Report - best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown

Report Overview

Submitted URL
best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown
IP
103.224.182.247
ASN
#133618 Trellian Pty. Limited
Submitted
2024-05-07 15:42:29
Access
public
Website Title
Attention Required! | Cloudflare
Final URL
stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dhjhd.com	unknown	unknown	2024-02-26	2024-04-18	617 B	1.9 kB	109.206.168.17
s.optnx.com	20469	2020-01-27	2020-03-25	2024-05-04	5.4 kB	3.7 kB	95.211.229.245
go.mnaspm.com	unknown	2022-07-05	2023-10-04	2024-05-06	2.6 kB	2.6 kB	104.18.40.50
stripchat.com	10390	2006-02-13	2016-06-13	2024-05-06	6.5 kB	29 kB	104.17.117.12
no.stripchat.com	unknown	2006-02-13	2017-02-01	2024-03-12	589 B	4.4 kB	104.17.117.12
best-targeted-traffic.com	unknown	2020-04-09	2012-05-29	2023-03-22	539 B	400 B	103.224.182.247
ww16.best-targeted-traffic.com	unknown	2020-04-09	2022-03-19	2024-04-18	3.9 kB	4.0 kB	64.190.63.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	best-targeted-traffic.com	Sinkholed
2024-05-07	medium	best-targeted-traffic.com	Sinkholed
2024-05-07	medium	best-targeted-traffic.com	Sinkholed
2024-05-07	medium	best-targeted-traffic.com	Sinkholed
2024-05-07	medium	best-targeted-traffic.com	Sinkholed
2024-05-07	medium	best-targeted-traffic.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01	0 B	2023-03-07	2024-05-19
Pretty URL stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 IP 104.17.117.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:20:39 Times Seen37836009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01	393 B	2023-04-05	2024-05-19
Pretty URL stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 IP 104.17.117.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:39:40 Last Seen2024-05-19 17:06:25 Times Seen72530 Hash 34ad0a116707d3b794129a6720af92d7 424de9dbb8bc774e2a2d4ade100d90f5ac0ecbf4 d011a9449a990f2086894be870adc6fbb53595dc593b410a83e45e40bfbc7262 Loading...

	stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01	0 B	2023-03-07	2024-05-19
Pretty URL stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 IP 104.17.117.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:20:39 Times Seen37836009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	247 B	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:42:29 Last Seen2024-05-07 17:42:29 Times Seen1 Hash 9e3256eb016b8221be39a64ef73561dd 1be0c0d5fb823d2041167251eba2394d02a7e660 441c906eb7b9d72a0b0745b3dfc39925d88d366d1912b91abb187a4d4538ff70 Loading...

	stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01	1.1 kB	2024-05-07	2024-05-07
Pretty URL stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 IP 104.17.117.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 17:42:29 Last Seen2024-05-07 17:42:29 Times Seen1 Hash 4e327943eb40253027a5593066d27384 4d0be96bd7f32e3e82472c9e4763c6fdff7048f6 5399c918c82b53243f00b221d0eeb51dda6a50e16c3b8bc92780149c8f6d8a3c Loading...

	stripchat.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-07	2024-05-07
Pretty URL stripchat.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.17.117.12 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 17:42:29 Last Seen2024-05-07 18:33:34 Times Seen4 Hash b4626e3ea61bfda28bd763cef96c1672 413506d91377af95f2944c3b247ced22e6729345 ba27d627bb149a4e3229b2c784ea300a4822bd751e06ee4eff549807391b1435 Loading...

