go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j14eir0&source=1220_1128
172.255.248.119302 Found 312 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j14eir0&source=1220_1128
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (312), with no line terminators
Hash c1687c3a7cc3163b93194b8202876efb
fd29fc7e7df9c2822c5c727788ddeb9c4614c77f
8b78174855803901aa7904b508ac1af8484e9402dba1223884cb6f2d885a68a9
GET /aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j14eir0&source=1220_1128 HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 23:57:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 312
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT
flow_id=NYwoYh; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 03 May 2024 23:58:12 GMT
Location: aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6
Vary: Accept
Cache-Control: no-store, no-cache
go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6
172.255.248.119302 Found 380 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (380), with no line terminators
Hash 645736f3d8038d4a4cbb429f954c47fa
882c474550aa6cad7f6f7a1cf609854f7633630c
46961150bfef93219a4e3ea6bed7b143ab08449cc051ff9d8d5e42afd9ca5bce
GET /aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6 HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 23:57:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 380
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: https://go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c
Vary: Accept
Cache-Control: no-store, no-cache
go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c
172.255.248.119200 OK 658 B URL User Request GET HTTP/1.1 go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type JavaScript source, ASCII text, with very long lines (307)
Hash 88e4d336b32867debcd444ae1f961116
fce51fda50cf961e2225e367cd3f6e66a22e040f
76a9ba5596a07cb1b49d3b8f2551e6daf97a8fd182f76653211d7a6138fb24d6
GET /cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 May 2024 23:57:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT
ETag: W/"5e3-/OUf2lDPlh4iJeNnzT9uZqIuBA8"
Cache-Control: no-store, no-store, no-cache
Content-Encoding: gzip
go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c
172.255.248.119302 Found 428 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (428), with no line terminators
Hash 46809cf5292e9001e5c1ef96d98bd6ba
6af3afbcc156959b01fa59034a01720592445909
137d8132cfb9c7c5af927f7d567a5bb42bea17756ad13ad979427da85b3d94da
GET /aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j14eir0&last=6&bofc=aff_c HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 May 2024 23:57:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 428
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
10000=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT; Secure; SameSite=None
op_10000=0; Domain=go.gkrtmc.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:12 GMT
user_id=c5a93482-0fdc-45b5-b161-81c65068a726_d19300889657cdf6a3cbd5c6b49ad0b5; Domain=go.gkrtmc.com; Path=/; Expires=Wed, 02 May 2029 23:57:12 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
Vary: Accept
Cache-Control: no-store, no-cache
104.21.0.211302 Found 255 B URL User Request GET HTTP/2 IP 104.21.0.211:443
Certificate IssuerGoogle Trust Services LLC
Subjectgamechance.click
FingerprintCA:41:FC:45:67:F5:1E:4D:9C:9A:DE:90:1E:78:74:DF:15:CE:B4:6A
ValiditySun, 21 Apr 2024 08:34:41 GMT - Sat, 20 Jul 2024 08:34:40 GMT
File type gzip compressed data, from Unix
Hash 997bfcab4e7a51023ff8da026ed4374a
35d15ad133e52c1b9dea0b3696a8719521387a9e
070d804ff334e0de872b9ac4c28c1bc578a043771099d2e9556782974ed560a3
GET / HTTP/1.1
Host: gamechance.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Fri, 03 May 2024 23:57:11 GMT
content-type: text/html; charset=UTF-8
location: https://go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j14eir0&source=1220_1128
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=376l60j14eir0; expires=Mon, 03 Jun 2024 23:57:11 GMT; path=/
ae0fa=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI0MzUwXCI6MTcxNDc4MDYzMSxcIjI1MzEwXCI6MTcxNDc4MDYzMX0sXCJjYW1wYWlnbnNcIjp7XCIxMTI4XCI6MTcxNDc4MDYzMSxcIjEyMjBcIjoxNzE0NzgwNjMxfSxcInRpbWVcIjoxNzE0NzgwNjMxfSJ9.cTqPsYkzoxghNeuhhCxd7XsH6AG9FoOOQptFaVAJXgw; expires=Mon, 05 Sep 2078 23:54:22 GMT; path=/
_token=uuid_376l60j14eir0_376l60j14eir0663579d7d7d7a0.44248840; expires=Mon, 03 Jun 2024 23:57:11 GMT; path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sr%2BANVjhX%2BiGZOsRFFOsyD4LI5WrCj5ARumCu3V7iwMa9KIwbALQzwD7THzVAN56ZqTWD6mMyaB19n4tUujGGs0jd6SwZ%2BfESn0f08TZ35PBatgXozAaZKa9Dd7usw4YWhIl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e43124a85ab4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
go.gkrtmc.com/favicon.ico
172.255.248.119 106 B URL go.gkrtmc.com/favicon.ico
IP 172.255.248.119:0
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
