128200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e87a84612ebce6b2a84f41ef7f6d40b0
fa22c93e2d9672f9d3d7e52304ffbb9425d49186
6ab40ce148d5bd7e60bcfb447765c7f54394e318da80970c8b636d2d5fe122ec
GET /landings/285828/1704989181/js/translate-popup-timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 5hURoXwOUGkodHE2eXF0Tfyy3X8CfLEKebtiywBG7SurRU2jEhMpJsPm6iMwxPbLjqefYVJ8BIg=
x-amz-request-id: RG88AE00W4CH5MJZ
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "e87a84612ebce6b2a84f41ef7f6d40b0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 1080
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
88.221.27.128200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 81QT8/lisLnyMpy8vDJulPX3cH0n4dHjZBFqVkU/epYjVr0ulzgaUgxa41uS5oUN/tWUULXWPEY=
x-amz-request-id: H8K8W066H9DDJ48M
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 17 Apr 2024 22:28:46 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
88.221.27.128200 OK 7.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 0025657d9d2274a15aed06a9eadd2ab2
2838a36bfaa63abfe8b9f4bca8f8fe1a7ab7405d
d7b396cbae8aa719a1a277fa8fcf7df40f61b50e59b5937fcb347c679c6e990c
GET /landings/285828/1704989181/images/logo_inst3.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Dc7tguhl8hM0hrHWTDT3C3NM7v6zMToJXgpY2d2h3gO1O3ancEcERx3eMSzuhYJaSrIrOxiPgm0=
x-amz-request-id: 885RXD2VH4GTQRFF
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "0025657d9d2274a15aed06a9eadd2ab2"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 7042
Date: Wed, 17 Apr 2024 22:28:46 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
88.221.27.128200 OK 502 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 23 x 32, 8-bit/color RGBA, non-interlaced
Hash 87487ad255dde0624f59abb85602defc
caafad17df41875bed690353ead6cc495a9bf8c2
f7a4b3fb74b9e06f243f23ede51a801a0aa3fa2c0040bc44a49a97444780923d
GET /landings/285828/1704989181/images/blocked-icon.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: iMo1vpVXCjZds9lfI8NQxx6FutfDdywZvJ0tVdbdZa13rGyQjllSeKziqc6cFZTz3Rk2G3K2Skw=
x-amz-request-id: 2G921JM493W4HW51
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "87487ad255dde0624f59abb85602defc"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 502
Date: Wed, 17 Apr 2024 22:28:46 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
88.221.27.128200 OK 55 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3
Hash daf4cb58fb756b1ed20036941b7a6b72
f59a45cb83366de64071b3a35dfcb54aabbdcd9a
42b2fe5d347c3c56725d0addd7129d13ce335df871730534ecee42d2df3a637b
GET /landings/285828/1704989181/images/110010_4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: bRnM8WWdOeHOVi9n07RLxDr8LCof3X75XscEhAWbTDf6fuZai4PkZZCu2lUbqUyvxa+NOYpR1Qo=
x-amz-request-id: 2G97SGYPS1QRKVWC
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "daf4cb58fb756b1ed20036941b7a6b72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 55243
Date: Wed, 17 Apr 2024 22:28:46 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
88.221.27.128200 OK 4.5 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 336 x 336, 8-bit/color RGB, non-interlaced
Hash 372e58a66b7d92e1dd903f32fb308d1e
40be5d7067b822dfed07e173acd11cfceaa9e329
82408edfa51c2d831b86658b6637a6950986c342195aa08fd1467ea1d71b9793
GET /landings/285828/1704989181/images/49.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: TvfZYk+pm5Zz325xPfObg2es/GmEVzAIzRuIVmx3nKuAv/O9ZvwCM3nOFYhcb4ziipfsmhOCb0k=
x-amz-request-id: PT5XEDG2GF4ENSAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "372e58a66b7d92e1dd903f32fb308d1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4510
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
142.250.74.106200 OK 1.8 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
IP 142.250.74.106:443
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File type gzip compressed data, max compression
Hash f7102d0f4b8e39da109aafdd47a732ec
d660d41dc4d9b9d1fd17df3cd5f2437808be3ee9
e3c9702464023bed05003d7f90f90002241a5a5f0d7bfa37788a7a1732c3827b
GET /css2?family=Inter:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 22:28:47 GMT
date: Wed, 17 Apr 2024 22:28:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
88.221.27.128200 OK 914 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 2457f6954df5056e25151bcdd05a2718
41ab46311796f9ade12cae960687a422ee8ff0a0
c1a26e7a024fd0e566423b10e91c63854979ce89f3fe2625043dc52dfe20891b
GET /landings/285828/1704989181/images/icon-like.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZUbXCJxGwKXqwMDezh47FNzo2IdI9tQ3EVMUeb7WOoM9SR3kJWllIXaTlo8GNQ1JVuBYXsHbwGA=
x-amz-request-id: PT5J41Y0V1HKXFRB
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "2457f6954df5056e25151bcdd05a2718"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 914