HTTP Transactions (20)

URL IP Response Size

best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown

103.224.182.247

2 B

URL
best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown
IP
103.224.182.247:0
ASN
#133618 Trellian Pty. Limited

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown HTTP/1.1
Host: best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Tue, 07 May 2024 15:42:04 GMT
server: Apache
set-cookie: __tad=1715096524.3346047; expires=Fri, 05-May-2034 15:42:04 GMT; Max-Age=315360000
location: http://ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935

64.190.63.136

1.3 kB

URL
ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type
HTML document, Unicode text, UTF-8 text, with very long lines (740)
Size
1.3 kB (1340 bytes)
Hash
188f6d014a2bdb6ea42f6ac957c4003a
571708c4a78a94d27eb3a1cf8493e316a49cdf04
07609618d389208e3e82d8dd86b84ada0c365df99baf1c67029936e94dc5846d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935 HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 07 May 2024 15:42:05 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_eV5qKZvfRYlhAw1iLfEnVQ8Ayb81tluj6vXYYmg7jOSD3Ypj9BAPhr8VSsf7R0SuIyheFbaxXqyqAxZy00EHvA==
last-modified: Tue, 07 May 2024 15:42:04 GMT
x-cache-miss-from: parking-7cbf88ff6b-tlz7g
server: NginX
content-encoding: gzip

ww16.best-targeted-traffic.com/img.sedoparking.com/images/js_preloader.gif

64.190.63.136

0 B

URL
ww16.best-targeted-traffic.com/img.sedoparking.com/images/js_preloader.gif
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img.sedoparking.com/images/js_preloader.gif HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 441 
date: Tue, 07 May 2024 15:42:05 GMT
content-length: 0
server: NginX

ww16.best-targeted-traffic.com/search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNTA5NjUyNWM2M2RiMzU0ZDBiNWEzNmUwMTIyMDY2OTc1Nzc1Yzc4&crc=f776358a2392d7bb314d2da9e56aa7334beb8fc6&cv=1

64.190.63.136

0 B

URL
ww16.best-targeted-traffic.com/search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNTA5NjUyNWM2M2RiMzU0ZDBiNWEzNmUwMTIyMDY2OTc1Nzc1Yzc4&crc=f776358a2392d7bb314d2da9e56aa7334beb8fc6&cv=1
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tsc.php?200=NDA4MDEzNDk4&21=OTEuOTAuNDIuMTU0&681=MTcxNTA5NjUyNWM2M2RiMzU0ZDBiNWEzNmUwMTIyMDY2OTc1Nzc1Yzc4&crc=f776358a2392d7bb314d2da9e56aa7334beb8fc6&cv=1 HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Tue, 07 May 2024 15:42:05 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-7cbf88ff6b-bsk5t
server: NginX

ww16.best-targeted-traffic.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D

64.190.63.136

0 B

URL
ww16.best-targeted-traffic.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww16.best-targeted-traffic.com/install.php?unq=5o102382234knxgerj&version=1.7&pais=Unknown&sub1=20240508-0142-040b-8f16-b57e524b2935
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Tue, 07 May 2024 15:42:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 07 May 2024 15:42:06 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D
pragma: no-cache
server: NginX
x-cache-miss-from: parking-7cbf88ff6b-7flh7
x-powered-by: PHP/8.1.17
content-length: 0
X-Firefox-Spdy: h2

ww16.best-targeted-traffic.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D

64.190.63.136

311 B

URL
ww16.best-targeted-traffic.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D
IP
64.190.63.136:0
ASN
#47846 SEDO GmbH