Cookie: language=en; flow_id=NYwoYh; 10000=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e; op_10000=0; user_id=c5a93482-0fdc-45b5-b161-81c65068a726_d19300889657cdf6a3cbd5c6b49ad0b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 03 May 2024 23:57:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
oacenom.com/ckset
188.114.96.1 117 B IP 188.114.96.1:0
Hash d65ac1d5819ccd06f01771ba31403fdb
73f347f0cb66a50f2875ce904fa8f99af7237950
e1f37eaa48527a8af78a29498b908127f7a12d4920f1c92ed810ede5212c9048
POST /ckset HTTP/1.1
Host: oacenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 201 Created
date: Fri, 03 May 2024 23:57:13 GMT
content-type: application/json; charset=utf-8
content-length: 117
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: mastidencook=b24d342a-4577-4288-9386-af9e7cd0942b_546bbe0195c09cae70bd6e2f2784007d; Domain=oacenom.com; Path=/; Expires=Wed, 02 May 2029 23:57:13 GMT; Secure; SameSite=None
etag: W/"75-c/NH8MtmpQ8odc6QT6j5mvcjeVA"
access-control-allow-origin: https://queitho.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxuKrQupI4xjGU9Z4vfiL6AcSKj9cRISGjR%2BfYS1dCH3DRfJCaZWFkSk1XhZwoQgpb7gsrc5rImMcMX27P9%2BgaimGzL0K%2BOlEwReXP4I3XU1EdTjayKcPZTDWA0bQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4312dce53b50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
queitho.com/visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
104.21.79.101 823 B URL queitho.com/visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
IP 104.21.79.101:0
Hash 15aa4ef2110b0b833126142c0eaf8b1e
50a0e5666ffe8367c8fb9b8800cb08b83b572b58
d0974e69bdf6848212bd3f3283efecd22641f0eb81a53ccbb9865688380da43b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 409
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Fri, 03 May 2024 23:57:13 GMT
content-type: application/json; charset=utf-8
content-length: 823
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:13 GMT
userId=8e70cd77-ac97-4f76-9d69-6e97bc097e69_0bcf6fd42f931802f2cbc3f0e7d6c12f; Domain=queitho.com; Path=/; Expires=Wed, 02 May 2029 23:57:13 GMT; Secure; SameSite=None
cache-control: no-store, no-store, no-cache
etag: W/"337-UKDlZm/+g2fI+5uIAMsIuDtXK1g"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6O5eynFbVubsv9igktiDc2IGoVh7%2B85rMOkMLtqwAc2NICvWNqvj1C%2B%2BbR8Nu2ro338AmWB5G7c3FSoyQoTtCIyvKdH7ozNEUUDnOgfzYOkYa49tdXfvht28PrP1%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4312e7f7c56cb-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=
104.21.79.101 1.3 kB URL queitho.com/fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=
IP 104.21.79.101:0
Hash 9ab01d3803eaddbed35f18f8c797e0d9
8a0ce827c5ffab1386e9144fe81d4fb27eaba384
094957091959d3bd3255dd6c4bbf6a7c0d6b5e82b11b9fdb6ca0416ca6b22355
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 415
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=8e70cd77-ac97-4f76-9d69-6e97bc097e69_0bcf6fd42f931802f2cbc3f0e7d6c12f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Fri, 03 May 2024 23:57:13 GMT
content-type: application/json; charset=utf-8
content-length: 1325
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:13 GMT
cache-control: no-store, no-store, no-cache
etag: W/"52d-igzoJ8X/qxOG6RRP6B1Psn6ro4Q"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6GF9TnPWjJ2cStj7AOI265fb3Djoz866c7gosSV%2BBau7so8iaC8b3j51RnWchjgCu3y2qFG70ScBGIiByh0J1b1kJrhvQlaV9U0S8eMlBZuZx%2FjlAHeIqtuOlheKzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4312f0fc056cb-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0
104.21.79.101 231 B URL queitho.com/ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0
IP 104.21.79.101:0
Hash 33e4e81be5022325f69f78f1e98729ac
668c6ece430900e8a3193b3cc41278775594bf58
c713e6f946a79225868ffd69b6bc2efa40c82235a3970560629a6da2d1ab086e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e&source=65195&ttype=direct&camp=f14&sl_cid=557c271e-3226-4ac5-9a78-5f7a0df42bd8_ed7e6abd1bfa8ad24a0dcb7e3882cdf0&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0 HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 422
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=8e70cd77-ac97-4f76-9d69-6e97bc097e69_0bcf6fd42f931802f2cbc3f0e7d6c12f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Fri, 03 May 2024 23:57:13 GMT
content-type: application/json; charset=utf-8
content-length: 231
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Sun, 02 Jun 2024 23:57:13 GMT
cache-control: no-store, no-store, no-cache
etag: W/"e7-ZoxuzkMJAOijGTs8xBJ4d1WUv1g"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jgwVURgbBNpCb7Ctk6hiWZBYYbTjZRvbB%2Fs5GvjQnJBORGR0PkEP8GU0%2FL5B65pIWKsg7C0X%2FY%2B1IDjnQussjCBvZHWznRp5JgWb5iLfYkPGKHDmY7NyW1Pcijae%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4312fa82156cb-OSL
alt-svc: h3=":443"; ma=86400
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash 8dcacc9f89587787183a64793cfcac53
315fad1ff1641c0f60c67909bba77d96515fbf98
a5b66e45dad288c08796ebf6f97391b70c51132f8de0313eaa9540b63f17813e
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:57:14 GMT