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
88.221.27.128200 OK 889 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 02866968d59a649b76df83c300d2d8f6
8293027c754094ab05cb7d6daa7f7cdb1be5c98e
ce26e303b33d69ca20eb3079b4c37ed364eacb8c633260c56315d6db74414b74
GET /landings/285828/1704989181/images/icon-home.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: J2j15DxUM5rlXT7Nxc3X0Y34YFEmdyaOsazkHX/ikypVKg62NIs40smGzAENdDYJk1inK7Vfddg=
x-amz-request-id: PT5GE7X8D0WQFEVR
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "02866968d59a649b76df83c300d2d8f6"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 889
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
88.221.27.128200 OK 1.2 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash aa6ea58a389a3ebe541d5f9d622dedd7
9fb684b6f6cd982396bd8c8e745997c3a01dd6be
4aa4713ccd74ad24299b1558cb49061c90076e841b3b1177fb3b056a8448b4c5
GET /landings/285828/1704989181/images/icon-search.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: UyvJp7abyCAVvUgTycbpxCVIXES+S3axBggc4H0kwj27FfBXK5ArdQSP6POWmZqRGuROx+s1rj0=
x-amz-request-id: 1C1Y5RY1G3A4G39G
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "aa6ea58a389a3ebe541d5f9d622dedd7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1189
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
88.221.27.128200 OK 844 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 00aa56c530f0df6ddbb8805f25376920
2331bb67d5538e5fb2c010ef41541ce8dc8acfc1
ed65348e7b16bbe9b436282214590814692d0fb779fc2155c82ca0d94fe5a94e
GET /landings/285828/1704989181/images/icon-user.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZVWyB5ozfQueRX3ARgZwgS6byU5YmYd5sDJaULfMKtPGzGVQTFNuThivp4ySbhpjF6j48BLDZ6I=
x-amz-request-id: PT5RVY9G7TN79JAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "00aa56c530f0df6ddbb8805f25376920"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 844
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
88.221.27.128206 Partial Content 692 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size 692 kB (691794 bytes)
Hash 254c97fbac9f92203f7871bea8ef1eb7
b5d254d711ff98206ee3b103de601415eadc883a
104dc2eb9fffa01bdbcff72b2ee0544ed1e09dfb03ff11cee8012366f9dfaae8
GET /landings/285828/1704989181/images/4.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: 4AhltQXYj8gQQLSEHCUY9AGuSxwbPlvGmuC+ICWk/rhF5LL2NhqpA99ZkCkkgnF8m/7qVthktdo=
x-amz-request-id: PT5YP3NSC0YYKG8S
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "254c97fbac9f92203f7871bea8ef1eb7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Wed, 17 Apr 2024 22:28:47 GMT
Content-Range: bytes 0-691793/691794
Content-Length: 691794
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
142.250.74.67200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 142.250.74.67:443
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:14:19 GMT
expires: Wed, 16 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 141268
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
142.250.74.67200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 142.250.74.67:443
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:14:19 GMT
expires: Wed, 16 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 141268
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240417222846
88.221.27.128200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240417222846
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240417222846 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240417222846
88.221.27.128200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240417222846
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240417222846 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&iexpp=1&j1=1&j9=1&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&ban=other
52.19.138.177 136 B URL rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&iexpp=1&j1=1&j9=1&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&ban=other
IP 52.19.138.177:0
File type HTML document, ASCII text
Hash e96ebfb2ab20775c7cc4aa45277e9999
7963a7007d22be916faae7383dbf2a221df7333d
5573c546fd66a49a80bc9f4a2703f0d174ca9e261bb46181b3b9a5aea27b3682
GET /?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&iexpp=1&j1=1&j9=1&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&ban=other HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 17 Apr 2024 22:29:08 GMT
content-type: text/html; charset=utf-8
content-length: 136
location: https://cy.trck-capt-prv2.com/click?o=4691&a=198&sub_id1=xmfne66204d340001585d&sub_id3=134504_2005070
set-cookie: unique_id=66204487000bde27; Path=/; Expires=Sun, 16 Jun 2024 22:29:08 GMT; Secure; SameSite=None