File type
HTML document, ASCII text
Size
311 B (311 bytes)
Hash
8567773bfe2cdfce722024e4e5ce6242
867b8fe37f0583328dabee5c9ca20a38bd49d933
688a6c2ee1c0616116b4be637fef47b2e05816a694e56e820bb2da7f8b7f311e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsPVWmgZQOic_0&v=NzlmNzQ5YTM2MjBmZGY3N2M1N2EwOThkYmIxMjM2NjMJMQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0N2MyOC4wNTE2ODAyOQl3dzE2LmJlc3QtdGFyZ2V0ZWQtdHJhZmZpYy5jb202NjNhNGJjYzk0ODI0OC42NjUzOTk4OAkxNzE1MDk2NTI1CWFkXzYzXzA%3D&l=OAk4MDlmYTQ5ZDJkY2JhZWIxZGI0YTg1MWYyMjM3ZDY2MgkwCTM1CTAJMzI4ZjEzYjc2MmI1YzFkYWUxMGFlNTg0ZWQxNDNiYTEJNDA4MDEzNDk4CWJlc3QtdGFyZ2V0ZWQtdHJhZmZpYwkwCTYzCTYJMgkxNzE1MDk2NTI1CTAuMDAwMTI5CU4JMAkxCTE1MTIJMTIwNQkyNjUxMDY2Mwk5MS45MC40Mi4xNTQJMA%253D%253D HTTP/1.1
Host: ww16.best-targeted-traffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww16.best-targeted-traffic.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Tue, 07 May 2024 15:42:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 07 May 2024 15:42:06 GMT
location: http://xml.sedodna.com/click?i=sPVWmgZQOic_0
pragma: no-cache
server: NginX
x-cache-miss-from: parking-7cbf88ff6b-tlz7g
x-powered-by: PHP/8.1.17
X-Firefox-Spdy: h2

dhjhd.com/b2/c/c/redir?cid=1&did=Zn9EV1w&eid=14711&nid=1&sid=3284899876ExyorBUW&ts=1715096524&ttl=3600&v=v5.11.8.1

109.206.168.17

1.8 kB

URL
dhjhd.com/b2/c/c/redir?cid=1&did=Zn9EV1w&eid=14711&nid=1&sid=3284899876ExyorBUW&ts=1715096524&ttl=3600&v=v5.11.8.1
IP
109.206.168.17:0
ASN
#50245 Serverel Inc.

File type
HTML document, ASCII text, with very long lines (1481)
Size
1.8 kB (1777 bytes)
Hash
b0aa606c791bd71b1859670045d1e2c0
270c9cba6ccabf70cea6bb3aca7e0d795094376a
2c3b07b095b9abdc0b8d8cddc374afc5a94a01bcfb1c084e2ff21ca81ed0ff93

HTTP Headers

GET /b2/c/c/redir?cid=1&did=Zn9EV1w&eid=14711&nid=1&sid=3284899876ExyorBUW&ts=1715096524&ttl=3600&v=v5.11.8.1 HTTP/1.1
Host: dhjhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww16.best-targeted-traffic.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
server: dspclick-v3.12.5.2
date: Tue, 07 May 2024 15:42:05 GMT
content-type: text/html
content-length: 1777

s.optnx.com/cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw

95.211.229.245

1.5 kB

URL
s.optnx.com/cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw
IP
95.211.229.245:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (2088)
Size
1.5 kB (1513 bytes)
Hash
d0a87b60c99ad2a7c6415c68c4da44a9
d4e79f20661b2361c32f846f5136f09b7c53c074
0a8759b9ec19282a3af83a1852de6fb4e7becfa2f810d81ed0fc0a70eb7ffc43

HTTP Headers

GET /cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 15:42:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22663a4bcec519f0.794530563193672211%22%3B%7D; expires=Thu, 07 May 2026 15:42:06 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Accept-Ch: Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Full-Version-list,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Bitness,Sec-Ch-Ua-Arch
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