Server: ECAcc (amb/6AD5)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2dhdwyrSng1secf5VjfSz_gV1RhAihfrrFkZgMOhrQaWZct2rTqTFw==
luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=557c271e-3226-4ac5-9a78-5f7a0df42bd8
54.230.111.47302 Found 471 B URL User Request GET HTTP/2 luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=557c271e-3226-4ac5-9a78-5f7a0df42bd8
IP 54.230.111.47:443
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash 8dcacc9f89587787183a64793cfcac53
315fad1ff1641c0f60c67909bba77d96515fbf98
a5b66e45dad288c08796ebf6f97391b70c51132f8de0313eaa9540b63f17813e
GET /tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=557c271e-3226-4ac5-9a78-5f7a0df42bd8 HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
date: Fri, 03 May 2024 23:57:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=8b245f7d215cca7496fa3a9a1df6bf553ef202a0; Max-Age=31536000; Domain=.luvwhisper.com; Path=/; Expires=Sat, 03 May 2025 23:57:14 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Wed, 08 May 2024 23:57:14 GMT
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: vcZ7ujHuRkRce3qAFnBERZ5Ak4x3oCBPfmP2PsTtcWLezko2nO6JNg==
X-Firefox-Spdy: h2
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash d78bf2dc3f9e53cf845bf4a2eea324fe
c22bcd4e23b1a394bf9430d258f66e2ee219255c
6ce90f8fb1ede1e530ba349f40036f731fa23e99abddd9e6d7b57069d943eb52
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:57:14 GMT
Last-Modified: Fri, 03 May 2024 22:39:40 GMT
Server: ECAcc (amb/6B53)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cA8MUs_Z1bj96L2k_uK7ZPYeOS0-iOstglCCofq10w7Kt1XAtCHMpA==
Age: 4654
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash d78bf2dc3f9e53cf845bf4a2eea324fe
c22bcd4e23b1a394bf9430d258f66e2ee219255c
6ce90f8fb1ede1e530ba349f40036f731fa23e99abddd9e6d7b57069d943eb52
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:57:14 GMT
Last-Modified: Fri, 03 May 2024 22:34:09 GMT
Server: ECAcc (amb/6B61)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VmHXi9WikA47Xd9idqKUOnsGHdi2G6BL0HGQsgjjaNKXtdZDI4lzaw==
Age: 4985
ocsp.r2m03.amazontrust.com/
143.204.53.97 471 B URL ocsp.r2m03.amazontrust.com/
IP 143.204.53.97:0
Hash 8dcacc9f89587787183a64793cfcac53
315fad1ff1641c0f60c67909bba77d96515fbf98
a5b66e45dad288c08796ebf6f97391b70c51132f8de0313eaa9540b63f17813e
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 May 2024 23:57:14 GMT
Last-Modified: Fri, 03 May 2024 23:10:52 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VRm219JzFNhVa24JbFlch9AdORNXjiADUpklcYcw6RNA3UYsD00K1w==
Age: 2782
cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
95.101.11.40200 OK 667 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 5eaf241d81e3c64a39eba770ed834bb3
743084a68436d58ad9c602dcf22947aa713867c7
7d4adb96762d6e54b20618631f9d8a215d89af5d4e411227a71a2ec907a5c17d
GET /landings/285828/1704989181/css/timer.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 8d9zT0Y20/x2bJ85vxMFXD0i5U5r0jnZ3hUVlHyGqAlo1WkbkU4kchbsIiqbcIHekOQAEel0RiE=
x-amz-request-id: 65F072RHVWM0XBXT
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "5eaf241d81e3c64a39eba770ed834bb3"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 667
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
95.101.11.40200 OK 1.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash ab7655b7e0870e539ab60ed308b94176
6d2528a94402def11fcfab529ad51b98e8b6ec88
2e9c81b9fd7c0be920940728b172ecaf0e0652e147f345caa8ef36bf6ade8180
GET /landings/285828/1704989181/css/reviews.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 1EEptWOROEaGG5mO7Xd0pCVIx0s3pAnYMWBLbB7/UpyGfdG/4Rz96gqvh6vGsJNrUp+zJCVicEc=
x-amz-request-id: EYADXEX0N0MD5DZD
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "ab7655b7e0870e539ab60ed308b94176"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 1029
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
95.101.11.40200 OK 589 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type assembler source, ASCII text
Hash fb984c4fc6f9603c755e271685dcf17b
c51ce8be5fc93f8079f1c58edb9bd9f71ed3b564
abc470a646b5352f0a0372edf3f2ce2c62d64148682ff73c98799daabded1e96
GET /landings/285828/1704989181/css/popup.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: u276NTe/sCmuRfsuN/gguGn/xUgiZrd6zRB5UzFWDK1gtA3bfmrp0vykPOBlaIIVY+b35E63jK4=
x-amz-request-id: 885XRHEERTKHHPHZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "fb984c4fc6f9603c755e271685dcf17b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 589
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
95.101.11.40200 OK 1.3 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 5f373fa5bf21c44b9ad23b70ef96e73d
068ef5b63ab18924a286f2c0c3ec46545e08c678
7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77
GET /landings/285828/1704989181/js/title_tanslate.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: XPMu2/CkNG7d3Qsp9XjAlNjL0eO6DHbZnZh4rF3cZuYbUngu9TsYTtkh4Jgc+tfTh9eVK36AmaU=
x-amz-request-id: 65F0JYBF9RH7ZMBR
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