unique_id2=66204487000d4c10; Path=/; Expires=Tue, 16 Jul 2024 22:29:08 GMT; Secure; SameSite=None
66204487000d4c10_c=1; Path=/; Expires=Tue, 16 Jul 2024 22:29:08 GMT; Secure; SameSite=None
ref_token=134504; Path=/; Expires=Fri, 17 May 2024 22:29:08 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 17 Apr 2024 22:29:08 GMT; Secure; SameSite=None
tid=xmfne66204d340001585d; Path=/; Expires=Thu, 22 Mar 2029 22:29:08 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
luvwhisper.com/lp-external/index.js
54.230.111.78200 OK 2.2 kB URL GET HTTP/2 luvwhisper.com/lp-external/index.js
IP 54.230.111.78:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2304), with no line terminators
Hash 6581cb890b9497166c13fa1122c88947
4632208a24f59f3b44a68ca77b130f4b6a661ded
19f631eaad330a3adac93c919803b30bc262991bb7db396bc9a4fbbae6cd5d3b
GET /lp-external/index.js HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 17 Apr 2024 22:28:46 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"8b7-18ee1184d10"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: p1EWs27mws_nS9eiqfI9fXpRzStKubsdIWVRx7IINPaZFym_SIrESQ==
X-Firefox-Spdy: h2
empirelayer.club/favicon.ico
0.0.0.0 0 B URL GET empirelayer.club/favicon.ico
IP 0.0.0.0:0
Requested by https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1101&subid2=Ml9kaXQxMTAx&clickid=214ab2eb-76e2-44df-bf43-a694698d505c
54.230.111.47302 Found 1.2 kB URL User Request GET HTTP/2 luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1101&subid2=Ml9kaXQxMTAx&clickid=214ab2eb-76e2-44df-bf43-a694698d505c
IP 54.230.111.47:443
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1101&subid2=Ml9kaXQxMTAx&clickid=214ab2eb-76e2-44df-bf43-a694698d505c HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
date: Wed, 17 Apr 2024 22:28:46 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=d01dc0f50d91743d43c3512f557c7bbf7286add0; Max-Age=31536000; Domain=.luvwhisper.com; Path=/; Expires=Thu, 17 Apr 2025 22:28:46 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Mon, 22 Apr 2024 22:28:46 GMT
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sjJiAuMsHS9RCfrOqkYqwh_y7RklQdO3pgwedXtf0svCynmNuGFh0w==
X-Firefox-Spdy: h2
empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F7dd882c388754e314ed7801e42873042%3F__t%3D1713392926108%26__l%3D3600%26__c%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fclick_id%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26s2%3D2005070%26j1%3D1%26s3%3Dsml_e1f18e7f%26s5%3Ddit1101%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26utm_source%3De2905f55ec3a568b%26j9%3D1%26ban%3Dother%26s1%3D134504&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1101%26data2%3D214ab2eb-76e2-44df-bf43-a694698d505c%26s1%3Dps%26s3%3DMl9kaXQxMTAx%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26tds_ac_id%3Ds5428sto%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3Dd01dc0f50d91743d43c3512f557c7bbf7286add0%26tds_ps%3Da&tdsCid=6fbb9e6059b1aefca68f9701962073b4e439bf80&reason=beacon&visitsCount=1&ts=1713392926545
143.204.55.113200 OK 0 B URL POST HTTP/3 empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F7dd882c388754e314ed7801e42873042%3F__t%3D1713392926108%26__l%3D3600%26__c%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fclick_id%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26s2%3D2005070%26j1%3D1%26s3%3Dsml_e1f18e7f%26s5%3Ddit1101%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26utm_source%3De2905f55ec3a568b%26j9%3D1%26ban%3Dother%26s1%3D134504&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1101%26data2%3D214ab2eb-76e2-44df-bf43-a694698d505c%26s1%3Dps%26s3%3DMl9kaXQxMTAx%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26tds_ac_id%3Ds5428sto%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3Dd01dc0f50d91743d43c3512f557c7bbf7286add0%26tds_ps%3Da&tdsCid=6fbb9e6059b1aefca68f9701962073b4e439bf80&reason=beacon&visitsCount=1&ts=1713392926545
IP 143.204.55.113:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F7dd882c388754e314ed7801e42873042%3F__t%3D1713392926108%26__l%3D3600%26__c%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fclick_id%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26s2%3D2005070%26j1%3D1%26s3%3Dsml_e1f18e7f%26s5%3Ddit1101%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26utm_source%3De2905f55ec3a568b%26j9%3D1%26ban%3Dother%26s1%3D134504&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1101%26data2%3D214ab2eb-76e2-44df-bf43-a694698d505c%26s1%3Dps%26s3%3DMl9kaXQxMTAx%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3D6fbb9e6059b1aefca68f9701962073b4e439bf80%26tds_ac_id%3Ds5428sto%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3Dd01dc0f50d91743d43c3512f557c7bbf7286add0%26tds_ps%3Da&tdsCid=6fbb9e6059b1aefca68f9701962073b4e439bf80&reason=beacon&visitsCount=1&ts=1713392926545 HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://empirelayer.club