95.211.229.245

302 Found

0 B

URL User Request GET HTTP/1.1
s.optnx.com/cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw&p=https%3A%2F%2Fadscompass.com&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1280x1024&iframe=0
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectoptnx.com
Fingerprint4C:79:56:70:DF:A7:AE:B3:DC:F6:3F:C4:AA:4C:A3:98:85:22:D2:4B
ValidityTue, 30 Apr 2024 07:52:49 GMT - Mon, 29 Jul 2024 07:52:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw&p=https%3A%2F%2Fadscompass.com&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1280x1024&iframe=0 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.optnx.com/cimp.php?data=TVRjeE5UQTVOalV5Tkh3NFpUVTNZV001TmpNelpUUmlNak5tT0RZd1l6QXhOalk1Wm1GaU9ETTJaUS0tfGh0dHBzOi8vZ28ubW5hc3BtLmNvbS9zbWFydHBvcC9lYzViNjlmNmMwNzFhM2NmZDIzYTRmMTRhNzNlODA2YzRiNDZhZmQ5ZTczYTA2YWRiNGUyNjY0NTVkZDc3MWZmP3VzZXJJZD03MDlhZmMzOGU1M2ZlYjU3MzgyOTZmNDM4OGZjNzU3Yjc1NzgyOTQ1ZDZhNWVmZGZlZThiZTg1NWM4NmQyZDAxJm1lbWJlcklkPVBuQWMwdDVYMTljd2k4U1VIeVF2REF4b2lHY2EyNzc1MTQxNTM2NjE0NDQ3ejZTOFNvcGRkTkhkTEhUUEhOVlM0QVNPcW1wbXFvcmRkUFhOWFhSSzZWenFwYlhUVFZPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE8xbW1tc2wyMXpsdHUxMW8yczMwcjJsbXpzNG16bWxydGRaYmJUWFZaTHZ2UHB2VHZSVnZ0dHZQYnhkeFBWeE5QUTZWd2drQUgzUGZpTXlIT2RLNlYwcnBYU3VsZEs2VjBycHJKcXBicTZwNlhPZEs2VjBycFhTdWxkSzZWMHJwWFZiY1o4V1dVNzUzYjE3NXoyYlMzYlMxNlp6MTEwVlhWT0Q3QSZzb3VyY2VJZD01MTQxNTM2JnAyPTg5ODg5NyZwMT1OT1ImcDM9e2NhcnJpZXJ9fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8MTE1fGFkc2NvbXBhc3MuY29tfDUyNjQyOHw4MzUwMzB8MTAxMjc3Mnw1MTQxNTM2fDUwOHw2MzkwNzQyfDkyNjE2NjMwfDE1fDN8MHwwfDI1MzQ0fDB8NjB8NzB8VVNEfFVTRHwxfDF8MjJ8fDF8Tk9SfHwxNnw0fDF8fGMxMTE3MGRjYTA4OWNjM2Q3ZWI2ZDAxYTdmMWExMDY4fDc4ODQ2NTcwZWUyYmU0ZTM1ZWRkZTI4ZjlmMjVmMTIzfDF8MHxwb3Jub2thZWYudHZ8MHwwfDB8MC4wMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDYzYjI1YzY3ZDNhMTlhN2I3N2ZiMDM0N2NmNDcxNDUw
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22663a4bcec519f0.794530563193672211%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 07 May 2024 15:42:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22663a4bcec519f0.794530563193672211%22%3B%7D; expires=Thu, 07 May 2026 15:42:06 GMT; path=; domain=.optnx.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v4%7C%7CNOR%7C5141536%7C92616630%7C0%7C%7C508%7C115%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C0%7C13%7C4096%7C0%7C0%7C1%7C0%7C0%7C1%7C663a4bcec519f0.794530563193672211%7C78846570ee2be4e35edde28f9f25f123%7C0%7Cpornokaef.tv%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1715096526%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C4896ed0911d91c4345383d3dcc0825a4%7Cok%22%7D; expires=Wed, 08 May 2024 15:42:06 GMT; path=/; domain=.optnx.com; Secure; SameSite=none
Location: https://go.mnaspm.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&sourceId=5141536&p2=898897&p1=NOR&p3={carrier}&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9
Accept-CH: 
X-Robots-Tag: noindex, follow

go.mnaspm.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&sourceId=5141536&p2=898897&p1=NOR&p3={carrier}&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9