95.101.11.40200 OK 2.7 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash e6d646e8547e3961d2ebf527b18bbf13
7302490aa895cb313625cad1ca902f270d35246e
4e8f270058992bd6af75e4242d0bd3778478f48fbe0a9d8d7ea3d0fcd9490e5f
GET /landings/285828/1704989181/css/style.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: HlwgEM/5Q7GXORFqe7NoSkHzr19kCE+OXRKT2CqjyaTKp1X1m+UcavUTqajAG9Xv2YWusANHcrM=
x-amz-request-id: H8K29JFTWDMZ5G9D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "e6d646e8547e3961d2ebf527b18bbf13"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 2702
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
95.101.11.40200 OK 906 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash a5e8bb74efe1c2b6fa13d0ef8d71c926
80855d0f0976667f260d513f90168e0e08736553
d1c19e3721d62556d0f5f65b160121ade1b0b07eaeb8e85d644a5ecb024fdebe
GET /landings/285828/1704989181/js/timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Baf2d3adVaccgohxkfRC6UKIZZzvv+3bojfGkg5NC7hBdxJjOj1WkkoHWKUPXG6hCEykS0yT2V8=
x-amz-request-id: 885MEJ5JV929J54V
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "a5e8bb74efe1c2b6fa13d0ef8d71c926"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 906
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
95.101.11.40200 OK 14 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 9061bd0c6ff627d3a43a9e6c125350a7
ddd7b182a17fed4e7f13250599fe9fe3eb63b907
2898923c357cf44fb75bfeb3236d1e237d16bc112466176f0be582d156ee9b04
GET /landings/285828/1704989181/js/translates-review.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: G3Int/dytdYQZrhomaYn42X7EB5m8daORezFcc/NLQ6eWWsvZSWnTkfl+ijEzGyjAKKj5MDrWAs=
x-amz-request-id: 65F9RYW11AZNSRFP
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "9061bd0c6ff627d3a43a9e6c125350a7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 14059
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
95.101.11.40200 OK 7.8 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (24228)
Hash 23d73c6bd6cbea8f06d0cc227896a827
3815cf11e1020ac70cc86789ba2adaf07d3db434
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
GET /landings/285828/1704989181/js/jquery.validate.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Cv8uQDGPImAYdjl6m7FUP8SRbDj4iJIEVb3GzfilYZNFFDZ6HwDiMCzuEL/tvbdOB+fabfHwNcQ=
x-amz-request-id: 7SHXX1AJ0VAYD78D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "23d73c6bd6cbea8f06d0cc227896a827"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 7815
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
95.101.11.40200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 768bd7d069903883d0d73244b9757368
11da78f1d8f9ff98741b963cdbeacfd8d026f325
f4bed9686a64594af1beaff7bc8242212ae19f6d3eaa5ef083e939037d5a2c53
GET /landings/285828/1704989181/js/translates.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: bPA8k4trwjt5amV0QNuR0WbJW1QCfN+heiDfaw/g0+fX9dfwdmPSIupFfkOuziROpNrNY5nNd5Y=
x-amz-request-id: 885Y5RXRYM1PB8GB
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "768bd7d069903883d0d73244b9757368"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 30207
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
95.101.11.40200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e87a84612ebce6b2a84f41ef7f6d40b0
fa22c93e2d9672f9d3d7e52304ffbb9425d49186
6ab40ce148d5bd7e60bcfb447765c7f54394e318da80970c8b636d2d5fe122ec
GET /landings/285828/1704989181/js/translate-popup-timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 5hURoXwOUGkodHE2eXF0Tfyy3X8CfLEKebtiywBG7SurRU2jEhMpJsPm6iMwxPbLjqefYVJ8BIg=
x-amz-request-id: RG88AE00W4CH5MJZ
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "e87a84612ebce6b2a84f41ef7f6d40b0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 1080
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
95.101.11.40200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 81QT8/lisLnyMpy8vDJulPX3cH0n4dHjZBFqVkU/epYjVr0ulzgaUgxa41uS5oUN/tWUULXWPEY=
x-amz-request-id: H8K8W066H9DDJ48M
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 May 2024 23:57:15 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
95.101.11.40200 OK 7.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 0025657d9d2274a15aed06a9eadd2ab2
2838a36bfaa63abfe8b9f4bca8f8fe1a7ab7405d
d7b396cbae8aa719a1a277fa8fcf7df40f61b50e59b5937fcb347c679c6e990c
GET /landings/285828/1704989181/images/logo_inst3.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: vFiNC8ufz/VmRNSLtdXtsCF+kag/0q8XcYoSZAVDiBmM69U2uffCfgiPgq/awxcgBWqZn+vrTeo=
x-amz-request-id: 2K2E44X2W5V2XG1Y
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "0025657d9d2274a15aed06a9eadd2ab2"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 7042
Date: Fri, 03 May 2024 23:57:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
95.101.11.40200 OK 502 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 23 x 32, 8-bit/color RGBA, non-interlaced
Hash 87487ad255dde0624f59abb85602defc
caafad17df41875bed690353ead6cc495a9bf8c2
f7a4b3fb74b9e06f243f23ede51a801a0aa3fa2c0040bc44a49a97444780923d