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Wed, 17 Apr 2024 22:28:46 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-id: vVLiq1olptb64sHZSpi_di-H79X00q9NVPf0uNQBE85YN_bIbMJ-Xg==
rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
52.19.138.177200 OK 36 kB URL User Request GET HTTP/2 rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
IP 52.19.138.177:443
Certificate IssuerLet's Encrypt
Subject*.awaitingdream.net
Fingerprint80:13:71:FD:9C:9C:0B:BF:1A:E0:B5:EA:6C:C4:ED:77:5A:CA:B4:02
ValidityTue, 19 Mar 2024 09:01:07 GMT - Mon, 17 Jun 2024 09:01:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504 HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 22:28:46 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=66204487000bde27; Path=/; Expires=Sun, 16 Jun 2024 22:28:46 GMT; Secure; SameSite=None
unique_id2=66204487000d4c10; Path=/; Expires=Tue, 16 Jul 2024 22:28:46 GMT; Secure; SameSite=None
66204487000d4c10_c=1; Path=/; Expires=Tue, 16 Jul 2024 22:28:46 GMT; Secure; SameSite=None
ref_token=134504; Path=/; Expires=Fri, 17 May 2024 22:28:46 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 17 Apr 2024 22:28:46 GMT; Secure; SameSite=None
66204487000d4c10_sl=[285828]; Path=/; Expires=Wed, 01 May 2024 22:28:46 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
queitho.com/client?camp=s3&aff_id=2&aff_sub=2&source=2&aff_sub2=banner/rd.html?go=https://howric.com/client?camp=s35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
172.67.169.237200 OK 6.2 kB URL User Request GET HTTP/2 queitho.com/client?camp=s3&aff_id=2&aff_sub=2&source=2&aff_sub2=banner/rd.html?go=https://howric.com/client?camp=s35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd
IP 172.67.169.237:443
Certificate IssuerLet's Encrypt
Subjectqueitho.com
FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9
ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File type JavaScript source, ASCII text, with very long lines (6215), with no line terminators
Hash aefeeadb2dd0f00df165552b6be43225
ea79d562ee4a73b7c9286b0da88c3813572747eb
c583d6d994359b08ca45c3eced3c2b83f2d5e859be403c4e7719fbd441cbe84b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /client?camp=s3&aff_id=2&aff_sub=2&source=2&aff_sub2=banner/rd.html?go=https://howric.com/client?camp=s35&click_id=32_2_9949_6ed11a12a87ce6555e4b58241a7949bd HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tr.watchcpm.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 22:28:45 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8c56lvVz%2BbQe%2BjFaSSE3EKIeerctIviKJ9oYKNfDyFsmIEt9AHmhX1343qvZbG9RVz6tox0xnMd3dy0ET5yc8DUTnuWPwTiX6x%2B6LRpYO1UbwrVnJSMcbaB8FRDcjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875fd995ca1b56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
143.204.55.113200 OK 1.2 kB URL User Request GET HTTP/2 empirelayer.club/tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u=
IP 143.204.55.113:443
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1185), with no line terminators
Hash a6f649a78aea4df493597b055e37fb5d
fcd90a6d1fc463d9b9fa40454ee02ee01eb15db9
f73a6e6a110ab9795b711f39260752779d8645785ad35d31015d239f8c585901
GET /tds/interlayer/eb/s/7dd882c388754e314ed7801e42873042?__t=1713392926108&__l=3600&__c=6fbb9e6059b1aefca68f9701962073b4e439bf80&__u= HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Wed, 17 Apr 2024 22:28:46 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: E2fNAC2Gk-C-HClDyPn95WM6rHKsB30__8mMG-xlLTpBpFwrX7P6kA==
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
88.221.27.128200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?click_id=6fbb9e6059b1aefca68f9701962073b4e439bf80&s2=2005070&j1=1&s3=sml_e1f18e7f&s5=dit1101&tds_cid=6fbb9e6059b1aefca68f9701962073b4e439bf80&utm_source=e2905f55ec3a568b&j9=1&ban=other&s1=134504
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash e34ed088b1578c210cfb90721b0fbd57
0ccb74de9b576f9c06821613e06fbb6ea5fc57a6
7cfec0a7e0f363d5942e142f1355a63ee705417db7328b9a0e142fcd026d48d7
GET /landings/285828/1704989181/images/icon-plus.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: R8ISDoAk6yapIVUfIwscUBW6bTK3JKja3s/XdLdKBIi9H30IQ7+z5JdfhoffN+oMj7P/7M3mCSE=
x-amz-request-id: PT5P4086S3D4K9Q5
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "f89e15ef5cf4b32ca987f73bd4a2ef9d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1117
Date: Wed, 17 Apr 2024 22:28:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"