104.18.40.50

302 Found

0 B

URL User Request GET HTTP/2
go.mnaspm.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&sourceId=5141536&p2=898897&p1=NOR&p3={carrier}&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9
IP
104.18.40.50:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmnaspm.com
Fingerprint41:FC:20:C5:2D:89:14:17:87:EB:2D:BA:2E:DE:61:87:1E:53:19:CE
ValiditySun, 14 Apr 2024 17:19:29 GMT - Sat, 13 Jul 2024 17:19:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&sourceId=5141536&p2=898897&p1=NOR&p3={carrier}&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.optnx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 May 2024 15:42:07 GMT
content-length: 0
location: https://go.mnaspm.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=3904683791fb776336953eb9b66a27238c51bc3f748f3b04086d620c64dd5f01&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9&iterationId=692719&masterSmartpopId=0&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&p1=NOR&p2=898897&p3=%7Bcarrier%7D&ruleId=0&smartpopId=2815&sourceId=5141536&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=31362
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
set-cookie: _var=2043684.31362_MGQ0Y2JiMjk=; Path=/; Expires=Thu, 06 Jun 2024 15:42:06 GMT; HttpOnly; Secure; SameSite=None
__cflb=02DiuDFRFiBZBvMSLtsgHAjogiG8Ahr7a1cs881XteTAU; SameSite=None; Secure; path=/; expires=Wed, 08-May-24 15:42:07 GMT; HttpOnly
server: cloudflare
cf-ray: 8802516d8ed31bfa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.mnaspm.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=3904683791fb776336953eb9b66a27238c51bc3f748f3b04086d620c64dd5f01&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9&iterationId=692719&masterSmartpopId=0&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&p1=NOR&p2=898897&p3=%7Bcarrier%7D&ruleId=0&smartpopId=2815&sourceId=5141536&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=31362

104.18.40.50

302 Found

0 B

URL User Request GET HTTP/2
go.mnaspm.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=3904683791fb776336953eb9b66a27238c51bc3f748f3b04086d620c64dd5f01&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9&iterationId=692719&masterSmartpopId=0&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&p1=NOR&p2=898897&p3=%7Bcarrier%7D&ruleId=0&smartpopId=2815&sourceId=5141536&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=31362
IP
104.18.40.50:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmnaspm.com
Fingerprint41:FC:20:C5:2D:89:14:17:87:EB:2D:BA:2E:DE:61:87:1E:53:19:CE
ValiditySun, 14 Apr 2024 17:19:29 GMT - Sat, 13 Jul 2024 17:19:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=3904683791fb776336953eb9b66a27238c51bc3f748f3b04086d620c64dd5f01&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMCJ9&iterationId=692719&masterSmartpopId=0&memberId=PnAc0t5X19cwi8SUHyQvDAxoiGca2775141536614447z6S8SopddNHdLHTPHNVS4ASOqmpmqorddPXNXXRK6VzqpbXTTVOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTO1mmmsl21zltu11o2s30r2lmzs4mzmlrtdZbbTXVZLvvPpvTvRVvttvPbxdxPVxNPQ6VwgkAH3PfiMyHOdK6V0rpXSuldK6V0rprJqpbq6p6XOdK6V0rpXSuldK6V0rpXVbcZ8WWU753b175z2bS3bS16Zz110VXVOD7A&p1=NOR&p2=898897&p3=%7Bcarrier%7D&ruleId=0&smartpopId=2815&sourceId=5141536&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=31362 HTTP/1.1
Host: go.mnaspm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.optnx.com/
DNT: 1
Connection: keep-alive
Cookie: _var=2043684.31362_MGQ0Y2JiMjk=; __cflb=02DiuDFRFiBZBvMSLtsgHAjogiG8Ahr7a1cs881XteTAU
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 07 May 2024 15:42:07 GMT
content-length: 0
location: https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
set-cookie: stripbotVariationName-StripcashTest16=NullWidget; Path=/; Domain=go.mnaspm.com; Expires=Thu, 06 Jun 2024 15:42:07 GMT; Max-Age=2592000; Secure; SameSite=None
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8802516def951bfa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stripchat.com/cdn-cgi/styles/cf.errors.css