GET /landings/285828/1704989181/images/blocked-icon.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: iMo1vpVXCjZds9lfI8NQxx6FutfDdywZvJ0tVdbdZa13rGyQjllSeKziqc6cFZTz3Rk2G3K2Skw=
x-amz-request-id: 2G921JM493W4HW51
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "87487ad255dde0624f59abb85602defc"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 502
Date: Fri, 03 May 2024 23:57:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
95.101.11.40200 OK 55 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3
Hash daf4cb58fb756b1ed20036941b7a6b72
f59a45cb83366de64071b3a35dfcb54aabbdcd9a
42b2fe5d347c3c56725d0addd7129d13ce335df871730534ecee42d2df3a637b
GET /landings/285828/1704989181/images/110010_4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: PpnQUgl6j3o5gIUebiOS1qL7E6kKlWEfVaPGPE9OPquABSSuYyrvclCtKQeYXts3QT2jbdt+yC4=
x-amz-request-id: 03TQKEPC68Z0TPEQ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "daf4cb58fb756b1ed20036941b7a6b72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 55243
Date: Fri, 03 May 2024 23:57:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
142.250.74.106200 OK 1.1 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
IP 142.250.74.106:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type gzip compressed data, max compression
Hash bcccd6f8063df3fc836cac1c47148e21
6346340af5b53158cd5d43a8108dd8660fd2fc7c
4a5551a0a6fe80753dac786469057ae51259490cb1f884c6b986f9f924fce469
GET /css2?family=Inter:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 May 2024 23:57:16 GMT
date: Fri, 03 May 2024 23:57:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
95.101.11.40200 OK 4.5 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 336 x 336, 8-bit/color RGB, non-interlaced
Hash 372e58a66b7d92e1dd903f32fb308d1e
40be5d7067b822dfed07e173acd11cfceaa9e329
82408edfa51c2d831b86658b6637a6950986c342195aa08fd1467ea1d71b9793
GET /landings/285828/1704989181/images/49.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: TvfZYk+pm5Zz325xPfObg2es/GmEVzAIzRuIVmx3nKuAv/O9ZvwCM3nOFYhcb4ziipfsmhOCb0k=
x-amz-request-id: PT5XEDG2GF4ENSAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "372e58a66b7d92e1dd903f32fb308d1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4510
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
95.101.11.40200 OK 889 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 02866968d59a649b76df83c300d2d8f6
8293027c754094ab05cb7d6daa7f7cdb1be5c98e
ce26e303b33d69ca20eb3079b4c37ed364eacb8c633260c56315d6db74414b74
GET /landings/285828/1704989181/images/icon-home.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: J2j15DxUM5rlXT7Nxc3X0Y34YFEmdyaOsazkHX/ikypVKg62NIs40smGzAENdDYJk1inK7Vfddg=
x-amz-request-id: PT5GE7X8D0WQFEVR
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "02866968d59a649b76df83c300d2d8f6"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 889
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
95.101.11.40200 OK 1.2 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash aa6ea58a389a3ebe541d5f9d622dedd7
9fb684b6f6cd982396bd8c8e745997c3a01dd6be
4aa4713ccd74ad24299b1558cb49061c90076e841b3b1177fb3b056a8448b4c5
GET /landings/285828/1704989181/images/icon-search.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 5MWWFv/pV4zyNDNiGlQmQ3qKNUv3e5Uju/4iFQUl1MXYGvp5+/2wVbhAuFaUPfa3CXlziFJiacI=
x-amz-request-id: AGX82PAPYWSTTABX
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "aa6ea58a389a3ebe541d5f9d622dedd7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1189
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
95.101.11.40200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash f89e15ef5cf4b32ca987f73bd4a2ef9d
0f55d36995906b78bd98f23c7fdc67778212b7fc
7b023c50adbfe6554e1bf1986a12de8ba9e47c5d14a3e57318d117004ea6a641
GET /landings/285828/1704989181/images/icon-plus.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: R8ISDoAk6yapIVUfIwscUBW6bTK3JKja3s/XdLdKBIi9H30IQ7+z5JdfhoffN+oMj7P/7M3mCSE=
x-amz-request-id: PT5P4086S3D4K9Q5
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "f89e15ef5cf4b32ca987f73bd4a2ef9d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1117
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
95.101.11.40200 OK 914 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 2457f6954df5056e25151bcdd05a2718
41ab46311796f9ade12cae960687a422ee8ff0a0
c1a26e7a024fd0e566423b10e91c63854979ce89f3fe2625043dc52dfe20891b
GET /landings/285828/1704989181/images/icon-like.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZUbXCJxGwKXqwMDezh47FNzo2IdI9tQ3EVMUeb7WOoM9SR3kJWllIXaTlo8GNQ1JVuBYXsHbwGA=
x-amz-request-id: PT5J41Y0V1HKXFRB
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "2457f6954df5056e25151bcdd05a2718"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 914
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
95.101.11.40200 OK 844 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 00aa56c530f0df6ddbb8805f25376920
2331bb67d5538e5fb2c010ef41541ce8dc8acfc1
ed65348e7b16bbe9b436282214590814692d0fb779fc2155c82ca0d94fe5a94e
GET /landings/285828/1704989181/images/icon-user.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZVWyB5ozfQueRX3ARgZwgS6byU5YmYd5sDJaULfMKtPGzGVQTFNuThivp4ySbhpjF6j48BLDZ6I=
x-amz-request-id: PT5RVY9G7TN79JAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "00aa56c530f0df6ddbb8805f25376920"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 844
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
95.101.11.40206 Partial Content 692 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size 692 kB (691794 bytes)
Hash 254c97fbac9f92203f7871bea8ef1eb7
b5d254d711ff98206ee3b103de601415eadc883a
104dc2eb9fffa01bdbcff72b2ee0544ed1e09dfb03ff11cee8012366f9dfaae8
GET /landings/285828/1704989181/images/4.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: 4AhltQXYj8gQQLSEHCUY9AGuSxwbPlvGmuC+ICWk/rhF5LL2NhqpA99ZkCkkgnF8m/7qVthktdo=
x-amz-request-id: PT5YP3NSC0YYKG8S
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "254c97fbac9f92203f7871bea8ef1eb7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Fri, 03 May 2024 23:57:16 GMT
Content-Range: bytes 0-691793/691794
Content-Length: 691794
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
142.250.74.131200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 142.250.74.131:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 119558
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
142.250.74.131200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 142.250.74.131:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 14:44:38 GMT
expires: Fri, 02 May 2025 14:44:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 119558
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240503235715
95.101.11.40200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240503235715
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240503235715 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240503235715
95.101.11.40200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240503235715
IP 95.101.11.40:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240503235715 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Fri, 03 May 2024 23:57:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
142.250.74.131200 OK 10 kB URL GET HTTP/3 www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP 142.250.74.131:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type JavaScript source, ASCII text, with very long lines (35547)
Hash 0cb7a0eb328ea70ab360f861314c8820
e3e20eb50dae36f4cbcef1890b1cc7878acb537a
4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9
GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:33:31 GMT
expires: Fri, 02 May 2025 23:33:31 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 87825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
142.250.74.131200 OK 8.6 kB URL GET HTTP/3 www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP 142.250.74.131:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type JavaScript source, ASCII text, with very long lines (25088)
Hash 9164d0e8a317eceb870cca88c9683127
4617c910005f7100b4ff26a458a8b4463e33cdc6
15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931
GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 20:42:54 GMT
expires: Fri, 02 May 2025 20:42:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 98062
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&iexpp=1&j1=1&j9=1&tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&utm_source=e2905f55ec3a568b&ban=other
52.19.138.177 136 B URL rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&iexpp=1&j1=1&j9=1&tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&utm_source=e2905f55ec3a568b&ban=other
IP 52.19.138.177:0
File type HTML document, ASCII text
Hash b23929b3ce26d82574cdd2ce18203059
9e8f7e090381f8a8874c4c331f8208ffb7b95e82
0d994636f5fa9499724aab3a74e72c45b1ca9923dfb28374e6bf0562a5cdd5b8
GET /?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&iexpp=1&j1=1&j9=1&tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&utm_source=e2905f55ec3a568b&ban=other HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 03 May 2024 23:57:35 GMT
content-type: text/html; charset=utf-8
content-length: 136
location: https://cy.trck-capt-prv2.com/click?o=4691&a=198&sub_id1=sadur663579ef0005f2c6&sub_id3=134504_2005070
set-cookie: unique_id=663509b6000bba70; Path=/; Expires=Tue, 02 Jul 2024 23:57:35 GMT; Secure; SameSite=None
unique_id2=66357781000089eb; Path=/; Expires=Thu, 01 Aug 2024 23:57:35 GMT; Secure; SameSite=None
66357781000089eb_c=1; Path=/; Expires=Thu, 01 Aug 2024 23:57:35 GMT; Secure; SameSite=None
ref_token=195527_134504; Path=/; Expires=Sun, 02 Jun 2024 23:57:35 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Fri, 03 May 2024 23:57:35 GMT; Secure; SameSite=None
tid=sadur663579ef0005f2c6; Path=/; Expires=Sat, 07 Apr 2029 23:57:35 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
rgqval.awaitingdream.net/js/pushjs/1.0.0/utils.js
52.19.138.177200 OK 7.1 kB URL GET HTTP/2 rgqval.awaitingdream.net/js/pushjs/1.0.0/utils.js