104.17.117.12

200 OK

7.7 kB

URL GET HTTP/3
stripchat.com/cdn-cgi/styles/cf.errors.css
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
7.7 kB (7728 bytes)
Hash
80000355ef4900f25141ea92a02cbd43
7f297631ad2097b03d0a69d74beba006eee6dcca
5e759f93b779e46ac4ae17a848a24860f68f798692c22cba902aa103f4a0889c

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: text/css
last-modified: Fri, 03 May 2024 17:58:00 GMT
etag: W/"663525a8-5df3"
server: cloudflare
cf-ray: 8802516f7f99b51d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 07 May 2024 17:42:07 GMT
cache-control: max-age=7200, public
content-encoding: gzip

stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01

104.17.117.12

403 Forbidden

2.7 kB

URL User Request GET HTTP/2
stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1125)
Size
2.7 kB (2701 bytes)
Hash
57ea71054f1b17931f9edf7b06e97d5e
4fb91cf1859678d349fdf4b0cd275a3fb23dc17e
6a968d3204cc791975107672e753f65d7abee100b3397026ce4c9a239cf4894b

HTTP Headers

GET /girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.optnx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Tue, 07 May 2024 15:42:07 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Tue, 07 May 2024 15:42:22 GMT
set-cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto; path=/; expires=Tue, 07-May-24 16:12:07 GMT; domain=.stripchat.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802516e796756cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stripchat.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.17.117.12

302 Found

0 B

URL GET HTTP/3
stripchat.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 15:42:07 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802516ff8b6b51d-OSL
alt-svc: h3=":443"; ma=86400

stripchat.com/favicon.ico

104.17.117.12

302 Found

138 B

URL GET HTTP/3
stripchat.com/favicon.ico
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 15:42:07 GMT
content-type: text/html
content-length: 138
location: https://no.stripchat.com/favicon.ico
strict-transport-security: max-age=15768000
content-security-policy: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.hotjar.com *.crowdin.com cdntechone.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.doppiocdn.org wss://*.doppiocdn.media wss://*.lovense.com wss://*.lovense-api.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com stquality.org accounts.google.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live stripchat.page;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com stripchat.page;frame-src * data:;report-uri /_csp
x-frame-options: deny
cf-cache-status: HIT
age: 88
expires: Tue, 07 May 2024 19:42:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802516ff8a8b51d-OSL
alt-svc: h3=":443"; ma=86400

no.stripchat.com/favicon.ico

104.17.117.12

200 OK

657 B

URL GET HTTP/3
no.stripchat.com/favicon.ico
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
657 B (657 bytes)
Hash
0bca3069a605b7170c9858c3def69645
56f92560a46d03162956ab37306801e977ce6865
a3528c6e28329af32a13751c1799d8f8abbd325c4e654f910a3e52f158afc5bc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: no.stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: image/png
content-length: 657
last-modified: Mon, 29 Apr 2024 14:23:34 GMT
etag: "662fad66-291"
content-security-policy: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.hotjar.com *.crowdin.com cdntechone.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live *.doppiostreams.com syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.doppiocdn.org wss://*.doppiocdn.media wss://*.lovense.com wss://*.lovense-api.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com stquality.org accounts.google.com fpnpmcdn.net loo3laej.com stripchat.page mc.thedd.online *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.stripcash.com *.mnaspm.com *.rmhfrtnd.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.rmshqa.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com *.althz.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.doppiocdn.media *.doppiocdn.live stripchat.page;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com stripchat.page;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: HIT
age: 96
expires: Tue, 07 May 2024 19:42:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88025170290eb51d-OSL
alt-svc: h3=":443"; ma=86400