IP 52.19.138.177:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerLet's Encrypt
Subject*.awaitingdream.net
Fingerprint80:13:71:FD:9C:9C:0B:BF:1A:E0:B5:EA:6C:C4:ED:77:5A:CA:B4:02
ValidityTue, 19 Mar 2024 09:01:07 GMT - Mon, 17 Jun 2024 09:01:06 GMT
File type JavaScript source, ASCII text, with very long lines (7334), with no line terminators
Hash 7df62062a027cd25d5a179c520f38668
0ddaa8cd9090908d987e0299cef74fbf7f118738
cdf93aff990bae251f609ef00d7d2bdbb56a35f003c7184ba067b5948629faa3
GET /js/pushjs/1.0.0/utils.js HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&iexpp=1&j1=1&j9=1&tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&utm_source=e2905f55ec3a568b&ban=other
Cookie: unique_id=663509b6000bba70; unique_id2=66357781000089eb; 66357781000089eb_c=1; ref_token=195527_134504; 66357781000089eb_sl=[285828]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:57:16 GMT
content-type: application/javascript
expires: Fri, 10 May 2024 23:57:16 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F58456d1509e296e303b3bf3b8665de9b%3F__t%3D1714780634465%26__l%3D3600%26__c%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Ftds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s1%3D134504%26click_id%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s3%3Dsml_e1f18e7f%26j1%3D1%26utm_source%3De2905f55ec3a568b%26ban%3Dother%26j9%3D1%26s5%3Ddit1558%26s2%3D2005070&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3D557c271e-3226-4ac5-9a78-5f7a0df42bd8%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26tds_ac_id%3Ds5428sto%26p_tds_cid%3D595f0d6a68cf3163c3daf718dcf067d688ed1d70%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D8b245f7d215cca7496fa3a9a1df6bf553ef202a0%26tds_ps%3Da&tdsCid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&reason=beacon&visitsCount=1&ts=1714780634926
143.204.55.67200 OK 0 B URL POST HTTP/3 empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F58456d1509e296e303b3bf3b8665de9b%3F__t%3D1714780634465%26__l%3D3600%26__c%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Ftds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s1%3D134504%26click_id%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s3%3Dsml_e1f18e7f%26j1%3D1%26utm_source%3De2905f55ec3a568b%26ban%3Dother%26j9%3D1%26s5%3Ddit1558%26s2%3D2005070&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3D557c271e-3226-4ac5-9a78-5f7a0df42bd8%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26tds_ac_id%3Ds5428sto%26p_tds_cid%3D595f0d6a68cf3163c3daf718dcf067d688ed1d70%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D8b245f7d215cca7496fa3a9a1df6bf553ef202a0%26tds_ps%3Da&tdsCid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&reason=beacon&visitsCount=1&ts=1714780634926
IP 143.204.55.67:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2F58456d1509e296e303b3bf3b8665de9b%3F__t%3D1714780634465%26__l%3D3600%26__c%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Ftds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s1%3D134504%26click_id%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26s3%3Dsml_e1f18e7f%26j1%3D1%26utm_source%3De2905f55ec3a568b%26ban%3Dother%26j9%3D1%26s5%3Ddit1558%26s2%3D2005070&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3D557c271e-3226-4ac5-9a78-5f7a0df42bd8%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Df0fde8c10f415eabf02c0f76766ee9609ed4fefe%26tds_ac_id%3Ds5428sto%26p_tds_cid%3D595f0d6a68cf3163c3daf718dcf067d688ed1d70%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D8b245f7d215cca7496fa3a9a1df6bf553ef202a0%26tds_ps%3Da&tdsCid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&reason=beacon&visitsCount=1&ts=1714780634926 HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://empirelayer.club
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Fri, 03 May 2024 23:57:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-id: mCbSNhZQh6K1KoLbiSOBy5xg8VFNDYkqUWmGGUZ0VhwsSqdWjGuiYA==
go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
172.255.248.119200 OK 329 B URL User Request GET HTTP/1.1 go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (359), with no line terminators
Hash c6d8eb0e5559ae1449d4204c97fbf731
f6331cecac60a6662977a99f01b7269798f4b1b1
6a8c03a92e8d4f7134a55cf5070ea431a27a7fa8050216fee829906a53a29da1
GET /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh; 10000=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e; op_10000=0; user_id=c5a93482-0fdc-45b5-b161-81c65068a726_d19300889657cdf6a3cbd5c6b49ad0b5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 May 2024 23:57:12 GMT
Content-Type: text/html
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip
rgqval.awaitingdream.net/js/pushjs/1.0.0/subscriber.js
52.19.138.177200 OK 9.4 kB URL GET HTTP/2 rgqval.awaitingdream.net/js/pushjs/1.0.0/subscriber.js
IP 52.19.138.177:443
Requested by https://rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
Certificate IssuerLet's Encrypt
Subject*.awaitingdream.net
Fingerprint80:13:71:FD:9C:9C:0B:BF:1A:E0:B5:EA:6C:C4:ED:77:5A:CA:B4:02
ValidityTue, 19 Mar 2024 09:01:07 GMT - Mon, 17 Jun 2024 09:01:06 GMT
File type JavaScript source, ASCII text, with very long lines (9661), with no line terminators
Hash 698668c880e3133ee2cffc2eee6aad4d
cadcabaeb8a3da90317682ead381b76c11319464
1963c90f965a52259d5b8fd47cb33ef3df24733a994ad99ce7f0cfa525d9b163
GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&iexpp=1&j1=1&j9=1&tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&utm_source=e2905f55ec3a568b&ban=other
Cookie: unique_id=663509b6000bba70; unique_id2=66357781000089eb; 66357781000089eb_c=1; ref_token=195527_134504; 66357781000089eb_sl=[285828]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:57:16 GMT
content-type: application/javascript
expires: Fri, 10 May 2024 23:57:16 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
143.204.55.67200 OK 1.2 kB URL User Request GET HTTP/2 empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
IP 143.204.55.67:443
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1248), with no line terminators
Hash 1573fabff2527edd0f4ff1f1666a3fa9
886b49ab52823cf959c7ad019edea5553e96a42b
32ff0e11eab8f75460459c62bd80ea87969a0cb875fe507d14fc405c977f7d44
GET /tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u= HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Fri, 03 May 2024 23:57:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: vB9zv361I7R2pd8bNhhM7XHwvqNh5jMefaATd-Kigszo_OMvFdPBEw==
X-Firefox-Spdy: h2
luvwhisper.com/lp-external/index.js
54.230.111.47200 OK 2.2 kB URL GET HTTP/2 luvwhisper.com/lp-external/index.js
IP 54.230.111.47:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2304), with no line terminators
Hash 6581cb890b9497166c13fa1122c88947
4632208a24f59f3b44a68ca77b130f4b6a661ded
19f631eaad330a3adac93c919803b30bc262991bb7db396bc9a4fbbae6cd5d3b
GET /lp-external/index.js HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Fri, 03 May 2024 23:57:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 29 Apr 2024 12:56:39 GMT
etag: W/"8b7-18f29edc358"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: OngMtwzbCNnkpU88nPqMdGTIzdKnyEUOFcxCU3lsrjDt9J5rTB_w8Q==
X-Firefox-Spdy: h2
queitho.com/client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
104.21.79.101200 OK 6.1 kB URL User Request GET HTTP/2 queitho.com/client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e
IP 104.21.79.101:443
Certificate IssuerLet's Encrypt
Subjectqueitho.com
FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9
ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File type JavaScript source, ASCII text, with very long lines (6169), with no line terminators
Hash 1bbdbf1c1f91a5428f693fa7928b4805
82dc6f4ec70617b449e1427655598ce959c6c334
02d3ec24307994aa0b6d5303139cb1b0c4ac47adaa0c2f7f00a98b66ef72784f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_fca9dc1a73bc1cc991723dad4701a30e HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.gkrtmc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:57:13 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2qcO3ELM%2F1G8Ld4cXeFbarcLMCs2LHbOPQ3BFC7MTBX5LKrq%2BQg8RVNlM35zHAfDfTn2b4QvfnVnodoZH0pBw5yaDVm%2BogtuQS3jETejRL%2Fx%2F7qRLAKXguLbpnPBUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4312c6becb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
empirelayer.club/favicon.ico
0.0.0.0 0 B URL GET empirelayer.club/favicon.ico
IP 0.0.0.0:0
Requested by https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/58456d1509e296e303b3bf3b8665de9b?__t=1714780634465&__l=3600&__c=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&__u=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
52.19.138.177200 OK 40 kB URL User Request GET HTTP/2 rgqval.awaitingdream.net/?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070
IP 52.19.138.177:443
Certificate IssuerLet's Encrypt
Subject*.awaitingdream.net
Fingerprint80:13:71:FD:9C:9C:0B:BF:1A:E0:B5:EA:6C:C4:ED:77:5A:CA:B4:02
ValidityTue, 19 Mar 2024 09:01:07 GMT - Mon, 17 Jun 2024 09:01:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?tds_cid=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s1=134504&click_id=f0fde8c10f415eabf02c0f76766ee9609ed4fefe&s3=sml_e1f18e7f&j1=1&utm_source=e2905f55ec3a568b&ban=other&j9=1&s5=dit1558&s2=2005070 HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:57:15 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=663509b6000bba70; Path=/; Expires=Tue, 02 Jul 2024 23:57:15 GMT; Secure; SameSite=None
unique_id2=66357781000089eb; Path=/; Expires=Thu, 01 Aug 2024 23:57:15 GMT; Secure; SameSite=None
66357781000089eb_c=1; Path=/; Expires=Thu, 01 Aug 2024 23:57:15 GMT; Secure; SameSite=None
ref_token=195527_134504; Path=/; Expires=Sun, 02 Jun 2024 23:57:15 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Fri, 03 May 2024 23:57:15 GMT; Secure; SameSite=None
66357781000089eb_sl=[285828]; Path=/; Expires=Fri, 17 May 2024 23:57:15 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2