stripchat.com/cdn-cgi/challenge-platform/h/b/jsd/r/8802516e796756cc

104.17.117.12

200 OK

0 B

URL POST HTTP/3
stripchat.com/cdn-cgi/challenge-platform/h/b/jsd/r/8802516e796756cc
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8802516e796756cc HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12687
Origin: https://stripchat.com
DNT: 1
Connection: keep-alive
Referer: https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=Ex1f4ppH7LscdqxVaAInhgXUddpWSmm4otmVkW3h9n0-1715096527-1.0.1.1-SONZ60xuSUvDLG8O.ffuLIGkgJs57Tz_bsL.fD9.lmmUGDoI.OAlY8EuwWZQrVpu5K82BqAg_7LE9_k4UCM25w; path=/; expires=Wed, 07-May-25 15:42:07 GMT; domain=.stripchat.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 880251712b5db51d-OSL
alt-svc: h3=":443"; ma=86400

stripchat.com/cdn-cgi/images/cf-no-screenshot-error.png

104.17.117.12

200 OK

3.2 kB

URL GET HTTP/3
stripchat.com/cdn-cgi/images/cf-no-screenshot-error.png
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 178 x 175, 8-bit colormap, non-interlaced
Size
3.2 kB (3213 bytes)
Hash
0d768cbc261841d3affc933b9ac3130e
aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7
1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0

HTTP Headers

GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stripchat.com/cdn-cgi/styles/cf.errors.css
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: image/png
content-length: 3213
last-modified: Fri, 03 May 2024 17:58:00 GMT
etag: "663525a8-c8d"
server: cloudflare
cf-ray: 8802516fb82eb51d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 07 May 2024 17:42:07 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

stripchat.com/cdn-cgi/images/browser-bar.png?1376755637

104.17.117.12

200 OK

715 B

URL GET HTTP/3
stripchat.com/cdn-cgi/images/browser-bar.png?1376755637
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 960 x 53, 8-bit colormap, non-interlaced
Size
715 B (715 bytes)
Hash
226dcb8f6144bdaafdfbd8f2f354be64
3785cc5b3bf52f8e398177b0ff1020b24aa86b8c
8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db

HTTP Headers

GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stripchat.com/cdn-cgi/styles/cf.errors.css
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: image/png
content-length: 715
last-modified: Fri, 03 May 2024 17:58:00 GMT
etag: "663525a8-2cb"
server: cloudflare
cf-ray: 8802516fb829b51d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 07 May 2024 17:42:07 GMT
cache-control: max-age=7200, public
accept-ranges: bytes

stripchat.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

104.17.117.12

200 OK

7.9 kB

URL GET HTTP/3
stripchat.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
104.17.117.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stripchat.com/girls/teens?affiliateId=0705249pg6g16zt758zzu74ncrd3xax565u06fi5udvq4n2lklhb0vd7024vx350&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NOR&p2=898897&p3=%7Bcarrier%7D&realDomain=go.mnaspm.com&referrer=https%3A%2F%2Fs.optnx.com%2F&sourceId=5141536&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
Certificate
IssuerCloudflare, Inc.
Subjectstripchat.com
Fingerprint3C:12:9D:04:0C:06:77:D6:C0:CF:16:86:EF:54:A5:31:EE:4A:CC:2E
ValidityMon, 01 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7875), with no line terminators
Size
7.9 kB (7875 bytes)
Hash
b4626e3ea61bfda28bd763cef96c1672
413506d91377af95f2944c3b247ced22e6729345
ba27d627bb149a4e3229b2c784ea300a4822bd751e06ee4eff549807391b1435

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=ZtEMJBLRdY58AcrJpkvDbqJ_VJtZywzP_3UA5qn25TM-1715096527-1.0.1.1-3dMnZ0mNtr.6twwOjEVDARZz.pER78tPuBma_Jg.xCqxRx224zfqak2xJL43mr4S_qJa.U6NS6VlreWE1qV4Lc0VBB1lm1EmDv9orjLYYto
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 15:42:07 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 8802517018f0b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash