| videzz.net/js/pop.js?v=1.0 |  78.142.18.54 | 200 OK | 35 B |
URL GET HTTP/2videzz.net/js/pop.js?v=1.0 IP78.142.18.54:443 ASN#208046 ColocationX Ltd.
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
Hashda4bf5414bf75eefb21872f9b59fe6fc e34335e0705397a4ad02c406a2e92333e6d2b0e5 d48b428c1788391a1aef29802daaa691077732dc7b821d0968831bc50b19278d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/pop.js?v=1.0 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
content-length: 35
last-modified: Sat, 27 Apr 2024 07:30:42 GMT
etag: "662ca9a2-23"
expires: Mon, 03 Jun 2024 10:04:58 GMT
cache-control: max-age=2592000
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| videzz.net/js/ads.js?v=1.0 | 78.142.18.54 | | 211 B |
URL videzz.net/js/ads.js?v=1.0 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
Hash09f34de71e8853387dd398fbb263af69 4ccb7007fcebcffe64eaa80f2991509fdbac55d5 6ca7e6aebc6e3eec26d39e540e255a738fd9e48e9b97bd0e2a714686377ac523
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/ads.js?v=1.0 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
content-length: 211
last-modified: Sat, 27 Apr 2024 07:30:28 GMT
etag: "662ca994-d3"
expires: Mon, 03 Jun 2024 10:04:58 GMT
cache-control: max-age=2592000
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| videzz.net/images-newtheme/adb_logo.png | 78.142.18.54 | | 8.3 kB |
URL videzz.net/images-newtheme/adb_logo.png IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typePNG image data, 178 x 178, 8-bit/color RGBA, non-interlaced Hash98fcd22c469a5aa46df8ec4e7a8eafc9 e8d95f175d3008736995a482d7304410a1da490a b1e79e219bf46ca5ef14a9619c5440e78c2ebdbc34b8f0c65f0777a8b02fc30c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images-newtheme/adb_logo.png HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: image/png
content-length: 8308
last-modified: Sat, 27 Apr 2024 07:30:38 GMT
etag: "662ca99e-2074"
expires: Mon, 03 Jun 2024 10:05:06 GMT
cache-control: max-age=2592000
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| videzz.net/images-newtheme/attention.png | 78.142.18.54 | | 6.4 kB |
URL videzz.net/images-newtheme/attention.png IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typePNG image data, 263 x 231, 8-bit/color RGBA, non-interlaced Hashd28ebe1b4425fa4ab5d804792b5aa626 3183e2c59cdaed547de5fb1fc940709ed5117003 36fc8d817d7a356b2b8e8697697a5ce86bedadfea8df2a4e88f9514bb1ce02f6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images-newtheme/attention.png HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: image/png
content-length: 6377
last-modified: Sat, 27 Apr 2024 07:30:38 GMT
etag: "662ca99e-18e9"
expires: Mon, 03 Jun 2024 10:05:39 GMT
cache-control: max-age=2592000
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-158623850-1 |  142.250.74.168 | | 75 kB |
URL www.googletagmanager.com/gtag/js?id=UA-158623850-1 IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (4179) Hash8f6a441db66673d3166d687e196c3d4b 1be78d890d3efd4e9f894f32890d4538d638617c d54924bee4972cb388887b08dfd0635ca2f4d3da9e9984ae8fe6d2ccadbf3309
GET /gtag/js?id=UA-158623850-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:28 GMT
expires: Sat, 04 May 2024 10:09:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74821
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| videzz.net/js/embed.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 78.142.18.54 | | 2.3 kB |
URL videzz.net/js/embed.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typegzip compressed data, from Unix Hashdd912741b3da0cc15832d76f2420601d 67611de4bdf1543d64f71c9c6efede4a9a9b0193 3423ce1b69a67102a749e6ae5301dc9857f8fcef664482ddbeb511bf0f828759
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/embed.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 07:30:42 GMT
vary: Accept-Encoding
etag: W/"662ca9a2-1183"
expires: Mon, 03 Jun 2024 10:05:36 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| yd.cottoidearldom.com/1clkn/14903 |  23.109.170.198 | | 26 B |
URL yd.cottoidearldom.com/1clkn/14903 IP23.109.170.198:0
File typeASCII text, with no line terminators Hash9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /1clkn/14903 HTTP/1.1
Host: yd.cottoidearldom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 10:09:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 10:09:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 10:09:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| videzz.net/sw.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 78.142.18.54 | | 17 kB |
URL videzz.net/sw.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typegzip compressed data, from Unix Hash6d27c5311b579a767e405c8b55ec9224 79101442b11914a1724444088c636f140c1b97a2 2dd5af8f8f178cee580b3d6840070ab8ce481b6f2e34d5e34bf024dd8961a72a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sw.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 07:30:32 GMT
vary: Accept-Encoding
etag: W/"662ca998-a554"
expires: Mon, 03 Jun 2024 10:08:24 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| static.addtoany.com/menu/page.js |  104.22.71.197 | 200 OK | 1.9 kB |
URL GET HTTP/2static.addtoany.com/menu/page.js IP104.22.71.197:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectstatic.addtoany.com Fingerprint5B:74:98:2D:F8:22:DB:0D:4E:74:B7:99:A7:7C:80:F6:CA:1A:8E:CA ValidityTue, 23 Apr 2024 07:56:27 GMT - Mon, 22 Jul 2024 07:56:26 GMT
File typeJavaScript source, ASCII text, with very long lines (3003), with no line terminators Hash5f984fdd1d3384220c67422c1f544a95 79c8a48b5fab47972dd69ce7dfd08cee895006b5 6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
GET /menu/page.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-bgj: minify
etag: W/"e346c2841e4abbb66ee259e9540abb61"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWZsNxx5LDQ%2FCmyOFsE8E2BnrVsLnneGIQNyd9wW5p4HAuYJk1J8NDKyEOb3GQVsuv1k1liuf%2Bmj3zbtE6j3FHtvw%2FKNdKKDmXgE%2Fq44DiWXRWJOh045rrNs9uLI3BbIrsQ0WiQVSeSa3Tq2fKeyXXzg"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8580
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b20b9ec0abc2-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dog.seetron.net/lx4oag1.js |  135.181.208.216 | | 77 kB |
URL dog.seetron.net/lx4oag1.js IP135.181.208.216:0 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65503), with no line terminators Hasha6781eeb8be115c2cc64c5b4898e5b9d 76001e6e130f936956842ce1fb672ca16be2370e cb8949c4918f30d767c8a97d1b1ddb36eabccf8d93659a80f4e850caa3701da2
GET /lx4oag1.js HTTP/1.1
Host: dog.seetron.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:29 GMT
content-type: application/javascript
content-length: 76790
last-modified: Fri, 22 Mar 2024 11:21:21 GMT
vary: Accept-Encoding
etag: "65fd69b1-12bf6"
content-encoding: gzip
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
cf-cache-status: HIT
age: 201
cf-ray: 8685d408ccf5d995-HEL
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| dog.seetron.net/LrfK7A3.js | 135.181.208.216 | | 77 kB |
URL dog.seetron.net/LrfK7A3.js IP135.181.208.216:0 ASN#24940 Hetzner Online GmbH
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65503), with no line terminators Hasha6781eeb8be115c2cc64c5b4898e5b9d 76001e6e130f936956842ce1fb672ca16be2370e cb8949c4918f30d767c8a97d1b1ddb36eabccf8d93659a80f4e850caa3701da2
GET /LrfK7A3.js HTTP/1.1
Host: dog.seetron.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:29 GMT
content-type: application/javascript
content-length: 76790
last-modified: Fri, 22 Mar 2024 11:21:21 GMT
vary: Accept-Encoding
etag: "65fd69b1-12bf6"
content-encoding: gzip
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
cf-cache-status: HIT
age: 201
cf-ray: 8685d408ccf5d995-HEL
x-frame-options: DENY
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| profitablegatecpm.com/fd/40/b6/fd40b682a05e4aaf489d29601350aa66.js | 172.240.108.76 | | 16 kB |
URL profitablegatecpm.com/fd/40/b6/fd40b682a05e4aaf489d29601350aa66.js IP172.240.108.76:0
File typeJavaScript source, ASCII text, with very long lines (45391), with no line terminators Hash8a823f34f9fffb527eb753debf3fdc13 225ac5e983e6e169b94e08d153e9e0b7cb236411 ea340e558c936561cda5235964a4b45d94275e6baef56349542b834d53879e33
GET /fd/40/b6/fd40b682a05e4aaf489d29601350aa66.js HTTP/1.1
Host: profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Tue, 07 May 2024 13:09:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 238a3daa509a2de188206a7b48b9a94f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.googletagmanager.com/gtm.js?id=GTM-56DK3TH | 142.250.74.168 | | 74 kB |
URL www.googletagmanager.com/gtm.js?id=GTM-56DK3TH IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (3287) Hash246debd3a929242de446bdb204e668aa e98bb8b1ed2c1e0c76f1c70f9e971cc2b4706765 7f7f736e54e51e0ef0b90fda5654e441cb896c76ee5c6e88f26f1b1438792673
GET /gtm.js?id=GTM-56DK3TH HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:29 GMT
expires: Sat, 04 May 2024 10:09:29 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=G-HEX1BG8H46&l=dataLayer&cx=c | 142.250.74.168 | | 95 kB |
URL www.googletagmanager.com/gtag/js?id=G-HEX1BG8H46&l=dataLayer&cx=c IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (7711) Hashc512de858a01e4a3bdcc9cde33ff407e a9d45634d2ad041ca0207aef9d38f50d50f2e634 b0a43abd3ab506fc06d88179094d1f1a7ac0550b3ce37f6edd9cfdf20c923ee7
GET /gtag/js?id=G-HEX1BG8H46&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:29 GMT
expires: Sat, 04 May 2024 10:09:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94575
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| s.o333o.com/adgpt.js |  85.10.205.45 | 200 OK | 820 B |
IP85.10.205.45:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerSectigo Limited Subjects.o333o.com FingerprintC1:C0:0F:C0:EF:0F:F7:7A:36:2F:00:9E:5C:55:63:54:63:A3:A6:46 ValidityMon, 12 Feb 2024 00:00:00 GMT - Fri, 28 Feb 2025 23:59:59 GMT
File typeASCII text, with very long lines (2040), with no line terminators Hash55f8db8e0ec58b646f0b5425b405fdd0 0c79af1239cafc7ec4783f20b0b886a61daccc09 3ec8849ba857ec32cdc682ea93f0c1f8e8ab97980af4f1d8ec312684ed0f5237
GET /adgpt.js HTTP/1.1
Host: s.o333o.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:29 GMT
content-type: application/javascript
content-length: 820
last-modified: Fri, 22 Mar 2024 11:21:21 GMT
vary: Accept-Encoding
etag: "65fd69b1-334"
content-encoding: gzip
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 10:09:29 GMT
Last-Modified: Sat, 04 May 2024 08:45:37 GMT
Server: ECAcc (ska/F7AF)
X-Cache: Miss from cloudfront
Via: 1.1 1461474e0d89d7660f19f427648cae0e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: ikXO0uW-G8cFLc0suy-gQispws6aT_hdmD9VhSuA2lUOyXcf14AbcQ==
Age: 5033
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | | 40 B |
URL proftrafficcounter.com/stats IP52.29.105.35:0
File typeASCII text, with no line terminators Hasha48b9934ab8fb37de8eb0c93d643257d 50b81fd8d00e81d7eaf3925b262e99ab3747b8af d2403b0e1354cdddc0eb3d4e452fc5def7949cbdd37f7eb3c46c546a2f83e53a
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://videzz.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b3c76af0-2de1-47ad-85c8-da3ca4ecf847:1:1; expires=Tue, 02 May 2034 10:09:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/Pj8pz0z | 172.67.205.77 | | 22 kB |
URL bid.bidclickmedia.com/sub/Pj8pz0z IP172.67.205.77:0
File typeHTML document, ASCII text Hashe151e24dc5b354ea8ee36534a8264594 4b5f293d59d009ee46087f164ee86d066e8e83f4 b2fdeeef5c48f24499731fdd7aae1650ad1bc6fa9ee58cf88fafe175658e888f
GET /sub/Pj8pz0z HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b034M061Jas5tOS2z9POGc8lKjKNDAbSB2bn%2BExHR3%2FA3FNW8iEuLMVIJgQhfeCxwD02Fn3eBudR1%2BqcxZUeVFTAEIdX0ViKVxbCCoq0Bwx12IfF67l2GtsxL1fcAfZOEiNXmS2h2%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210ffc8b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/31bV2Jy | 172.67.205.77 | | 1.3 kB |
URL bid.bidclickmedia.com/sub/31bV2Jy IP172.67.205.77:0
File typeHTML document, ASCII text Hashc1555c052dde7c63577b65ee2e032228 d3edbfc34af2949d589c6b978d7f3505d259def1 6355368aaf575ec49fad1013f7b100d3b4af0e08aa190538daaa7e1966141c31
GET /sub/31bV2Jy HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FlEQFHSEsFkv1j6oGAHP4XjvCHYoGn4E88iNohM%2FA2Y7a2LE7qDUTo%2FzzujIesaX%2BnT2PK%2FIj0nbkpOW6ySNjj2WgOQJx%2FQasq0%2BIQRaPVD4QjbbTruArVDg3uzkOsFZZFW92IquKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210ffd3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/Zj8D76R | 172.67.205.77 | | 8.3 kB |
URL bid.bidclickmedia.com/sub/Zj8D76R IP172.67.205.77:0
File typeHTML document, ASCII text Hasha59a1eb59104d4bf5ae063b28f80a03e a03719ddbf97ee76f24a77994dc2fed934bad2db 80499cd3508dab092fa2c87d292031821e2230653503f1dd41c2b9c04571fc47
GET /sub/Zj8D76R HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfPJ8b7McbRaPdQSh6r4ybEZ7ZsqHzJKZCuH6H3mRb%2FGa2suYuQg9UaNQfHWmUTLJVUwSRWsBEvHLvrxL8Nb3D7fQ6y6iItZDoaohj0Oazf2pxVjw5Ci1TNHrGWUihJCdXb%2BitEfoIo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210af79b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| str35.vidoza.net/nvl4edmspmfeieno3ukanwvdo2n6ugxu3qsde25r3zepadyuohr4tjo4ehha/v.mp4 | 109.202.99.227 | | 2.1 MB |
URL str35.vidoza.net/nvl4edmspmfeieno3ukanwvdo2n6ugxu3qsde25r3zepadyuohr4tjo4ehha/v.mp4 IP109.202.99.227:0 ASN#49453 Global Layer B.V.
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Size2.1 MB (2072541 bytes) Hash3b8c4faff693e472b908e3896d5f2ca5 cf7bfab19462ebfa98d04ec436ad90df3fdea0b3 2e645705908a40f645a98df6532c8cfc25918b2492d99803d31b2cca04256676
GET /nvl4edmspmfeieno3ukanwvdo2n6ugxu3qsde25r3zepadyuohr4tjo4ehha/v.mp4 HTTP/1.1
Host: str35.vidoza.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 206 Partial Content
server: nginx/1.20.1
date: Sat, 04 May 2024 10:09:29 GMT
content-type: video/mp4
content-length: 96826092
last-modified: Fri, 03 May 2024 22:39:16 GMT
etag: "66356794-5c572ec"
content-range: bytes 0-96826091/96826092
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/Pj8pz0z | 172.67.205.77 | | 3.1 kB |
URL bid.bidclickmedia.com/sub/Pj8pz0z IP172.67.205.77:0
File typeHTML document, ASCII text Hashe151e24dc5b354ea8ee36534a8264594 4b5f293d59d009ee46087f164ee86d066e8e83f4 b2fdeeef5c48f24499731fdd7aae1650ad1bc6fa9ee58cf88fafe175658e888f
GET /sub/Pj8pz0z HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1pVgKhc5gS1D08lnSDpJUP%2Bjfz5OqmVYcDgXUlwp2%2B7K78bq%2FkkQIJL10aRJnqJjUU8hcDgGRJB4J981mM%2FaR6HRNHWTXjVlW6WVO9aj2yTWzVeChvpMK2ETx4%2FXITr5YtS%2B8mMwjw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210dfb5b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/0YDX8OE | 172.67.205.77 | | 13 kB |
URL bid.bidclickmedia.com/sub/0YDX8OE IP172.67.205.77:0
File typeHTML document, ASCII text Hashf5ed6ce7b82ba2323315254d8ec73268 130f2deb64cffe104ed683e06bb6f60d3755ac1c fea4d8201695c74087e6b7cdd58df01361f12fcad31870e7d9fbbed7402a2926
GET /sub/0YDX8OE HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AssHVwgWqLc5yTSZpIXGM83%2FavcQHucdND1n%2FE0MOISWZ%2FlCZ3gFA%2FpFINIBnf8NfRcIxIi2lVq3IQ0VwCHYzY8STgu32V8klJh87wVyqHZfAauplmsWfeolk0g377M3AKkbxu9HBxY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210bf84b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| bid.bidclickmedia.com/sub/31pnK5n | 172.67.205.77 | | 5.7 kB |
URL bid.bidclickmedia.com/sub/31pnK5n IP172.67.205.77:0
File typeHTML document, ASCII text Hashf43a9f52bdd16907856bcccdc018b8c9 260324361bf19dc2ea4982f6fd312f9c8d5039cc 0ce413bbb7e1789744cfd7f9c3bc4614d9c5086f6dd9cbad67bdc4d181b9d5be
GET /sub/31pnK5n HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2e6sO4dq90yjUCw3GskA1lISPq50NBbEyNWD17q3P2VmBtg8FzgEM%2FKKDMuBnj%2FFJMpttwYPYNWKo2WMrK6ZYLRmzvZWm7BuKtElGPjQeXedeuvK0BD3uXEgFVnvN%2F3CTDj6MxpNv1w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210af78b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-HEX1BG8H46>m=45je4510v9104348843za200&_p=1714817369254&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=202123974.1714817370&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714817369&sct=1&seg=0&dl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&dt=Vidoza&en=page_view&_fv=1&_nsi=1&_ss=2&tfd=1419 | 216.239.34.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-HEX1BG8H46>m=45je4510v9104348843za200&_p=1714817369254&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=202123974.1714817370&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714817369&sct=1&seg=0&dl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&dt=Vidoza&en=page_view&_fv=1&_nsi=1&_ss=2&tfd=1419 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-HEX1BG8H46>m=45je4510v9104348843za200&_p=1714817369254&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=202123974.1714817370&ul=en-us&sr=1280x1024&pscdl=noapi&_eu=AAAI&_s=1&sid=1714817369&sct=1&seg=0&dl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&dt=Vidoza&en=page_view&_fv=1&_nsi=1&_ss=2&tfd=1419 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://videzz.net
date: Sat, 04 May 2024 10:09:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 | 104.18.11.207 | | 77 kB |
URL maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 IP104.18.11.207:0
File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459 Hashaf7ae505a9eed503f8b8e6982036873e d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 19:08:24
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0a41a35b44b9a221d4e11fe69e9304aa
cdn-cache: HIT
cf-cache-status: HIT
age: 323464
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b217bad7b4fd-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dudleynutmeg.com/sbar.json?key=fd40b682a05e4aaf489d29601350aa66&psid=CF-3448_1 | 192.243.61.227 | 200 OK | 6.0 kB |
URL GET HTTP/1.1dudleynutmeg.com/sbar.json?key=fd40b682a05e4aaf489d29601350aa66&psid=CF-3448_1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashb4946f82b412253bf514a042db53642b 7d41177612f4a217cddfd29c7cc78bd995f9f165 f0097284f4dc8238339f2f7c2149970783b05de1a4e63d091fa4e2cc0cb67044
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=fd40b682a05e4aaf489d29601350aa66&psid=CF-3448_1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:30 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://videzz.net
Access-Control-Allow-Origin: https://videzz.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19071538; expires=Sun, 05 May 2024 10:09:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 10:09:30 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 10:09:30 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 10:09:30 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 10:09:30 GMT; secure; SameSite=None
slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]; expires=Sat, 04 May 2024 10:09:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 044f22e1e4b3286199db9121463bda48
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| videzz.net/js/jquery.min.js | 78.142.18.54 | | 503 B |
URL videzz.net/js/jquery.min.js IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
Hash02292d1f048f40540e7482fa579686fe 028261b3d83ba601d4fe2e5356e0ba04b7e567d9 fb4d0bff8887a580e9ba0dcd01db58bf5bb9d2cb3340a2128f6a308f4166463f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/jquery.min.js HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 07:30:33 GMT
vary: Accept-Encoding
etag: W/"662ca999-1762a"
expires: Mon, 03 Jun 2024 10:03:41 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| videzz.net/css/videojs.5.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 78.142.18.54 | | 53 kB |
URL videzz.net/css/videojs.5.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typegzip compressed data, from Unix Hash5eeb5f1e849c1801d494fbc638761c47 81f9ca8faf635279ebf61e8d9ff7f3234c6da33b dc0fe0f35d6f531c643901a151776abbe5b4f14d1c9213521417cb7ff55b89d4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/videojs.5.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: text/css
last-modified: Sat, 27 Apr 2024 07:30:42 GMT
vary: Accept-Encoding
etag: W/"662ca9a2-29645"
expires: Mon, 03 Jun 2024 10:03:55 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| videzz.net/js/videojs.5.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 78.142.18.54 | | 101 kB |
URL videzz.net/js/videojs.5.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typegzip compressed data, from Unix Size101 kB (100818 bytes) Hash8d8f05014a43f57ae14261e5109c966b f5439f2756104260525095ae60366392a9ed66c2 337bf9d3733a395134050fe81b0e9e5e14bd5b68ae5816d309b8b41f5117f7e5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/videojs.5.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 07:30:33 GMT
vary: Accept-Encoding
etag: W/"662ca999-65a66"
expires: Mon, 03 Jun 2024 10:03:46 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| gobetweencomment.com/pixel/purst?dl=0&th=0&sc=0&rs=2541&rd=2541&fd=1077&bv=24.5.6485&tmpl=136 | 192.243.59.20 | | 0 B |
URL gobetweencomment.com/pixel/purst?dl=0&th=0&sc=0&rs=2541&rd=2541&fd=1077&bv=24.5.6485&tmpl=136 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2541&rd=2541&fd=1077&bv=24.5.6485&tmpl=136 HTTP/1.1
Host: gobetweencomment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| bid.bidclickmedia.com/sub/Pj8pz0z | 172.67.205.77 | | 505 B |
URL bid.bidclickmedia.com/sub/Pj8pz0z IP172.67.205.77:0
File typeHTML document, ASCII text Hashe151e24dc5b354ea8ee36534a8264594 4b5f293d59d009ee46087f164ee86d066e8e83f4 b2fdeeef5c48f24499731fdd7aae1650ad1bc6fa9ee58cf88fafe175658e888f
GET /sub/Pj8pz0z HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2BNzwoPItl6uTPzGnT8XP4fHow3if5CfTR461%2FCJ2RuJ4%2FjUoKdNsD8JH%2BrZLVdMGim02GqO5a40pmU28lafnP0kaQFe5Aw0e1v1cvfg0Eiis418PiNBGeQyyxNfH22l2F0ff2eXDZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b210efbeb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HEX1BG8H46&cid=202123974.1714817370>m=45je4510v9104348843za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1429062264 | 216.58.207.227 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HEX1BG8H46&cid=202123974.1714817370>m=45je4510v9104348843za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1429062264 IP216.58.207.227:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HEX1BG8H46&cid=202123974.1714817370>m=45je4510v9104348843za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1429062264 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 May 2024 10:09:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| xml.xmlking.com/redirect?feed=591363&auth=0yfQfB&pubid=195183 | 174.137.133.17 | | 0 B |
URL xml.xmlking.com/redirect?feed=591363&auth=0yfQfB&pubid=195183 IP174.137.133.17:0 ASN#27257 WEBAIR-INTERNET
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=591363&auth=0yfQfB&pubid=195183 HTTP/1.1
Host: xml.xmlking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
|
|
| static.addtoany.com/menu/svg/icons/viber.js | 104.22.71.197 | | 508 B |
URL static.addtoany.com/menu/svg/icons/viber.js IP104.22.71.197:0
CertificateIssuerLet's Encrypt Subjectstatic.addtoany.com Fingerprint5B:74:98:2D:F8:22:DB:0D:4E:74:B7:99:A7:7C:80:F6:CA:1A:8E:CA ValidityTue, 23 Apr 2024 07:56:27 GMT - Mon, 22 Jul 2024 07:56:26 GMT
File typeASCII text, with very long lines (1003), with no line terminators Hashaeffbbeba6dd343b89fdc22cdf23f8c8 7be9f0a8fbd22f85cd4408ed04b69e98cbb79de7 c38246b300667ea8ab28940a729e65168f981baf8adc8d708c299e85b9e2dcee
GET /menu/svg/icons/viber.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://static.addtoany.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-bgj: minify
etag: W/"ab1da422605fdb35fd02440984d36475"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9M0rb%2BlxK%2FoVsTW%2BGG0gAV%2FZ1piN8S203kYMFo607CVx%2Fjmecxu8H4kL7bp9jwZt8Egtrpb0rM6tKdsDVCVUAUglqOvAhCFDY1u8NVb6rrNNTQXdM8uqjyqMNub3NThTQ85aCzQ%2FFd2quzTVwUO62Ob6"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2637
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b2145c799306-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ909k54Z9xDczUaCcbPuKsoqLNVd1ZMy1VVNVff0ZE7BgOxx8CJ46nyTbIgGf5w8ucpkRSGgZDzlYK7%2BAYFFbzJj2OCD7vdefV%2FB975Xn27lJ8RHTo8X3tZ9ISWdnau51Vc%2B8LzL1WWh8l611wruBI3LVdN9vR3U3Ferb%2FJoTc%2F6rue6nutVF4Xhse7NTkCIdL%2Ft1dpureHXvLkGeub%2Fvc0dWOqAdU%2FIsxBsPPPAuQgRjaCSbxe4Xct0eulakkuaaYMu231PrSldKCTnZWwcxGr3jA1tjxbvQ6udqVzo7iNiKMbE%2BeU%2BQrV7JhJhd3uqM5TgCiF7CkV3BC5HEHSESG9CsCMCRAzXV6CSe9e1Kej6fyidoGMy8%2FAUohiTmT8vQiVfX5GiV72lZZ4JrSx6cQnRG0F0RkjzA2T9CkRxgCj7BIL9RmYfLkMl2ytWaghWTmcXYgQRjyD5ANQ6yCefcJDHDvLUQcKOq5HneU2XRdRttaOozpo8DJjr0WbsUc8NWsijibwBsnSASA4QmQ2kZgNrYgCT%2FwS7WsIyBzYbE%2BedDXRZiYITFJagoASFICgygqJb7jBpfVveY9LmoXeW%2FbNcL4c662zRHZ11uCKgZgDDyq30hDwz8cd5qeJjjR9XY9Zww6DlU3eONyiNG60289uB69XnXEqDAFbsXV18rd5otO54ELYynb0vxuTl%2BHukYkwu%2FEoQ0gNYeYBIPAeavwhalKCrJfrqm4QKVesKpvu0pngGpkuk2QyydWdLnpDnp9ta2czBo8P5079HavufJUSmRGpKfCweEHTk3eFNXZDtm7qw5LuVNBOJ6NPJJm9lNOOPf%2FkWXy%2B0YUsLdrD3RjQBJuX%2Bu9xmy1QxoTqWfHVFMMbNojYRJz8s2fd5eCO3q1dyo%2FJ0%2BcbVxaUkNdxaodUIVBxd%2BxyRGJOnf%2Fxo%2BkQvffgXhBnB5CWS%2FJCcBYQ%2BQJRuwKaH86cX3J%2B%2F2GOwmsDIc06YOijycmj88PxQCgLJz3salrD8cP73y%2Bz2C%2FtPIOSP7BgaOrlNRbll76JjKqDZJlRSomtKdGUJKgew%2BWPDLDWH83%2FUp4FQVoahNJXtUBr52dTkyc%2FCiuNqs153adCe85pNypthw2%2FFgcco9RuBHwS0jsyO4%2BDJ2%2F8CAAD%2F%2FwEAAP%2F%2FMThPw3wEAAA%3D | 192.243.61.227 | | 7 B |
URL dudleynutmeg.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ909k54Z9xDczUaCcbPuKsoqLNVd1ZMy1VVNVff0ZE7BgOxx8CJ46nyTbIgGf5w8ucpkRSGgZDzlYK7%2BAYFFbzJj2OCD7vdefV%2FB975Xn27lJ8RHTo8X3tZ9ISWdnau51Vc%2B8LzL1WWh8l611wruBI3LVdN9vR3U3Ferb%2FJoTc%2F6rue6nutVF4Xhse7NTkCIdL%2Ft1dpureHXvLkGeub%2Fvc0dWOqAdU%2FIsxBsPPPAuQgRjaCSbxe4Xct0eulakkuaaYMu231PrSldKCTnZWwcxGr3jA1tjxbvQ6udqVzo7iNiKMbE%2BeU%2BQrV7JhJhd3uqM5TgCiF7CkV3BC5HEHSESG9CsCMCRAzXV6CSe9e1Kej6fyidoGMy8%2FAUohiTmT8vQiVfX5GiV72lZZ4JrSx6cQnRG0F0RkjzA2T9CkRxgCj7BIL9RmYfLkMl2ytWaghWTmcXYgQRjyD5ANQ6yCefcJDHDvLUQcKOq5HneU2XRdRttaOozpo8DJjr0WbsUc8NWsijibwBsnSASA4QmQ2kZgNrYgCT%2FwS7WsIyBzYbE%2BedDXRZiYITFJagoASFICgygqJb7jBpfVveY9LmoXeW%2FbNcL4c662zRHZ11uCKgZgDDyq30hDwz8cd5qeJjjR9XY9Zww6DlU3eONyiNG60289uB69XnXEqDAFbsXV18rd5otO54ELYynb0vxuTl%2BHukYkwu%2FEoQ0gNYeYBIPAeavwhalKCrJfrqm4QKVesKpvu0pngGpkuk2QyydWdLnpDnp9ta2czBo8P5079HavufJUSmRGpKfCweEHTk3eFNXZDtm7qw5LuVNBOJ6NPJJm9lNOOPf%2FkWXy%2B0YUsLdrD3RjQBJuX%2Bu9xmy1QxoTqWfHVFMMbNojYRJz8s2fd5eCO3q1dyo%2FJ0%2BcbVxaUkNdxaodUIVBxd%2BxyRGJOnf%2Fxo%2BkQvffgXhBnB5CWS%2FJCcBYQ%2BQJRuwKaH86cX3J%2B%2F2GOwmsDIc06YOijycmj88PxQCgLJz3salrD8cP73y%2Bz2C%2FtPIOSP7BgaOrlNRbll76JjKqDZJlRSomtKdGUJKgew%2BWPDLDWH83%2FUp4FQVoahNJXtUBr52dTkyc%2FCiuNqs153adCe85pNypthw2%2FFgcco9RuBHwS0jsyO4%2BDJ2%2F8CAAD%2F%2FwEAAP%2F%2FMThPw3wEAAA%3D IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ909k54Z9xDczUaCcbPuKsoqLNVd1ZMy1VVNVff0ZE7BgOxx8CJ46nyTbIgGf5w8ucpkRSGgZDzlYK7%2BAYFFbzJj2OCD7vdefV%2FB975Xn27lJ8RHTo8X3tZ9ISWdnau51Vc%2B8LzL1WWh8l611wruBI3LVdN9vR3U3Ferb%2FJoTc%2F6rue6nutVF4Xhse7NTkCIdL%2Ft1dpureHXvLkGeub%2Fvc0dWOqAdU%2FIsxBsPPPAuQgRjaCSbxe4Xct0eulakkuaaYMu231PrSldKCTnZWwcxGr3jA1tjxbvQ6udqVzo7iNiKMbE%2BeU%2BQrV7JhJhd3uqM5TgCiF7CkV3BC5HEHSESG9CsCMCRAzXV6CSe9e1Kej6fyidoGMy8%2FAUohiTmT8vQiVfX5GiV72lZZ4JrSx6cQnRG0F0RkjzA2T9CkRxgCj7BIL9RmYfLkMl2ytWaghWTmcXYgQRjyD5ANQ6yCefcJDHDvLUQcKOq5HneU2XRdRttaOozpo8DJjr0WbsUc8NWsijibwBsnSASA4QmQ2kZgNrYgCT%2FwS7WsIyBzYbE%2BedDXRZiYITFJagoASFICgygqJb7jBpfVveY9LmoXeW%2FbNcL4c662zRHZ11uCKgZgDDyq30hDwz8cd5qeJjjR9XY9Zww6DlU3eONyiNG60289uB69XnXEqDAFbsXV18rd5otO54ELYynb0vxuTl%2BHukYkwu%2FEoQ0gNYeYBIPAeavwhalKCrJfrqm4QKVesKpvu0pngGpkuk2QyydWdLnpDnp9ta2czBo8P5079HavufJUSmRGpKfCweEHTk3eFNXZDtm7qw5LuVNBOJ6NPJJm9lNOOPf%2FkWXy%2B0YUsLdrD3RjQBJuX%2Bu9xmy1QxoTqWfHVFMMbNojYRJz8s2fd5eCO3q1dyo%2FJ0%2BcbVxaUkNdxaodUIVBxd%2BxyRGJOnf%2Fxo%2BkQvffgXhBnB5CWS%2FJCcBYQ%2BQJRuwKaH86cX3J%2B%2F2GOwmsDIc06YOijycmj88PxQCgLJz3salrD8cP73y%2Bz2C%2FtPIOSP7BgaOrlNRbll76JjKqDZJlRSomtKdGUJKgew%2BWPDLDWH83%2FUp4FQVoahNJXtUBr52dTkyc%2FCiuNqs153adCe85pNypthw2%2FFgcco9RuBHwS0jsyO4%2BDJ2%2F8CAAD%2F%2FwEAAP%2F%2FMThPw3wEAAA%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a88754c270e28e97860bed451e5e454f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| bid.bidclickmedia.com/load | 172.67.205.77 | 302 Found | 722 B |
URL POST HTTP/3bid.bidclickmedia.com/load IP172.67.205.77:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subjectbidclickmedia.com Fingerprint2D:71:60:23:79:D8:E4:4A:B8:81:BA:F0:ED:58:CB:A8:66:21:A7:E7 ValiditySun, 31 Mar 2024 14:28:20 GMT - Sat, 29 Jun 2024 14:28:19 GMT
File typeHTML document, ASCII text, with very long lines (306) Hash16d100fdbc2344bfa536b2a179b8abef 916296721f48db6242d8478493ab7fd33e8cc33e f2f1c6a23ddc6dac495bc4a21c18f85d8275386de0087140257fc677319203b9
POST /load HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Origin: https://bid.bidclickmedia.com
DNT: 1
Connection: keep-alive
Referer: https://bid.bidclickmedia.com/sub/Pj8pz0z
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sat, 04 May 2024 10:09:30 GMT
content-type: text/html; charset=utf-8
location: https://xml.xmlking.com/redirect?feed=591364&auth=oodr9S&pubid=195183
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmcqDm80SQcaSe000yqgudcRDo1sGYu9a%2BXxAWKPEfu1rwo7n%2BEeh5SsG0UvBzHXbJR9PIIN2v34%2FtEioIRxc%2B037shSDszFWdyZqDzfeC9JOIWF8cOW%2BCdY1McK3SUVS5IgkdGixCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b2177aae568f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.addtoany.com/menu/svg/icons/reddit.js | 104.22.71.197 | | 1.2 kB |
URL static.addtoany.com/menu/svg/icons/reddit.js IP104.22.71.197:0
CertificateIssuerLet's Encrypt Subjectstatic.addtoany.com Fingerprint5B:74:98:2D:F8:22:DB:0D:4E:74:B7:99:A7:7C:80:F6:CA:1A:8E:CA ValidityTue, 23 Apr 2024 07:56:27 GMT - Mon, 22 Jul 2024 07:56:26 GMT
File typeASCII text, with very long lines (893), with no line terminators Hash408cc755e613b4f00fbe10d7411ed087 14341990ed687477b3addbdd1a3b50ae8a98589b 68ed9b82b62d45cf5d12587a7e9566a4ddeb94d69bcb225e9e3c7268c76b3cbb
GET /menu/svg/icons/reddit.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://static.addtoany.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-bgj: minify
etag: W/"1fe5b5008de689ce6464d7bcb07e742c"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0mOx4XlrTIiF2kgPx6kTLqvld9HnTiKfwbHtlQYvoZA5g44lQveP2tVGPcXkEtoJ4gdclI9E4sgSmKYq0PxXzDgMaF%2BsVjnodBsPUjbhHxMB74I6LxuYoSHW9DhGzcNcscDW8G9"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8424
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b2145c659306-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css | 104.21.70.253 | | 11 kB |
URL cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css IP104.21.70.253:0
Hash5982c5377696d20476871062646b253f 8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242 4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4
GET /sb/notifications/gambling/unibet/social-box-confetti/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:31 GMT
content-type: text/css
last-modified: Fri, 02 Feb 2024 15:34:04 GMT
etag: W/"65bd0b6c-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 150642
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yChYvv8%2BiyMfuJFlfkJu8PIMzrNQ7EefVHXfENSNnM8wj3tZVhfUkDEWjI8hj7brMVaeUktj80kHrM7%2F9xAgX1nYsopzm04j9y2EgLw0rgfQ457BYjqrg30cXD71PS8A89Ovp9%2BGLXbF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b21c5daab52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png | 104.21.70.253 | 200 OK | 44 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png IP104.21.70.253:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 2038 x 728, 8-bit/color RGBA, non-interlaced Hash7385ff746ad38c8d244e3c5ee4a939a1 2bf171af67d57e5ed098473551ab9a4729051136 9d16ffd0a510eaf5e7a8509f0c02c7d26bc8b65675f2be5aba15d8094c00269a
GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:31 GMT
content-type: image/png
content-length: 43597
last-modified: Thu, 02 May 2024 09:37:49 GMT
etag: "66335eed-aa4d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 166968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=se9Gv%2Fq8lFyVe1lSe34Z5L0taWZ1rdK5pqA16OMRmuLuPzoCOjnucInA4Kpwxk8ucF7xtmTQlnDSQ7B%2BcFRVzqCeo34hdwoNmOqTDOr3n97aQnxnv818lpCGiYZG%2B%2BPqg63yNE6CZLEM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b21cadfcb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif | 104.21.70.253 | | 206 kB |
URL cdn.creative-bars1.com/sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif IP104.21.70.253:0
File typeGIF image data, version 89a, 480 x 360 Size206 kB (206291 bytes) Hash0b33face774f2203446507ce5f075538 1dd3522529bce7739df0687f47f5bc84356698a0 ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2
GET /sb/notifications/gambling/unibet/social-box-confetti/1/img/confetti.gif HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:31 GMT
content-type: image/gif
content-length: 206291
last-modified: Fri, 02 Feb 2024 15:34:07 GMT
etag: "65bd0b6f-325d3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 166968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdTdf6JHoeFkkAPvnp6q2grrMtu9yUG5y43kD4qRuI6%2B3Awlzb%2FgV31Vc3RNCWHcPSKxkMufZVh5lJov19Anl9tYUjYgY6SeIDUP3jMBn%2FxJGZmqklciEqn2UZfM6kCgpb6c%2FPHHGgoi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b21cadf8b52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| videzz.net/favicon.ico?v=2 | 78.142.18.54 | | 297 B |
URL videzz.net/favicon.ico?v=2 IP78.142.18.54:0 ASN#208046 ColocationX Ltd.
CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash07075ddac650ad1577e310576f4ac231 1c8f551262fac5a047a268b82fa932c405ab13ff c5f2d482ae4405a8e9f16a7ab09c5d04380283eb0cb0a9b237b32bc1bca47901
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico?v=2 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1; _ga_HEX1BG8H46=GS1.1.1714817369.1.0.1714817370.59.0.0; _ga=GA1.1.202123974.1714817370; file_id=38020566; aff=173354; sb_main_fd40b682a05e4aaf489d29601350aa66=1; sb_count_fd40b682a05e4aaf489d29601350aa66=1; asgfp2=172e5b6362817b33a26bdcbe3d1af8ae; dom3ic8zudi28v8lr6fgphwffqoz0j6c=b3c76af0-2de1-47ad-85c8-da3ca4ecf847%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:31 GMT
content-type: image/x-icon
last-modified: Sat, 27 Apr 2024 07:30:42 GMT
vary: Accept-Encoding
etag: W/"662ca9a2-47e"
expires: Mon, 03 Jun 2024 10:01:31 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| rheneapfg.com/iiDuhERNyeT/57128 | 23.109.170.33 | | 61 B |
URL rheneapfg.com/iiDuhERNyeT/57128 IP23.109.170.33:0
File typeHTML document, ASCII text, with no line terminators Hash86733bb66fb84b851592d733e51f0cbd 42eaf19a5ca195667a9212b0ea3557eee76954a8 927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /iiDuhERNyeT/57128 HTTP/1.1
Host: rheneapfg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 10:09:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 10:09:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| serosaharlem.com/ij70IKIf4Ueonvwm/57128 | 23.109.170.33 | | 61 B |
URL serosaharlem.com/ij70IKIf4Ueonvwm/57128 IP23.109.170.33:0
File typeHTML document, ASCII text, with no line terminators Hash86733bb66fb84b851592d733e51f0cbd 42eaf19a5ca195667a9212b0ea3557eee76954a8 927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ij70IKIf4Ueonvwm/57128 HTTP/1.1
Host: serosaharlem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 10:09:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 10:09:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=145 | 172.240.108.68 | | 0 B |
URL dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=145 IP172.240.108.68:0
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fstyle.css&l=4574&fd=145 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=133 | 192.243.61.227 | | 0 B |
URL dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=133 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fcss%2Fanimate.css&l=78693&fd=133 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| static.addtoany.com/menu/svg/icons/twitter.js | 104.22.71.197 | | 728 B |
URL static.addtoany.com/menu/svg/icons/twitter.js IP104.22.71.197:0
CertificateIssuerLet's Encrypt Subjectstatic.addtoany.com Fingerprint5B:74:98:2D:F8:22:DB:0D:4E:74:B7:99:A7:7C:80:F6:CA:1A:8E:CA ValidityTue, 23 Apr 2024 07:56:27 GMT - Mon, 22 Jul 2024 07:56:26 GMT
File typeASCII text, with very long lines (645), with no line terminators Hashca05cf90bd32d6134c0b92464c343f9a 187feb5cc71d225717838268487a0abc9b8d405c 3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
GET /menu/svg/icons/twitter.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://static.addtoany.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-bgj: minify
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDPgy6%2FCFco7ZqeYZITOPpe4G7aTd1GkCTxJkCzo3%2Faq1nSc8YCKI5rv%2FEc26ZobIVPfG95wngqxtuC1v6ytV7ocv34Wmf%2FCJNYbd0Rt8Iro2ga8%2Bx3Q3cFEQLvZQNh9dar9LmUpfyutdXuKILUrcx88"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2637
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b2145c699306-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js | 104.17.24.14 | | 5.1 kB |
URL cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js IP104.17.24.14:0
File typeJavaScript source, ASCII text, with very long lines (17660) Hash12dd498bf90c536803c2aad708b66c2b 5f9363d39a405d1c94328cf2303ff4a05c0ad163 c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
GET /ajax/libs/postscribe/2.0.8/postscribe.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 5117
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03faa-45f4"
last-modified: Mon, 04 May 2020 16:15:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 219803
expires: Thu, 24 Apr 2025 10:09:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vU%2BLk4TMkYwGDuV66x92lvgZaCqDptJ%2B%2FtQ3RuJChiuLGHKJ%2FDn9s2ftBFehsBzfJ4K2LcUZNSZY7wS1yWOcPVSY80%2Fvy0BvnRZ92TpsQOG%2FdOa2cu9fuQXN6Ub5jKnuUDSgzQTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e7b21e8bcc56b7-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=142 | 172.240.108.68 | | 0 B |
URL dudleynutmeg.com/pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=142 IP172.240.108.68:0
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.18.6785&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgambling%2Funibet%2Fsocial-box-confetti%2F1%2Fjs%2Fscript.js&l=2042&fd=142 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| xml.xmlking.com/redirect?feed=591364&auth=oodr9S&pubid=195183 | 174.137.133.17 | | 0 B |
URL xml.xmlking.com/redirect?feed=591364&auth=oodr9S&pubid=195183 IP174.137.133.17:0 ASN#27257 WEBAIR-INTERNET
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=591364&auth=oodr9S&pubid=195183 HTTP/1.1
Host: xml.xmlking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.602222&d2=bid.bidclickmedia.com&d1=
|
|
| dudleynutmeg.com/pixel/sbs?c=1 | 172.240.108.68 | | 0 B |
URL dudleynutmeg.com/pixel/sbs?c=1 IP172.240.108.68:0
CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ93zKzPuIbibjQTjZt1VlFVYqquqJ2Wqq5qq7unJnIIB2ePgRfDU%2BSbZEA3%2BOHlylcmKQkDJeMrBXP0DAoveZMawwQfd7736voLvfa8%2B3cpOSBUZPV542%2FSlUnS2UfHLr3wQBJfLy1JnvXKv1bzTrF8u2%2B7r7WbFf7X8pmBrZrbqB74f%2BEF5UVoRmd7sBIRM9ttBpe1X6tVK0KijZ%2F%2Ffu8yDox5494Q8C8nHMw%2B8i5BsBB1%2FuyDcWmqSS9fiTNHUWHT57nt6TZtcIz4vI%2Bsh0rtnbBh3tHgfRu9M5cJ0HxFDOSbeL%2FcR6t0zkQi721OdoYLQCPlTyLsjCDWCpCMwswnJjwjAOK6vQMf3rhub0%2FX%2FUDpBx2Tm4SlkPiYzf16Ejr%2B%2BomSvfMuoLJVGO%2FSiArI3guyMkGQHSPslyPwALP0Ekv9GZh8uQ8fbK04ZSF5MZ5dyBBmNoMQA1HnIJp%2F0kEUessRDzI%2FLLAiCOZ8z6rfajNX4nAib3A%2FoXBTQwG%2B2kLGJvAHSZACmBmB2A4ndwJocwGY%2Fwa0WcNyDS8fEe2cDXV4gFwS5I8gpQS4J8pQg7xY7XLmqK%2B5x5bIwOMvVs1wrhibtbNEdk3aEJqB2AMuLreSEPDPxx3upVMWaOC5HvO6HzVaV%2Bg1RpzSqt9q82m76Qa3hU9pswsm9q4uv1er11p0A0pWms%2FflmLwcfY9EjsmFXwlCegCnDsDkc6DZi6B5AbpaoK%2B%2FianUla7kpk8rWqTgpkCSziBd97bUCXl%2Buq2VzQyCHc6f%2Fj3S2%2F8sgdkCiS3wsXxA0FF3hzdNTrZvmtyR71aSVMayTyebvJXSVDz%2B5VtiPTeWLy24wd4bbAJMyv13hUuXqeZSdxz56orkXNhFY5kgPyy590V4I3OrVzKrs2T5xtXFpTixwjlp9AhUHl37HEyOydM%2FfjR9opc%2B%2FAvSjmCzAnF2SM4C0hyAJRtwyeH86QX%2F5y%2F2OJwhsOqcEyYe8qwY2mp4fqgkgRLnPQ0LOHE4%2F%2FtlfvuF%2FScQikd2DC2d3Kay2HJ30bEl0HQTOi7QtQW6qgBVA7jssWGa2MP5P2rTQKhKw1DZ0naorPpsavLk5%2BDkcbnm87lQRGIuFPVGPRKMh41G6LOIhTXeajGkbhw1n7z9LwAAAP%2F%2FAQAA%2F%2F%2Bx7JorfAQAAA%3D%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1dudleynutmeg.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ93zKzPuIbibjQTjZt1VlFVYqquqJ2Wqq5qq7unJnIIB2ePgRfDU%2BSbZEA3%2BOHlylcmKQkDJeMrBXP0DAoveZMawwQfd7736voLvfa8%2B3cpOSBUZPV542%2FSlUnS2UfHLr3wQBJfLy1JnvXKv1bzTrF8u2%2B7r7WbFf7X8pmBrZrbqB74f%2BEF5UVoRmd7sBIRM9ttBpe1X6tVK0KijZ%2F%2Ffu8yDox5494Q8C8nHMw%2B8i5BsBB1%2FuyDcWmqSS9fiTNHUWHT57nt6TZtcIz4vI%2Bsh0rtnbBh3tHgfRu9M5cJ0HxFDOSbeL%2FcR6t0zkQi721OdoYLQCPlTyLsjCDWCpCMwswnJjwjAOK6vQMf3rhub0%2FX%2FUDpBx2Tm4SlkPiYzf16Ejr%2B%2BomSvfMuoLJVGO%2FSiArI3guyMkGQHSPslyPwALP0Ekv9GZh8uQ8fbK04ZSF5MZ5dyBBmNoMQA1HnIJp%2F0kEUessRDzI%2FLLAiCOZ8z6rfajNX4nAib3A%2FoXBTQwG%2B2kLGJvAHSZACmBmB2A4ndwJocwGY%2Fwa0WcNyDS8fEe2cDXV4gFwS5I8gpQS4J8pQg7xY7XLmqK%2B5x5bIwOMvVs1wrhibtbNEdk3aEJqB2AMuLreSEPDPxx3upVMWaOC5HvO6HzVaV%2Bg1RpzSqt9q82m76Qa3hU9pswsm9q4uv1er11p0A0pWms%2FflmLwcfY9EjsmFXwlCegCnDsDkc6DZi6B5AbpaoK%2B%2FianUla7kpk8rWqTgpkCSziBd97bUCXl%2Buq2VzQyCHc6f%2Fj3S2%2F8sgdkCiS3wsXxA0FF3hzdNTrZvmtyR71aSVMayTyebvJXSVDz%2B5VtiPTeWLy24wd4bbAJMyv13hUuXqeZSdxz56orkXNhFY5kgPyy590V4I3OrVzKrs2T5xtXFpTixwjlp9AhUHl37HEyOydM%2FfjR9opc%2B%2FAvSjmCzAnF2SM4C0hyAJRtwyeH86QX%2F5y%2F2OJwhsOqcEyYe8qwY2mp4fqgkgRLnPQ0LOHE4%2F%2FtlfvuF%2FScQikd2DC2d3Kay2HJ30bEl0HQTOi7QtQW6qgBVA7jssWGa2MP5P2rTQKhKw1DZ0naorPpsavLk5%2BDkcbnm87lQRGIuFPVGPRKMh41G6LOIhTXeajGkbhw1n7z9LwAAAP%2F%2FAQAA%2F%2F%2Bx7JorfAQAAA%3D%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectdudleynutmeg.com Fingerprint62:D3:F0:A3:00:F3:7A:E7:CF:5D:4D:AE:08:F0:E9:8D:45:2E:0D:90 ValidityTue, 30 Apr 2024 15:24:37 GMT - Mon, 29 Jul 2024 15:24:36 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuHiMoLoi6NxUGRFBYJ93zKzPuIbibjQTjZt1VlFVYqquqJ2Wqq5qq7unJnIIB2ePgRfDU%2BSbZEA3%2BOHlylcmKQkDJeMrBXP0DAoveZMawwQfd7736voLvfa8%2B3cpOSBUZPV542%2FSlUnS2UfHLr3wQBJfLy1JnvXKv1bzTrF8u2%2B7r7WbFf7X8pmBrZrbqB74f%2BEF5UVoRmd7sBIRM9ttBpe1X6tVK0KijZ%2F%2Ffu8yDox5494Q8C8nHMw%2B8i5BsBB1%2FuyDcWmqSS9fiTNHUWHT57nt6TZtcIz4vI%2Bsh0rtnbBh3tHgfRu9M5cJ0HxFDOSbeL%2FcR6t0zkQi721OdoYLQCPlTyLsjCDWCpCMwswnJjwjAOK6vQMf3rhub0%2FX%2FUDpBx2Tm4SlkPiYzf16Ejr%2B%2BomSvfMuoLJVGO%2FSiArI3guyMkGQHSPslyPwALP0Ekv9GZh8uQ8fbK04ZSF5MZ5dyBBmNoMQA1HnIJp%2F0kEUessRDzI%2FLLAiCOZ8z6rfajNX4nAib3A%2FoXBTQwG%2B2kLGJvAHSZACmBmB2A4ndwJocwGY%2Fwa0WcNyDS8fEe2cDXV4gFwS5I8gpQS4J8pQg7xY7XLmqK%2B5x5bIwOMvVs1wrhibtbNEdk3aEJqB2AMuLreSEPDPxx3upVMWaOC5HvO6HzVaV%2Bg1RpzSqt9q82m76Qa3hU9pswsm9q4uv1er11p0A0pWms%2FflmLwcfY9EjsmFXwlCegCnDsDkc6DZi6B5AbpaoK%2B%2FianUla7kpk8rWqTgpkCSziBd97bUCXl%2Buq2VzQyCHc6f%2Fj3S2%2F8sgdkCiS3wsXxA0FF3hzdNTrZvmtyR71aSVMayTyebvJXSVDz%2B5VtiPTeWLy24wd4bbAJMyv13hUuXqeZSdxz56orkXNhFY5kgPyy590V4I3OrVzKrs2T5xtXFpTixwjlp9AhUHl37HEyOydM%2FfjR9opc%2B%2FAvSjmCzAnF2SM4C0hyAJRtwyeH86QX%2F5y%2F2OJwhsOqcEyYe8qwY2mp4fqgkgRLnPQ0LOHE4%2F%2FtlfvuF%2FScQikd2DC2d3Kay2HJ30bEl0HQTOi7QtQW6qgBVA7jssWGa2MP5P2rTQKhKw1DZ0naorPpsavLk5%2BDkcbnm87lQRGIuFPVGPRKMh41G6LOIhTXeajGkbhw1n7z9LwAAAP%2F%2FAQAA%2F%2F%2Bx7JorfAQAAA%3D%3D HTTP/1.1
Host: dudleynutmeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Cookie: u_pl=19071538; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecfd40b682a05e4aaf489d29601350aa66=[5210997,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c2541bb07122a5289e08a6545f138d0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 104.21.35.227 | | 30 kB |
URL downstairsnegotiatebarren.com/sfp.js IP104.21.35.227:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3e9e30d25300dc1fd8cf811f102977db
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 10:09:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2Bpfznq4ef3zIatgGnDIpz0iYAkxKZVEWrqfgwcxrFNphM9CItL63g1IDp%2BQBv5RupJ25aG7oBYq5l43U%2Fd2KTBEaad12hkW7t6E4RcTTiwI7RhwzqQDPZnFMN3mLSY3E6iC2AYKPd0H7JsLwO0ZKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2181f270b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.602222&d2=bid.bidclickmedia.com&d1= |  51.83.143.92 | | 0 B |
URL t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.602222&d2=bid.bidclickmedia.com&d1= IP51.83.143.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.602222&d2=bid.bidclickmedia.com&d1= HTTP/1.1
Host: t10.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12cpfzovwt
Raund: 36n
Location: https://popcash.net/world/go/134600/317186
|
|
| dog.seetron.net/api/users/424503?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 | 135.181.208.216 | 200 OK | 16 kB |
URL GET HTTP/2dog.seetron.net/api/users/424503?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 IP135.181.208.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjecta.bdsmz.tube FingerprintAA:4D:03:7A:4E:94:8C:76:58:6E:53:CC:8E:99:24:E6:51:84:BF:05 ValidityFri, 03 May 2024 10:27:08 GMT - Thu, 01 Aug 2024 10:27:07 GMT
File typegzip compressed data, from Unix Hash25d7aa87a40f4dfe0a645aa622bb11a2 61c42770e931070d8f1bf1385426e08a92ceb89c 63044639d241f17b9ee89a2c0da83ed6dba744017699ac5e71a0e22f29bd78fe
GET /api/users/424503?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 HTTP/1.1
Host: dog.seetron.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=YME6mqJIuBkB2Q8Cri4N; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
x-robots-tag: noindex, nofollow
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.138 | | 16 kB |
URL fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.138:0
File typegzip compressed data, max compression Hash29c07cc77639538bfb82377634a38021 efb8e8494177fa44a008a1b5048e63ecfeb8c552 3e66074f451d1ed5968192eb93b0f1be1ec157aecd03255b3c4583bbbfada4a0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:09:31 GMT
date: Sat, 04 May 2024 10:09:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ossgogoaton.com/tag.min.js | 104.21.48.109 | | 26 kB |
URL ossgogoaton.com/tag.min.js IP104.21.48.109:0
File typeJavaScript source, ASCII text, with very long lines (65494) Hashd8fe6d8977be78f78ee48c068b8c8686 e9c96bfc9bcd374f528f73c0441c2358d6d1d135 43423a879e310562ceed423aa563f4fac45713e6f59b0517d897e2c96a42993b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: ossgogoaton.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:32 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 75f804f095bd203a11970aa4780913d8
cache-control: max-age=86400
last-modified: Fri, 03 May 2024 05:53:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 04 May 2024 20:39:18 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 48614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8SgrzjCNwASSseSSPGHx0DEH%2FtiRW6jgP26%2B3yBUKEVmlUrWZImpOoeQA4b%2B%2FFCrdhFNawdZ2bEdSpiBCF9vCFwSv3fM4jhuM1Ei6t1vyYm1clu7i9f6uqvSzAt7BysZng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b21f3ed2b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xml.zeusadx.com/redirect?feed=531847&auth=KhbHhS&pubid=162319 | 174.137.133.17 | 302 Found | 0 B |
URL GET HTTP/1.1xml.zeusadx.com/redirect?feed=531847&auth=KhbHhS&pubid=162319 IP174.137.133.17:443 ASN#27257 WEBAIR-INTERNET
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerSectigo Limited Subject*.zeusadx.com FingerprintAA:67:88:35:5F:BC:20:3C:44:9B:00:BD:4F:E1:C0:5F:62:D0:69:C0 ValidityMon, 23 Oct 2023 00:00:00 GMT - Wed, 23 Oct 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=531847&auth=KhbHhS&pubid=162319 HTTP/1.1
Host: xml.zeusadx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1=
|
|
| popmyads.com/serve/52264/64660/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMi5jb20= | 172.67.183.201 | | 809 B |
URL popmyads.com/serve/52264/64660/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMi5jb20= IP172.67.183.201:0
File typeHTML document, ASCII text Hash229054401e8ce7e0196a0951859e6886 52cec58421a8610616c0d33dfb24f08d7d3b9b16 34a9f43f2b2528aa17e38636a1857fcee9122ea2d0cade6cd1cbe3c126a9037f
GET /serve/52264/64660/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMi5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sOXHp6BxgtRn3MFjNQwk0VYXuDJYDSFXfV0IYhRQvgaPwkAAFcte1zY%2FzLnPIiZHCDiB7tVr76adMrbr%2FkhWuOh6XG%2FvqWZttJiUZKoADLL9rdqohnnQLBtbjX4TFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b2206b0f712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= | 51.83.143.92 | | 0 B |
URL t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= IP51.83.143.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= HTTP/1.1
Host: t10.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11v0nbww1w
Raund: 36n
Location: https://t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095cbc699363ef7259a7
|
|
| aistekso.net/401/5708419 |  139.45.197.244 | | 36 kB |
IP139.45.197.244:0
File typegzip compressed data, max speed, from Unix Hash231501579bfa84452d49978ab86019cd e63fb7933444f552d853361bdb6a596ba72af603 1c46ac1c0fea3f17c3353e5493b92f8f2fd61dbb1bc00b74410948b2b0e62bc6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /401/5708419 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:32 GMT
content-type: application/javascript
x-trace-id: 68286c75bbd6a2e12a3d9604ef79f406
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030052ef15494ccdfc510f3ddb4d6d73; expires=Sun, 04 May 2025 10:09:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| popcash.net/world/go/134600/317186 | 104.27.202.88 | | 169 B |
URL popcash.net/world/go/134600/317186 IP104.27.202.88:0
File typeHTML document, ASCII text, with CRLF line terminators Hash5584cd241a762d7a7488f14d5409293c a88c6560e46f39dca33a1bbbc74c319e89adfe2a 56fd937f2948b7fc1b223fc1da61e781a93f6b4c74cfd88e1115bb74418c7dff
GET /world/go/134600/317186 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 10:09:32 GMT
content-type: text/html
content-length: 169
location: http://ps.popcash.net/go/134600/317186
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MA9OvlKCq3zIxGA1etNZd6mN5S06zgJOKmaCravyD92dvMB3G5qznvV0lVAOjcUYRULb2S5QNiy0ciR6ouJIPvV0AATc9QdhMwfeOAgPJWCLG1u%2FJ7JWD3bDLsQ0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b2208a91b4eb-OSL
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3MzcxODYyfX0= | 94.130.197.240 | | 0 B |
URL mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3MzcxODYyfX0= IP94.130.197.240:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3MzcxODYyfX0= HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onclink.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://mcpuwpsh.com/popunder/in/click/?mid=5170665448468727728&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.1224&placement_type_id=7&skin_test=&verify_hash=4d1147272ae583a4305e8be7e3b1d78a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D140899199%26site_id%3D557214%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D0%26spot_id%3D557214%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fbid.bidclickmedia.com%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D352.19561119405313%26bf%3D0.1224%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=b3c76af0-2de1-47ad-85c8-da3ca4ecf847&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=fd40b682a05e4aaf489d29601350aa66&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 | 192.243.59.20 | | 1 B |
URL unseenreport.com/pxf.gif?uuid=b3c76af0-2de1-47ad-85c8-da3ca4ecf847&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=fd40b682a05e4aaf489d29601350aa66&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=b3c76af0-2de1-47ad-85c8-da3ca4ecf847&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=fd40b682a05e4aaf489d29601350aa66&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d15c2aeea828be924110f2da334daab
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| mcpuwpsh.com/popunder/in/click/?mid=5170665448468727728&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.1224&placement_type_id=7&skin_test=&verify_hash=4d1147272ae583a4305e8be7e3b1d78a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D140899199%26site_id%3D557214%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D0%26spot_id%3D557214%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fbid.bidclickmedia.com%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D352.19561119405313%26bf%3D0.1224%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids= | 94.130.197.240 | | 0 B |
URL mcpuwpsh.com/popunder/in/click/?mid=5170665448468727728&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.1224&placement_type_id=7&skin_test=&verify_hash=4d1147272ae583a4305e8be7e3b1d78a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D140899199%26site_id%3D557214%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D0%26spot_id%3D557214%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fbid.bidclickmedia.com%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D352.19561119405313%26bf%3D0.1224%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids= IP94.130.197.240:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder/in/click/?mid=5170665448468727728&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.1224&placement_type_id=7&skin_test=&verify_hash=4d1147272ae583a4305e8be7e3b1d78a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D140899199%26site_id%3D557214%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D0%26spot_id%3D557214%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fbid.bidclickmedia.com%252F%26sid%3D1095%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D352.19561119405313%26bf%3D0.1224%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids= HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://popdemission.com/in/849/?source=140899199&site_id=557214&utm1=&utm2=&utm3=&utm4=&idzone=0&spot_id=557214&mo=&ve=&ad_tags=&p=https%3A%2F%2Fbid.bidclickmedia.com%2F&sid=1095&katds_labels=&is_iframe=1&btype=0&score=352.19561119405313&bf=0.1224&iabcat=IAB25&allowed_labels=
X-Firefox-Spdy: h2
|
|
| dog.seetron.net/api/users/59846?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 | 135.181.208.216 | | 422 B |
URL dog.seetron.net/api/users/59846?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 IP135.181.208.216:0 ASN#24940 Hetzner Online GmbH
File typegzip compressed data, from Unix Hashf95ca39bc6c335c6d612f027acdae2be 88fd9612bddbbb7f13a050c123205d5a0db6fb3d dc54ab034d082d47904d8d5ae43407b40e4274dab2a617c42a914fd1bba3cee9
GET /api/users/59846?host=videzz.net&ev=212&wh=1024&ww=1280&uuid=&url=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&sid=20d66866-6f74-4771-b3b8-ebd1fe469ab4&i=1&kw=file%20upload%2Cshare%20files%2Cfree%20upload&s1=173354 HTTP/1.1
Host: dog.seetron.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=7UbhQu1iYgOwkjVy8Ihy; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
x-robots-tag: noindex, nofollow
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| tzegilo.com/stattag.js | 104.21.11.245 | | 7.9 kB |
IP104.21.11.245:0
File typeJavaScript source, ASCII text, with very long lines (18486) Hash70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:32 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7013
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEZekj4FNoVi6DnX953Sk1mrKoysovpj3b6Q9p%2BPEz%2F726FTKzStMzaKp7YBFKbbTQCqVDOPLDuS%2BvYtSgV2WWXFa%2BZOgh3FzmbYTb8LWWPPzH5y%2F%2Fa9CEPEhC%2BzcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b223ec025689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| popdemission.com/in/849/?source=140899199&site_id=557214&utm1=&utm2=&utm3=&utm4=&idzone=0&spot_id=557214&mo=&ve=&ad_tags=&p=https%3A%2F%2Fbid.bidclickmedia.com%2F&sid=1095&katds_labels=&is_iframe=1&btype=0&score=352.19561119405313&bf=0.1224&iabcat=IAB25&allowed_labels= | 109.206.175.252 | 302 Found | 0 B |
URL GET HTTP/2popdemission.com/in/849/?source=140899199&site_id=557214&utm1=&utm2=&utm3=&utm4=&idzone=0&spot_id=557214&mo=&ve=&ad_tags=&p=https%3A%2F%2Fbid.bidclickmedia.com%2F&sid=1095&katds_labels=&is_iframe=1&btype=0&score=352.19561119405313&bf=0.1224&iabcat=IAB25&allowed_labels= IP109.206.175.252:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectpopdemission.com FingerprintD2:C5:8F:9C:4B:C4:3C:66:E6:4D:95:14:61:37:A5:21:1E:9C:9A:BE ValidityWed, 20 Mar 2024 12:58:57 GMT - Tue, 18 Jun 2024 12:58:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/849/?source=140899199&site_id=557214&utm1=&utm2=&utm3=&utm4=&idzone=0&spot_id=557214&mo=&ve=&ad_tags=&p=https%3A%2F%2Fbid.bidclickmedia.com%2F&sid=1095&katds_labels=&is_iframe=1&btype=0&score=352.19561119405313&bf=0.1224&iabcat=IAB25&allowed_labels= HTTP/1.1
Host: popdemission.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 04 May 2024 10:09:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 849.0=1; expires=Sun, 05 May 2024 10:09:32 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=cb07e855-b673-43b9-aec0-8bd0b9f7a303 | 139.45.195.254 | | 12 B |
URL fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=cb07e855-b673-43b9-aec0-8bd0b9f7a303 IP139.45.195.254:0
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=cb07e855-b673-43b9-aec0-8bd0b9f7a303 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1403
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 10:09:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://videzz.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095cbc699363ef7259a7 |  51.161.115.163 | | 0 B |
URL t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095cbc699363ef7259a7 IP51.161.115.163:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095cbc699363ef7259a7 HTTP/1.1
Host: t1.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11r6m6nbgk
Raund: 312
Location: https://tads.stravaganz.com/rc/a33384834e?affclick=6636095c8c10fe3a2b6e767c&pubid=101.ui.242199
|
|
| bid.bidclickmedia.com/load | 172.67.205.77 | 302 Found | 361 B |
URL POST HTTP/3bid.bidclickmedia.com/load IP172.67.205.77:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subjectbidclickmedia.com Fingerprint2D:71:60:23:79:D8:E4:4A:B8:81:BA:F0:ED:58:CB:A8:66:21:A7:E7 ValiditySun, 31 Mar 2024 14:28:20 GMT - Sat, 29 Jun 2024 14:28:19 GMT
File typeHTML document, ASCII text Hash4809a9602dd55d531906123e570b6d77 626fe0b9eeeda00a0ce401ee5a4e13f8256facb9 046c0a16886d7e34df54c815c1fee7740a3608671d33fd56c837dca5a1ac9c9f
POST /load HTTP/1.1
Host: bid.bidclickmedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Origin: https://bid.bidclickmedia.com
DNT: 1
Connection: keep-alive
Referer: https://bid.bidclickmedia.com/sub/31pnK5n
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sat, 04 May 2024 10:09:30 GMT
content-type: text/html; charset=utf-8
location: https://xml.zeusadx.com/redirect?feed=531847&auth=KhbHhS&pubid=162319
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kxOQKePdO7f8qwd5wiz3RfP6msEDaUH5OBbGyr1ukvdCeunlHPI9JUcoqOuYGui1irxGwD6JukHPiKs7LeJK%2BmLhJeSgp7sCByKIxp6e8AEyva%2FSfX41WlnWOWA6XbEh7D1W1bI4%2Fec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b217fb48568f-OSL
alt-svc: h3=":443"; ma=86400
|
|
| porn13.com/thumbs/AA/0A/P8.jpg | 172.67.214.94 | | 29 kB |
URL porn13.com/thumbs/AA/0A/P8.jpg IP172.67.214.94:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 352x198, components 3 Hashd022e54787fd7dc1c0219d05abfea67b b4b1588836fc6c9895d813ee17bc5f54ac84e65c 72a440f43151adb3c1b59ddd1fd20f32085775b7d24c2cb4ee6d93e1ad5779e0
GET /thumbs/AA/0A/P8.jpg HTTP/1.1
Host: porn13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topsites.hadesex.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 29441
last-modified: Thu, 25 Apr 2024 12:50:24 GMT
etag: "662a5190-7301"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
cf-cache-status: HIT
age: 35040
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vIg6MfpW%2FGdr97ZkVguAkkE03yhyPJJV%2FTMlwA5GZx5td9joLOhbYx6iZDzAfkksmA%2F9OGtpSZKvhTZDPCm3CGfOcfeNWh014CNxnFqpfxRpp%2BCEtnS%2FrMwoOjwD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2271e6b56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| porn13.com/thumbs/AA/Ug/ys.jpg | 172.67.214.94 | | 27 kB |
URL porn13.com/thumbs/AA/Ug/ys.jpg IP172.67.214.94:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 352x171, components 3 Hashbbcaf5cb7e0d9a078f7d2d62fb3aaad8 95ce03abf9618f05f521c48fe487bbdb7d06e5af 12414585deb56a9d483d9b23eea3a32dc04c1646385fc385b3edd78bc52b34c8
GET /thumbs/AA/Ug/ys.jpg HTTP/1.1
Host: porn13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topsites.hadesex.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 27104
last-modified: Fri, 19 Aug 2022 16:16:31 GMT
etag: "62ffb75f-69e0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
cf-cache-status: HIT
age: 323507
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FwNOylSa8T1NnM7vq3CfhIJ%2Fv4w%2F4XHVK4Fsnq%2FoZfDdJXrsx7oAf7Wz9IKCiPf4btM7fSNKdMkIciUV4dHRvF6LOvXs51AZGWFGT3j9OPj9up2QKnrt43SXqyD%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2274e9956c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/montserratalternates/v17/mFTiWacfw6zH4dthXcyms1lPpC8I_b0juU0xGITFB7xG.woff2 | 142.250.74.163 | | 20 kB |
URL fonts.gstatic.com/s/montserratalternates/v17/mFTiWacfw6zH4dthXcyms1lPpC8I_b0juU0xGITFB7xG.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 20184, version 1.0 Hashba1468afe6464dd5ba1045e836d0fea6 6416dc6d3ede1919e42601c141e043f7fe9d0b98 da4fd6c8ccb6ff2b84c95606bb983392c766558ef6232e9bf23027d5979618aa
GET /s/montserratalternates/v17/mFTiWacfw6zH4dthXcyms1lPpC8I_b0juU0xGITFB7xG.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://topsites.hadesex.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:17:57 GMT
expires: Fri, 02 May 2025 23:17:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:46:41 GMT
content-type: font/woff2
age: 125496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= | 51.83.143.92 | | 0 B |
URL t10.lowtid.com/a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= IP51.83.143.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=ui.242199&d2=bid.bidclickmedia.com&d1= HTTP/1.1
Host: t10.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11v0nbww1w
Raund: 36n
Location: https://t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095d13d0a15b3c290359
|
|
| hadesex.com/thumbs/AA/5n/k1.jpg | 104.21.48.207 | 200 OK | 33 kB |
URL GET HTTP/3hadesex.com/thumbs/AA/5n/k1.jpg IP104.21.48.207:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjecthadesex.com Fingerprint4A:FF:00:28:1E:63:6A:6F:9C:CB:A1:ED:C3:96:B4:AA:BE:E1:90:1A ValidityThu, 07 Mar 2024 01:42:01 GMT - Wed, 05 Jun 2024 01:42:00 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 280x210, components 3 Hash1cd11f9aa2bf866b40bd400ebd619d25 ff28b6c6de251812d9cfa4b5cc9a084613a23485 3953372a397118518dd31899c0f55b6bbba84ccd212e4bfe873ebde39d1ef956
GET /thumbs/AA/5n/k1.jpg HTTP/1.1
Host: hadesex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 33355
last-modified: Wed, 10 Apr 2024 12:27:53 GMT
etag: "661685c9-824b"
expires: Thu, 30 May 2024 16:17:48 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 323504
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1z12X%2FLAfz%2B1IpuksIk3PnaUNuTnDC%2BQKamBdJEbtc1lSnwmrYWBQ4%2BGwggGow5X3o3eY7mCgedEUy5fTbbse17TnumiPdQ1zE7hOVy1vYIZDd9hRpZip2EsDmytUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b228b9e90b55-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 69indian.com/thumbs/AA/Gw/nF.jpg | 172.67.195.23 | 200 OK | 14 kB |
URL GET HTTP/269indian.com/thumbs/AA/Gw/nF.jpg IP172.67.195.23:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerLet's Encrypt Subject69indian.com Fingerprint02:44:AF:DF:DC:35:9B:8E:2F:BA:31:BF:8A:2B:42:28:10:1D:89:D8 ValiditySun, 31 Mar 2024 19:47:58 GMT - Sat, 29 Jun 2024 19:47:57 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 280x210, components 3 Hash0ba93720ea12e9bdfa4ceb4ae11460dc 0741a65ba60aa57b30df65e2e8468e444125a4cc a07921aca8b6ee4a61e0a2ac460eedb5535cb7ad3322cb49b8a52d8a4c5532d7
GET /thumbs/AA/Gw/nF.jpg HTTP/1.1
Host: 69indian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 14471
last-modified: Thu, 25 Apr 2024 10:47:04 GMT
etag: "662a34a8-3887"
expires: Thu, 30 May 2024 17:26:48 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319365
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJGWYwpRubZOn4Jge1PajbBO6F3quOF4XxKlN1iLpyF5xpq6W3pOTHn8V8W0EfXvSZ%2BX8TXmOb8CduYTT5kyhPXPIe%2Bv%2BrA15NTnzj597G2CtJp%2FL9VraspOocdjLgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2290a0d56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 69indian.com/thumbs/AA/Mw/w_.jpg | 172.67.195.23 | | 16 kB |
URL 69indian.com/thumbs/AA/Mw/w_.jpg IP172.67.195.23:0
CertificateIssuerLet's Encrypt Subject69indian.com Fingerprint02:44:AF:DF:DC:35:9B:8E:2F:BA:31:BF:8A:2B:42:28:10:1D:89:D8 ValiditySun, 31 Mar 2024 19:47:58 GMT - Sat, 29 Jun 2024 19:47:57 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 280x210, components 3 Hash6aa65bc81c924c1f2a9240c5c618fc1f 74ec75dd8ee8d8a533a9ae7650d5cfbd2b61b601 b395446b3a6f05b2b4f131f41e5ea4e2f516fbbe6ead0b8da07489865a2cc3c9
GET /thumbs/AA/Mw/w_.jpg HTTP/1.1
Host: 69indian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 16270
last-modified: Thu, 25 Apr 2024 11:07:40 GMT
etag: "662a397c-3f8e"
expires: Thu, 30 May 2024 18:38:12 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 315081
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xe5Z4wNh8ZYpfIW3BkGj7C%2FZ4HjrTP20UFx1B9gCrzUn7si32kHx38hhhSiPvUz1bu%2FUQZsVrRZGrzn0XYn6ZcdHJHvWe3FAK5glf7TkrKcXFFmbI0tpr8JV4hIbCVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2294a5a56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| topsites.hadesex.com/js/utm-datasource.js?v=1.90 | 104.21.48.207 | | 95 kB |
URL topsites.hadesex.com/js/utm-datasource.js?v=1.90 IP104.21.48.207:0
File typeGeneric INItialization configuration [] Hashf9eb7bacc6a92d4e5d1ae8299b53a3bb 3fef0ee46b983203be0c4dfb15a90a29526a391b 6fd474fdf1c98b145149e617ee1a24876332690123ff8c4cd43bbcce7c1b7bcf
GET /js/utm-datasource.js?v=1.90 HTTP/1.1
Host: topsites.hadesex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: application/javascript
last-modified: Thu, 01 Feb 2024 14:46:51 GMT
vary: Accept-Encoding
etag: W/"65bbaedb-af5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-request-id: 54216229af0759840658d6d7b97fe4a5
cf-cache-status: HIT
age: 323510
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j61s7R6X4rTedjH48wmmKYIwJ7q68xct6xeCW3WC6ZgBibxBVIg5yUjx853eEtr45CBkG2c6w%2Foh2B8f0KDIAVTvsz3WKTN3TpR%2FkDnoLqPK5HvgnoprkCpL0PJ314s1rv7UH4d0Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b22728720b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 69ebony.com/thumbs/AA/1z/_P.jpg | 104.21.26.173 | | 288 kB |
URL 69ebony.com/thumbs/AA/1z/_P.jpg IP104.21.26.173:0
File typeJPEG image data, baseline, precision 8, 1920x1080, components 3 Size288 kB (288381 bytes) Hash03c7a52d867d1821dabbd607b472334c dfcb156529387624cdfaac36207cd00d055430a6 9e1982c4cf6c7163a07df61029f09b4f588b4722c58389a60919cb6eeb293e45
GET /thumbs/AA/1z/_P.jpg HTTP/1.1
Host: 69ebony.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 288381
last-modified: Tue, 14 Nov 2023 08:17:10 GMT
etag: "65532d06-4667d"
expires: Thu, 30 May 2024 20:11:55 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pl3Y%2BnfMFXHCLiW5lETGMtoCqfq8%2Bxs7l3h4C7EBj35HMayGNemml1x2ussFji1E4dbaIeiv3A5ZBe3GyMyqzP4Q%2FwHYzeAXw0Of0XeCrVP%2F5ZxMNeNOdzsKn5euUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2299f3a5684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hadesex.com/thumbs/AA/yL/fI.jpg | 104.21.48.207 | | 34 kB |
URL hadesex.com/thumbs/AA/yL/fI.jpg IP104.21.48.207:0
CertificateIssuerGoogle Trust Services LLC Subjecthadesex.com Fingerprint4A:FF:00:28:1E:63:6A:6F:9C:CB:A1:ED:C3:96:B4:AA:BE:E1:90:1A ValidityThu, 07 Mar 2024 01:42:01 GMT - Wed, 05 Jun 2024 01:42:00 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 280x210, components 3 Hash752cd3e9680d19a92c60ce01cf5fd834 17c182d1ebb07079e4f3ba6bdc4bbd6922c5516f ab2a559435256e7e3ccb5269b0ab2b0b0c86bbd89d806f1b8dc8bb74aa557a0e
GET /thumbs/AA/yL/fI.jpg HTTP/1.1
Host: hadesex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: https://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 33521
last-modified: Fri, 03 May 2024 00:42:05 GMT
etag: "663432dd-82f1"
expires: Sun, 02 Jun 2024 09:16:40 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 89573
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUFqt6B5B8EYtzgla3gUMpQPLpQBQdUmLf9vGEv3TmKcpB6MHtTYsS35mSrpoEecl5Fe2l4Zd1gdJuSSeXiVTQSmE5iS9QFdvX2lfxji%2FuP6mG%2FErTk4TpVjVwzuXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2297ae00b55-OSL
alt-svc: h3=":443"; ma=86400
|
|
| myretrocollection.com/thumbs/AA/NA/Zm.jpg | 172.67.179.31 | 200 OK | 76 kB |
URL GET HTTP/2myretrocollection.com/thumbs/AA/NA/Zm.jpg IP172.67.179.31:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerLet's Encrypt Subjectmyretrocollection.com FingerprintC1:EB:81:51:C9:EE:A3:94:D8:73:87:A0:C4:3A:69:D8:8A:DD:CB:33 ValiditySun, 10 Mar 2024 08:05:49 GMT - Sat, 08 Jun 2024 08:05:48 GMT
File typeJPEG image data, baseline, precision 8, 1058x450, components 3 Hashd3dcf3026892e9d09e05dfc80a9318a7 8437224a391618d03d6882a9839c37f880c22bac 11e754a2031d93f77c3e1d1400a763e15c69f739f4f584f2e37db3cf99ead39b
GET /thumbs/AA/NA/Zm.jpg HTTP/1.1
Host: myretrocollection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 75467
last-modified: Sun, 17 Dec 2023 15:15:36 GMT
etag: "657f1098-126cb"
expires: Thu, 30 May 2024 16:17:57 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 323495
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hO2h%2FvUvMQ657%2FswDvNEfbOjGIsLxyDdgfGjNZ4T9xF%2BlgDfOphLso8li4Rua1ONM9vh79LveJVhpdHpkUQBBhzfXwwqnMX3v9UiIksLhiyURvhENj5Pn2CPoS4kSx7JdIafjNupq4A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22a4a90b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| javsecrets.com/thumbs/AA/vR/aa.jpg | 172.67.172.150 | 200 OK | 7.3 kB |
URL GET HTTP/2javsecrets.com/thumbs/AA/vR/aa.jpg IP172.67.172.150:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjectjavsecrets.com FingerprintFE:9D:63:71:A7:6A:42:40:5D:EA:08:5C:AC:B3:0A:04:A6:42:F5:21 ValiditySun, 31 Mar 2024 20:26:38 GMT - Sat, 29 Jun 2024 20:26:37 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc55.18.102", baseline, precision 8, 180x240, components 3 Hashc8be4ed3db91af888b2303a393f0b4db ae3937ee36e6d0316c0a7b832e769f784269872f 80472e773770870e2bfdf01d50d7289ac692e065e60e45eb2043ab7ae81eeffc
GET /thumbs/AA/vR/aa.jpg HTTP/1.1
Host: javsecrets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 7324
last-modified: Sun, 03 Dec 2023 12:54:03 GMT
etag: "656c7a6b-1c9c"
expires: Thu, 30 May 2024 17:27:00 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319353
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EuE%2F5Znozmm7LImksJs4HY%2B3u3qtAjIQqHJeE7hYsaFAVsut85MmCYRxmJSUa9aT5I4T6cNHLweYh5bPg1Ek5cf2yxJH8N4Lw0pCCxYg3T4V37Ax%2BdVYTjIvOhOPVpC1xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22a4dff0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| md-static.com/js/jquery-ui.min.js | 104.21.79.197 | | 105 kB |
URL md-static.com/js/jquery-ui.min.js IP104.21.79.197:0
File typeJavaScript source, ASCII text, with very long lines (31633) Size105 kB (105190 bytes) Hashce52e5e873202628cae33ba148e4f198 8995d56f8b3fe8e60d8256519ec040ae53262262 ad16e754fd1f9c9733ca0324c2d5923a3c76ad4682270d31958d0c1e2b2cb3ed
GET /js/jquery-ui.min.js HTTP/1.1
Host: md-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topsites.hadesex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: application/javascript
last-modified: Sun, 24 Jan 2021 13:07:13 GMT
vary: Accept-Encoding
etag: W/"600d7101-7c7b"
expires: Thu, 30 May 2024 18:38:20 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 315073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tYVmlWCkcvGsySEmNVognc4eiyJpg3qtv6NANXKKLxIsol0DAWdv72QTp%2BQNxywK4TZ%2B6FfvopoALq3XiDZG312q60flJeIzBHzdXtm9uJhBqd3ZkacenB1x8xLccnk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b2276c9056a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| javsecrets.com/thumbs/AA/NF/cC.jpg | 172.67.172.150 | | 156 kB |
URL javsecrets.com/thumbs/AA/NF/cC.jpg IP172.67.172.150:0
CertificateIssuerGoogle Trust Services LLC Subjectjavsecrets.com FingerprintFE:9D:63:71:A7:6A:42:40:5D:EA:08:5C:AC:B3:0A:04:A6:42:F5:21 ValiditySun, 31 Mar 2024 20:26:38 GMT - Sat, 29 Jun 2024 20:26:37 GMT
File typeJPEG image data, baseline, precision 8, 1280x720, components 3 Size156 kB (155964 bytes) Hash706842e117d8c927802a3bbadff93bb5 cae3d10c44d2d90e14ecc58d1cd146c411919e4e c8b2d84eaab753869b3a8988d19db60ddc86a5ea509cf62659fc2a87d8a8832e
GET /thumbs/AA/NF/cC.jpg HTTP/1.1
Host: javsecrets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 155964
last-modified: Tue, 21 Nov 2023 11:11:20 GMT
etag: "655c9058-2613c"
expires: Thu, 30 May 2024 20:11:50 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309463
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Duo07DnEcZRaHcP3ohqIIm4WiP4MA%2FP3UQLhTCV6G2ErwRxwZ7z7fB%2FbfKKkfpR5GvIGtyYeQ%2BrkilZMJmW%2BCDH2y0%2BX65tDjXnF7EaGu7Vc7yvxInQReZmcy%2F%2BUu1SJ%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22a4dfe0b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 69lesbi.com/thumbs/AA/vf/Y5.jpg | 172.67.212.50 | | 197 kB |
URL 69lesbi.com/thumbs/AA/vf/Y5.jpg IP172.67.212.50:0
File typeJPEG image data, baseline, precision 8, 1280x720, components 3 Size197 kB (197049 bytes) Hash5331d2803c2d06034555b2df7a246ad4 62e9d2f9ba835725342973fb8db6326e68d05233 55ba477a95a6fb9f4113e970a918674cc722aabcd06cc2db71fae52b3579f647
GET /thumbs/AA/vf/Y5.jpg HTTP/1.1
Host: 69lesbi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 197049
last-modified: Thu, 14 Mar 2024 13:25:39 GMT
etag: "65f2fad3-301b9"
expires: Thu, 30 May 2024 20:11:46 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309467
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gifKV8tjMNqAUnvg65v546aeswpFdboSEdaK%2FntP09RIp%2FMV7oEF8ObrZeOKDJh0byYp06EmLQG1DWkiAL8imQA8D6vuWOg8%2FW7YfSRH9A7QhvLo4vboLOJSeju26w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22b181c56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095d13d0a15b3c290359 | 51.161.115.163 | | 0 B |
URL t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095d13d0a15b3c290359 IP51.161.115.163:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.ui.242199&d1=https%3A%2F%2Fbid.bidclickmedia.com%2F&d2=ui.242199&pid=6636095d13d0a15b3c290359 HTTP/1.1
Host: t1.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11l3mda7a9
Raund: 312
Location: https://track.gositego.live/sl?id=6556413a045be0aa92e86ebc&pid=1106&sub1=6636095d5027fc4e4a758a62&sub2=101.ui.242199
|
|
| tads.stravaganz.com/rc/a33384834e?affclick=6636095c8c10fe3a2b6e767c&pubid=101.ui.242199 | 104.21.34.54 | | 188 kB |
URL tads.stravaganz.com/rc/a33384834e?affclick=6636095c8c10fe3a2b6e767c&pubid=101.ui.242199 IP104.21.34.54:0
File typeHTML document, ASCII text, with very long lines (1125) Size188 kB (187993 bytes) Hash4f1e8a6ea917a27c6002e1da5b067b71 9464b81df3dccf35126fa694be4b58a7276a4ec9 f6b63f61f9ee056c3f4edf7f8703a698d3740f53703d6c96650b8beb062cca3c
GET /rc/a33384834e?affclick=6636095c8c10fe3a2b6e767c&pubid=101.ui.242199 HTTP/1.1
Host: tads.stravaganz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36Jj4nlC%2BhRXzaL0uHUCVVF9ExlS43i1gLDg9T5dcjlOSYLAmljEeeJgGtZf4pw%2Bw5X5FPhew%2FgiDM9Cgzw9e252RwD4WQNHH2UwdyPzl%2BkVqHD1Mzq%2B0Cce%2F5XGIg7bBaiefRa%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b2264eb456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| veepteero.com/88/104 | 139.45.197.242 | | 72 kB |
IP139.45.197.242:0
File typegzip compressed data, max speed, from Unix Hashf957c516b70309d6e6a87aa6ef10921d 173bf4a0241f32cc102a655a0f14a0db3076c84b 1746fd38a3d350a2ad1d355e80df243d68b1dca66b1a5d1e007526b07e6789a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /88/104 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://videzz.net/
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:32 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://videzz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| voyeurix.com/thumbs/AA/eg/ZQ.jpg | 104.21.17.65 | | 111 kB |
URL voyeurix.com/thumbs/AA/eg/ZQ.jpg IP104.21.17.65:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3 Size111 kB (111049 bytes) Hashe2fd5e2818c64e8657cd9f8bcc57e291 b71449ff020d0885443d60a6eafb4caeab94ab86 8e6e83aef1b8a5f035580bb4b3a651c708559bd575d2f73cc3a088fce95b997d
GET /thumbs/AA/eg/ZQ.jpg HTTP/1.1
Host: voyeurix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 111049
last-modified: Wed, 28 Feb 2024 15:48:32 GMT
etag: "65df55d0-1b1c9"
expires: Thu, 30 May 2024 17:26:36 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d51uD3NT3jB9lie0ESs%2B61N0R4qMQDhsXGIsUcw8u%2FunMtQoWYI9jYzHFPQjH%2FGEjIaViZDmgiwwDFc%2FZzrFyBKp2qyZGzF8vAOGAeYzO5KSVujtRUhq8SBh1zoyOD4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22bcc72569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| z-gay.com/thumbs/AA/Yx/31.jpg | 172.67.184.218 | | 15 kB |
URL z-gay.com/thumbs/AA/Yx/31.jpg IP172.67.184.218:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x240, components 3 Hashe8fbcf66ee99f8880d8b95e1ffe74fce 921117e323a3bfbd1bd7948ff5d9f45439ac4a93 b5a415604e6cdb22a5d07690b2aaa858985457f6a118d397fbe515154dd67500
GET /thumbs/AA/Yx/31.jpg HTTP/1.1
Host: z-gay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 14795
last-modified: Thu, 08 Feb 2024 08:16:13 GMT
etag: "65c48dcd-39cb"
expires: Thu, 30 May 2024 17:44:01 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 318333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3e%2FBhV3Oa3JzDsuEA%2F3tkIIH%2BOrWEqeqRh12kQeAiJ9X5e%2F1fhq71P4QqR60c7hswAvPjQxE0%2BZAwAEXc2STagMpK2PTmPwOxcRDLPyRRJHzKkW8twdUleXuEz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22bceea1c12-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| handjobxxx.com/thumbs/AA/84/fw.jpg | 172.67.207.38 | | 76 kB |
URL handjobxxx.com/thumbs/AA/84/fw.jpg IP172.67.207.38:0
File typeJPEG image data, baseline, precision 8, 852x480, components 3 Hashe24333147cb38228cc92097285e442b1 69c32adccddedfbe5652705090a911ac15e09538 9faedf01a7863fe21a3b95bde2ce2e73ef8db6c13d48cbeb6a6b426fa95bf93b
GET /thumbs/AA/84/fw.jpg HTTP/1.1
Host: handjobxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 76159
last-modified: Mon, 18 Mar 2024 17:58:16 GMT
etag: "65f880b8-1297f"
expires: Thu, 30 May 2024 17:26:34 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319380
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f6KVCXlNxYDlnfOqAtiB%2Bmf%2FVi2nu06mXLkoqHcAAlRQpHPhDb1MIDWIscWHy1sU5fYd%2BDBeds7jWisIAU9bakOOogdxOeOSWcoIbUsgOq2fu3PxbUmU4RjKIrVufJBfGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22bcfc5b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| losanalos.com/thumbs/AA/KR/PB.jpg | 172.67.209.70 | 200 OK | 69 kB |
URL GET HTTP/2losanalos.com/thumbs/AA/KR/PB.jpg IP172.67.209.70:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerLet's Encrypt Subjectlosanalos.com Fingerprint63:FB:8C:B1:C5:86:06:91:58:F7:EF:08:8E:39:64:F6:03:6F:10:F0 ValiditySun, 10 Mar 2024 17:52:00 GMT - Sat, 08 Jun 2024 17:51:59 GMT
File typeJPEG image data, baseline, precision 8, 1280x720, components 3 Hash2ae5884821697f488afe20b5feb06980 7dda52fcb082ea2057857e0fd793983ecda29e9e 4e590207cf84534097d0684685bd07314f223168aba9f8134a1425b35d2be7aa
GET /thumbs/AA/KR/PB.jpg HTTP/1.1
Host: losanalos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 69005
last-modified: Sat, 27 Jan 2024 12:28:23 GMT
etag: "65b4f6e7-10d8d"
expires: Thu, 30 May 2024 20:11:43 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bt1X7pZnf7Y7skRlESdV5VTixWeF%2FGLnjeODY6n%2FoRbhBV0rrz2DNXBZ6fecYh0iZplZeXgun0c%2F%2B1WqBQ6AmXwVOLhHuTc2EjHVY9586o3WsRlaU7gdyDnfXP9foufS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22d4921b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gftranny.com/thumbs/AA/mC/Rr.jpg | 104.21.66.210 | 200 OK | 16 kB |
URL GET HTTP/2gftranny.com/thumbs/AA/mC/Rr.jpg IP104.21.66.210:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjectgftranny.com Fingerprint60:95:A5:DF:04:C0:8E:A6:02:D4:1E:D6:FC:05:59:09:04:4B:2F:92 ValiditySun, 10 Mar 2024 12:05:15 GMT - Sat, 08 Jun 2024 12:05:14 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hash76e3d166c22c93854ec2c68c2024eb5d 039d741e757e4a3e0d6393afb669eab414e5a0a3 f0eb0f5dff081c3d74b9f859a71a7d0c71a3db4df39cbb8ed684f34fe5e87a82
GET /thumbs/AA/mC/Rr.jpg HTTP/1.1
Host: gftranny.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 16396
last-modified: Sat, 16 Mar 2024 14:27:49 GMT
etag: "65f5ac65-400c"
expires: Thu, 30 May 2024 17:26:37 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319377
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHkj%2BsDyQniC7QeFypZeYPWEpYy8g0Zt2MaOP%2F89Wj0IgOSBBUVUc%2B8vsGPW1EYLan0mrI97yVg013aci%2FAHR3odCl2QjKKddU%2FdsAjclClQcpGmJyCEHbsZg7Yutt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22d7b7256aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| femdomqueen.com/thumbs/AA/hz/gk.jpg | 104.21.79.209 | | 57 kB |
URL femdomqueen.com/thumbs/AA/hz/gk.jpg IP104.21.79.209:0
File typeJPEG image data, baseline, precision 8, 596x448, components 3 Hash41a667e59c817109e3f505d4ee9733d4 6a3fd100121cb80a5e9c6cba53a113536c6f2cbb adcaa4c722763b9a6ed8b0cafbc203b6fc964f4c5a889f9ca5ed5990355fba3a
GET /thumbs/AA/hz/gk.jpg HTTP/1.1
Host: femdomqueen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 56752
last-modified: Sat, 02 Feb 2019 15:35:09 GMT
etag: "5c55b8ad-ddb0"
expires: Thu, 30 May 2024 17:26:53 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ht7Vj5FmxYN2UMSRCsCQmO5ZxJesoFneFVB3%2Bt3U0VVNc0RN4LF0U%2Foih67bXzZOsL1O%2Fe1wxDJ1xHZqiDHUwH9AyQdWMlcWoyB23hObLi53MKBDazbs%2FtjdMhFKtkhxUWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22d78beb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| lovefootjob.com/thumbs/AA/Yn/UM.jpg | 104.21.49.240 | | 123 kB |
URL lovefootjob.com/thumbs/AA/Yn/UM.jpg IP104.21.49.240:0
File typeJPEG image data, baseline, precision 8, 1920x1080, components 3 Size123 kB (123405 bytes) Hash4eb01c42fef2b5aebd30233d178400c3 9d2d51e35ae49ee7887310d29dee573bd9a9d969 2b8c44ee739a2ddc71a48e1c4877909a82520a7a63bf0ec767e9c2ee82861cfe
GET /thumbs/AA/Yn/UM.jpg HTTP/1.1
Host: lovefootjob.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 123405
last-modified: Thu, 29 Feb 2024 12:17:21 GMT
etag: "65e075d1-1e20d"
expires: Thu, 30 May 2024 18:38:17 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 315077
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWIi%2BiD8wRZiw9YdK8aa1e3rly5hbRex74jK%2Fre15dZ2wrjowY%2FZ4qlGj6Brg1mLwXgQ%2F%2FHBZjniI8eDOiRoQ0LlzTSEI3HzrYPVFkT4L0aVncEczdG8iWYy9vx59c%2FNu6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22d7fb70b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| losanalos.com/thumbs/AA/ZW/wI.jpg | 172.67.209.70 | | 107 kB |
URL losanalos.com/thumbs/AA/ZW/wI.jpg IP172.67.209.70:0
CertificateIssuerLet's Encrypt Subjectlosanalos.com Fingerprint63:FB:8C:B1:C5:86:06:91:58:F7:EF:08:8E:39:64:F6:03:6F:10:F0 ValiditySun, 10 Mar 2024 17:52:00 GMT - Sat, 08 Jun 2024 17:51:59 GMT
File typeJPEG image data, baseline, precision 8, 1196x672, components 3 Size107 kB (107254 bytes) Hash5917475cec57b3d7429ce73863c9e64a 38d0f4f1b4e371870cf818d4905a59a044eff34a f79b3bfda8baed6bce91d2a908afe05130089df1d8ed183523b6ab2839ddf95e
GET /thumbs/AA/ZW/wI.jpg HTTP/1.1
Host: losanalos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 107254
last-modified: Thu, 21 Mar 2024 18:31:19 GMT
etag: "65fc7cf7-1a2f6"
expires: Thu, 30 May 2024 17:26:37 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319377
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HblHdt9MHn1iJEc3c%2FtQWzmTJTZ%2FKFbuefAsMJYu9D4%2F24owtSfbOkzH5xnz%2F7FLMlufLqS9ivWNDqOUrtMjZX4OqrEAOvjppjaigL74DTiM1sX9eSo3MQmZoUqhqIr%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22e0a2db509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| groupsexxx.com/thumbs/AA/WO/Vg.jpg | 172.67.188.32 | | 71 kB |
URL groupsexxx.com/thumbs/AA/WO/Vg.jpg IP172.67.188.32:0
File typeJPEG image data, baseline, precision 8, 640x360, components 3 Hash26b0669bfd143b06ca52fef8395d7297 4c75093d0d31d3f4a652bc83fa96c72db291c25b 3536abd5a2397265674692c894ccb9abfc9d4afafecba311e1b926407c466e73
GET /thumbs/AA/WO/Vg.jpg HTTP/1.1
Host: groupsexxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 71326
last-modified: Wed, 28 Feb 2024 16:26:54 GMT
etag: "65df5ece-1169e"
expires: Thu, 30 May 2024 18:38:33 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 315061
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbqUyLAxRbAFbalkarGqdv5fmmDtCRNjatA0K9bFgQ9DCJkzyBsXy96tL%2FCYHOyNnElZ%2FBcw9CGN6gFwviCAQPYajscNHE%2Bz9h7B1ByjWJ4x85D3To%2B2iSTqyUs0qo7AUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22e0c84712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| jbdsm.com/thumbs/AA/ST/TF.jpg | 104.21.58.198 | | 10 kB |
URL jbdsm.com/thumbs/AA/ST/TF.jpg IP104.21.58.198:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hashc5a9cc983d7d5875cb85fbee46480811 63e7860fbeae3c2aa07d2b98409591f130eabe86 3a925c9ffc86a9095f41b1806c3154900c2d13fad86a05e68534913858f41848
GET /thumbs/AA/ST/TF.jpg HTTP/1.1
Host: jbdsm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 10107
last-modified: Thu, 25 Apr 2024 12:48:01 GMT
etag: "662a5101-277b"
expires: Sun, 02 Jun 2024 00:25:14 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 121460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u0Yl%2BUr4eEYEmgw%2FgQ4WXhaCRF8cZO2dC%2FQqS%2Bs0vFk%2BwN1MHKft9%2F7wHVmLFFVgXFKcCiMLg2dxRIpujnkHXwlPUlnn43xIrTXLi6TUN2KAbB%2B1GMs1%2B02%2BsFc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22e0968b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| interracial69.com/thumbs/AA/df/F_.jpg | 104.21.3.76 | 200 OK | 174 kB |
URL GET HTTP/2interracial69.com/thumbs/AA/df/F_.jpg IP104.21.3.76:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjectinterracial69.com FingerprintDD:FC:81:F0:71:82:92:28:46:22:7A:1C:70:F0:13:FF:44:1A:0E:A8 ValiditySun, 10 Mar 2024 13:37:49 GMT - Sat, 08 Jun 2024 13:37:48 GMT
File typeJPEG image data, baseline, precision 8, 1280x720, components 3 Size174 kB (174301 bytes) Hash0e2eb4904271c0975d1cc71512a8104c 700fa8b264bddfe438a79d023a7c0670d4a51fef caab98e273b5f0aa00c3b1e8b8ea5816fb5291b5f51dd5a8cc84dee8a1b48271
GET /thumbs/AA/df/F_.jpg HTTP/1.1
Host: interracial69.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 174301
last-modified: Fri, 01 Mar 2024 03:42:03 GMT
etag: "65e14e8b-2a8dd"
expires: Thu, 30 May 2024 20:11:52 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309462
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PVaMIbc%2FRrcWslG8JJiGjsntBvyCuPOClRjVdMgLjwSxt%2F6xvFJ1Pp1ASDXmMCVKPRfFglRQxSoRwLm5ZouZtRIzGMiAVOULZTpxkKlj3YTisNcBG%2Fbg3MsMFoSukrDC7GQtmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22e0cc25684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| lovefootjob.com/thumbs/AA/9X/4I.jpg | 104.21.49.240 | | 25 kB |
URL lovefootjob.com/thumbs/AA/9X/4I.jpg IP104.21.49.240:0
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 480x400, components 3 Hash73f71341cf4be9aa3dceddd02655661d 392820d89ed970a13af645612eb7404f27aa965f 1a865253447a81e92f47a7b26fcfab9162b9d7bfb50f5b4daf5ff16baa7f9840
GET /thumbs/AA/9X/4I.jpg HTTP/1.1
Host: lovefootjob.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 25296
last-modified: Wed, 28 Feb 2024 17:02:47 GMT
etag: "65df6737-62d0"
expires: Thu, 30 May 2024 18:38:20 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 315074
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hlwfxFZBpjnUdBXatZ%2Fzm0D7FjNdYzBi%2FlCTKAZIafSaV9zbd8RxoYWXdLcGzCIPqC2fxeXSe4%2FFlKvOPWpqJ4YvT%2BzKFkOUai2ZEXpggx5Qpe6o2L6XG1VNA4cnumV5ntQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22e289e0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| milftop.com/thumbs/AA/1Q/tS.jpg | 172.67.223.161 | | 18 kB |
URL milftop.com/thumbs/AA/1Q/tS.jpg IP172.67.223.161:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hashe0046e008e8ae20ff82ee09193eda36b afed46936e8763504aaa2d9c9b5208d373de0002 3800567a200633ec41aca9a881feb92f7fa0cd3102f22d79d0129ac4cad6e2a1
GET /thumbs/AA/1Q/tS.jpg HTTP/1.1
Host: milftop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 18266
last-modified: Thu, 25 Apr 2024 13:48:34 GMT
etag: "662a5f32-475a"
expires: Sat, 01 Jun 2024 10:52:41 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 170213
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2NuYgUxGAXJDffz%2FYyj%2FIY3U4iRt256SCcijffRbiaMfmpOVt%2F3vJLMQmDGQ4e%2FneKbcgg3s4zwFjhb0phD8gTMsPR0I31%2BUBmmK3j%2FFvy8BlaZmIfzW0M6Cy85rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22edbe1b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| voyeurix.com/thumbs/AA/ax/ge.jpg | 104.21.17.65 | | 170 kB |
URL voyeurix.com/thumbs/AA/ax/ge.jpg IP104.21.17.65:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3 Size170 kB (169814 bytes) Hash9e76c1a94e94b4c30a32c7781a159a7f 071b7c8123bc9f05653d750b7a2a69489a7b65ed b9a592ea6bd05a5b1bfaa8a6f034c34652081b147676c00c43dd7c1e311b017c
GET /thumbs/AA/ax/ge.jpg HTTP/1.1
Host: voyeurix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 169814
last-modified: Wed, 28 Feb 2024 16:00:58 GMT
etag: "65df58ba-29756"
expires: Thu, 30 May 2024 17:26:35 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319379
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GuZC1FtDFEsIws7gPMU3ff6eMBJaR%2B2wheDPHPcxIO3msTn1BQXvnmRy3a5Bw2hmvo91kR5pPYM6tJLvPJkxYU0qwE2H%2Fw6UbQoQOFZE%2F07Efe%2FWHqZivn%2FyJVvgTKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22ed858569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| handjobxxx.com/thumbs/AA/os/gj.jpg | 172.67.207.38 | 200 OK | 176 kB |
URL GET HTTP/2handjobxxx.com/thumbs/AA/os/gj.jpg IP172.67.207.38:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjecthandjobxxx.com FingerprintA0:93:30:B2:D9:96:39:C3:D4:47:03:A0:33:52:5F:7F:A8:9A:0C:D3 ValiditySun, 10 Mar 2024 15:51:35 GMT - Sat, 08 Jun 2024 15:51:34 GMT
File typeJPEG image data, baseline, precision 8, 1364x668, components 3 Size176 kB (176281 bytes) Hash0dcc693420ce623aa2752f0dc4e7b665 325e085ecdaa7e360dae3811de9d1f8592d6a740 b68001ef1b957c3f9ac6ed3ac9f4518feadc08b17e8c8c0f8ce5209b00ce6da9
GET /thumbs/AA/os/gj.jpg HTTP/1.1
Host: handjobxxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 176281
last-modified: Fri, 26 Jan 2024 14:10:55 GMT
etag: "65b3bd6f-2b099"
expires: Thu, 30 May 2024 16:17:45 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 323509
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbt2s6ynFQcDfLpM2g2T6KQ4FAC1DXIRaniDH705xVswOemRIvYKfyPvi%2BTsmeJwYFHrnRLAq2mggqOed8rBnn%2FUp4KT3DX4oAmCMgcDTtM4noFpbIpUVmksgNF9ADSprA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22edb80b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| groupsexxx.com/thumbs/AA/Fp/LQ.jpg | 172.67.188.32 | | 299 kB |
URL groupsexxx.com/thumbs/AA/Fp/LQ.jpg IP172.67.188.32:0
File typeJPEG image data, baseline, precision 8, 1920x1080, components 3 Size299 kB (299241 bytes) Hashbfef495de2a253234039f69a0b5d433a 38a4db2a3d7259b1b068ba8e978acfb29b37f7b0 20decf461c72462f775c094d5ac989a5af760278aa58d70ca76455b59fab5e23
GET /thumbs/AA/Fp/LQ.jpg HTTP/1.1
Host: groupsexxx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 299241
last-modified: Sat, 16 Mar 2024 17:10:03 GMT
etag: "65f5d26b-490e9"
expires: Thu, 30 May 2024 20:11:51 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309463
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9eTtB3asMgY%2BYerRh80%2Bzg1nCPPTH6uxr6IHLM7rHqbYCuve5L0jUenXj3CGhVefXyAmjNL4Hi94tTqds2q2kUwsNf%2F5J%2FTUwRdaZg3ZqJoFKq0XALU9SF63q%2F%2BhlhLjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22eed71712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| interracial69.com/thumbs/AA/_q/NI.jpg | 104.21.3.76 | | 33 kB |
URL interracial69.com/thumbs/AA/_q/NI.jpg IP104.21.3.76:0
CertificateIssuerGoogle Trust Services LLC Subjectinterracial69.com FingerprintDD:FC:81:F0:71:82:92:28:46:22:7A:1C:70:F0:13:FF:44:1A:0E:A8 ValiditySun, 10 Mar 2024 13:37:49 GMT - Sat, 08 Jun 2024 13:37:48 GMT
File typeJPEG image data, baseline, precision 8, 1188x668, components 3 Hash206a4e346f718fc764aea1f4419fc7ca 88850e265422652b3834871c2961c29f54424f29 58895191a1cd057d2e65fec419119f9136579628f8947f7a986640d4bac0d7b8
GET /thumbs/AA/_q/NI.jpg HTTP/1.1
Host: interracial69.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 32830
last-modified: Sat, 23 Mar 2024 07:34:28 GMT
etag: "65fe8604-803e"
expires: Sat, 01 Jun 2024 22:31:11 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 128303
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KAAyE%2F%2FCeTnk87INv2AE0KESkiAK04QvVnknM%2FIQydXjt6IKI2NuiqsHzeo%2BBa%2FWgXJym%2FEYM62GCOQWgGNzQcHDV%2B1isyQqoh0NVZBAETnOU5m1QRxFhNsTmVm%2FQfOVqP07Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22f8e915684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| z-gay.com/thumbs/AA/Ql/Tr.jpg | 172.67.184.218 | | 24 kB |
URL z-gay.com/thumbs/AA/Ql/Tr.jpg IP172.67.184.218:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x423, components 3 Hash5b911e346222ec2cb7bd4759901ef130 4d227bc22edf9515d4f912e884278006ef796977 4c87cd92f2be9969e6137cd8047042ab17260303f36670d4aef7973c2226046c
GET /thumbs/AA/Ql/Tr.jpg HTTP/1.1
Host: z-gay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 24259
last-modified: Thu, 08 Feb 2024 04:50:24 GMT
etag: "65c45d90-5ec3"
expires: Thu, 30 May 2024 16:18:05 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 323489
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zmwYbWw7wgQpyCfQaIN3ta3n8HIJvFXtg%2Ff3Do9HL0hqMYtySm65FhaEejCnNZBrUZpkt6mEj5987Hzp369ikCbB9hLdnntUJmSbdtB7oYYnyTPyjON8aYXZJWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22f9a231c12-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| jbdsm.com/thumbs/AA/kL/U9.jpg | 104.21.58.198 | | 15 kB |
URL jbdsm.com/thumbs/AA/kL/U9.jpg IP104.21.58.198:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hash9b018411e02b2207d74989dd4ebd3adb a2d815fd4de2b4a841caf4ccff0b3373e9e1d80b a463daa500dd28e930e0fe2bd25f46f623c76560ecdb80d14ffe3380271d30cb
GET /thumbs/AA/kL/U9.jpg HTTP/1.1
Host: jbdsm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 15116
last-modified: Thu, 25 Apr 2024 12:52:02 GMT
etag: "662a51f2-3b0c"
expires: Sun, 02 Jun 2024 12:26:08 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 78206
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAXqAm9moBt5xjw3SlHY80PK8isav%2Be1sDCFiCMrNzmVRob3IWtfMCdOTp0GsVjP4X%2BEpVUJNjE1adycplEDu9O%2FyDHdQohoMpFoVepFikqZ3E3OvlmW0Qp5WJc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22f9b4fb4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| milftop.com/thumbs/AA/ov/YK.jpg | 172.67.223.161 | | 14 kB |
URL milftop.com/thumbs/AA/ov/YK.jpg IP172.67.223.161:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hash81d8e05362159c72c3eb74753fee5c1f fd1487f9feef8aec149ea877523736472397a717 09ba581412cf09b452825f869d639eb7056e6128168e3212a836f378f9963274
GET /thumbs/AA/ov/YK.jpg HTTP/1.1
Host: milftop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 14427
last-modified: Tue, 24 Oct 2023 12:03:52 GMT
etag: "6537b2a8-385b"
expires: Thu, 30 May 2024 18:38:11 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 315083
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2ZOHPKI60wAbzH44c2rLb7YMLpPoQTbuznNogqAq0JsNCKcDN9KmFGUnsWKd2bJnZDSw2SudfpEkANRThMqT1GrtCagSSwN%2BIrBxJLlsjNhxpvFH3oL%2F%2B9hkpa6uw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22f9cbfb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| happy-granny.com/thumbs/AA/Tk/c0.jpg | 172.67.151.219 | | 99 kB |
URL happy-granny.com/thumbs/AA/Tk/c0.jpg IP172.67.151.219:0
File typeJPEG image data, baseline, precision 8, 1200x676, components 3 Hashbe24d1947adbaf7a428e41b9606fd6e5 dbc807932e706c48103ff0660b00b2fc3263b4ec 8d02996a4d94705925063fb01c190be9eab75dacb3a6f70c56983ac7d5055dae
GET /thumbs/AA/Tk/c0.jpg HTTP/1.1
Host: happy-granny.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 98755
last-modified: Tue, 30 Jan 2024 14:40:14 GMT
etag: "65b90a4e-181c3"
expires: Thu, 30 May 2024 20:11:46 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309468
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I7kTqKb4xKssc1ZyKJTbRPavXkryMPOWDrs5NHCPF0MdvLoykNV3YzQsPRmOmV%2BufDHKhF69LORBvMZXa9AP%2BjrLjysiXsATSQPjZ6mdnAD%2B3EVUYw4%2BBxpZH2HTG7JP36V%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22ffa5b56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xcumwebcam.com/thumbs/AA/Mm/Yz.jpg | 172.67.133.195 | | 28 kB |
URL xcumwebcam.com/thumbs/AA/Mm/Yz.jpg IP172.67.133.195:0
File typeJPEG image data, baseline, precision 8, 556x416, components 3 Hashda9bdad3297f6899f80316649bde16bc 8f79e67e71075a29430032152a54b9d9a09e1769 8763f849a8521a373cf9cc832a768f25f75fdacd6571b00ff8a861919bd1d703
GET /thumbs/AA/Mm/Yz.jpg HTTP/1.1
Host: xcumwebcam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 28113
last-modified: Wed, 14 Nov 2018 23:07:42 GMT
etag: "5becaabe-6dd1"
expires: Thu, 30 May 2024 17:26:36 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 319378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iblpa844JH8w4cIibodlhg9f6FjfcdC1Mx7u6Bygpgb5Mtwk2rgHkTvarSiEc48btw52Sx31f4XAoVr1k8lXKiiZK1cWEw766q%2F9ZN%2FiK6UK1YY20h%2FlP5Gc4sOFpralRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22ffba77131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xcumwebcam.com/thumbs/AA/BG/0O.jpg | 172.67.133.195 | | 95 kB |
URL xcumwebcam.com/thumbs/AA/BG/0O.jpg IP172.67.133.195:0
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 255x254, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 1268x720, components 3 Hashbb595d07212cf0c8a43b6e0827306632 2bb1739de5de9423a4efcdec8c043d5bf05809f7 4936297287cd06aa283eb2fa40abde58eb16146864e99f12c538f2d5c33f9642
GET /thumbs/AA/BG/0O.jpg HTTP/1.1
Host: xcumwebcam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 95265
last-modified: Wed, 28 Feb 2024 19:52:43 GMT
etag: "65df8f0b-17421"
expires: Sun, 02 Jun 2024 21:57:00 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 43954
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3EWT04LngfYpMKpGQQeH5629x22kqKLNoI1c3bT9bcjFtLvBIIW60GPEy7YsL%2Fhf3jFYZizius4QKNBYlAwcvVTnFmotOaSz5WeEYXYnV6SOs%2B0t38mnJX3wQpq%2BoXl3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2300bb37131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| gftranny.com/thumbs/AA/89/hH.jpg | 104.21.66.210 | | 18 kB |
URL gftranny.com/thumbs/AA/89/hH.jpg IP104.21.66.210:0
CertificateIssuerGoogle Trust Services LLC Subjectgftranny.com Fingerprint60:95:A5:DF:04:C0:8E:A6:02:D4:1E:D6:FC:05:59:09:04:4B:2F:92 ValiditySun, 10 Mar 2024 12:05:15 GMT - Sat, 08 Jun 2024 12:05:14 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 320x180, components 3 Hash442082d9a9a019d6bb4d6ec6a4e505e1 a5a889db68dab7bb83ad10081f7bf245d2a03c4f e70f2f20b952be2c2739b0a9976ff797dd66ba824a3cb8a96afd0811fa79d29a
GET /thumbs/AA/89/hH.jpg HTTP/1.1
Host: gftranny.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 17659
last-modified: Wed, 01 May 2024 03:50:09 GMT
etag: "6631bbf1-44fb"
expires: Fri, 31 May 2024 09:54:30 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 260104
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRp3anGnwvjD%2BRXCw56sVlLXWiw60jivcGuq3P7uDcjaE71wlR%2FNP9eRNLtKXfNQYkFwBsTaA%2BF17jHOesy%2BBxKELPwbiaW653VqBTtNgwxoejbUamebHdrvVvwEySc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2303e8156aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| femdomqueen.com/thumbs/AA/ef/4k.jpg | 104.21.79.209 | | 56 kB |
URL femdomqueen.com/thumbs/AA/ef/4k.jpg IP104.21.79.209:0
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 27395x27382, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 1022x576, components 3 Hashe46b33dd7f0931f2593d5526b46b53f4 a7cd1e399e96df40ff0a8745d93da276691f4048 df74f602f6f66c3a84e9839cc00b8a1e3baf05736350f30222d207ccd41db19b
GET /thumbs/AA/ef/4k.jpg HTTP/1.1
Host: femdomqueen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 56322
last-modified: Mon, 20 Aug 2018 13:06:51 GMT
etag: "5b7abceb-dc02"
expires: Fri, 31 May 2024 11:29:28 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 254406
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LY9JJ574pQLSDPyZCAeWNYgs7q%2BHIf3A58L8mhmnOgq%2BfEOUJH9emvlS2Zgt%2BaOg7I1xSuvAjqNGlO4rhnyj90vb1BVfftBOsXH5wCvqbEhsHq08a107vQ3vIfiUrTqz0hc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2307be9b52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| track.gositego.live/sl?id=6556413a045be0aa92e86ebc&pid=1106&sub1=6636095d5027fc4e4a758a62&sub2=101.ui.242199 | 188.114.96.1 | | 0 B |
URL track.gositego.live/sl?id=6556413a045be0aa92e86ebc&pid=1106&sub1=6636095d5027fc4e4a758a62&sub2=101.ui.242199 IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=6556413a045be0aa92e86ebc&pid=1106&sub1=6636095d5027fc4e4a758a62&sub2=101.ui.242199 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 04 May 2024 10:09:34 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095e1d9f210001df6f0d&s=1106_101.ui.242199
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6636095e1d9f210001df6f0d; expires=Sun, 04 May 2025 10:09:34 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2FN%2BLPTtbMWF00dKFdXL%2B%2BJcaQfVyo2I5iM73SuZh26quqLyb7%2Fn%2FCOUaUpFi828%2BRbZ2QMSFQTU0wyJPDjA7AfVbPr3By2zOd6Rq0Vd83Ied6X29DHXVJ1Deyj8C5jLKh%2F00X2v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b230d9acb523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| track.gositego.live/sl?id=653a6c25a95dd971064a9566&pid=930&sub1=pub4041b88576124fc18da54478fee28fc3&sub2=bc979dc4_101.ui.242199 | 188.114.96.1 | | 0 B |
URL track.gositego.live/sl?id=653a6c25a95dd971064a9566&pid=930&sub1=pub4041b88576124fc18da54478fee28fc3&sub2=bc979dc4_101.ui.242199 IP188.114.96.1:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=653a6c25a95dd971064a9566&pid=930&sub1=pub4041b88576124fc18da54478fee28fc3&sub2=bc979dc4_101.ui.242199 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tads.stravaganz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 04 May 2024 10:09:34 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095eec0d760001924157&s=930_bc979dc4_101.ui.242199
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6636095eec0d760001924157; expires=Sun, 04 May 2025 10:09:34 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6FmJufdo1dfbW5qwYxWH6BBwSJ21vHaCPpNp6iw1SiKuNYeo6VgYFWpyI5Tq%2FHGkFnkCvb0XNrN5VJc8WycM7N6Smltckkz0yoILIH2nldc%2FiC46%2FJ%2BnY%2B9r5D%2Bb5JBFJ5wrBKPQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b230e9cab523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095eec0d760001924157&s=930_bc979dc4_101.ui.242199 | 51.161.115.163 | 302 Found | 0 B |
URL GET HTTP/1.1t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095eec0d760001924157&s=930_bc979dc4_101.ui.242199 IP51.161.115.163:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectburned-koala.landingtrack.com FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095eec0d760001924157&s=930_bc979dc4_101.ui.242199 HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tads.stravaganz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 133kvcaevl
Raund: 309
Location: https://go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=930_bc979dc4_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095f3b64f1689e2d05ad&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
|
|
| t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095e1d9f210001df6f0d&s=1106_101.ui.242199 | 51.161.115.163 | | 0 B |
URL t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095e1d9f210001df6f0d&s=1106_101.ui.242199 IP51.161.115.163:0
CertificateIssuerLet's Encrypt Subjectburned-koala.landingtrack.com FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6636095e1d9f210001df6f0d&s=1106_101.ui.242199 HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 133kvcaevl
Raund: 309
Location: https://go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=1106_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095ff441205dde736e3d&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
|
|
| go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=930_bc979dc4_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095f3b64f1689e2d05ad&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D | 198.134.116.30 | | 0 B |
URL go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=930_bc979dc4_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095f3b64f1689e2d05ad&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D IP198.134.116.30:0 ASN#27257 WEBAIR-INTERNET
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=930_bc979dc4_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095f3b64f1689e2d05ad&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tads.stravaganz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=488122&d2=www.gamblingnews.xyz
|
|
| go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=1106_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095ff441205dde736e3d&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D | 198.134.116.30 | | 0 B |
URL go.savethereef.xyz/redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=1106_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095ff441205dde736e3d&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D IP198.134.116.30:0 ASN#27257 WEBAIR-INTERNET
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=488122&url=https%3A%2F%2Fwww.gamblingnews.xyz%2F&subid=1106_101.ui.242199.no.linux.firefox&query=&pub_clickid=6636095ff441205dde736e3d&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bid.bidclickmedia.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://onclink.org/in/p/?spot_id=557214&cat=25&sub_id=140899199&campaign=1365282&country=no&area=488122_
|
|
| t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=488122&d2=www.gamblingnews.xyz | 51.161.115.163 | 302 Found | 0 B |
URL GET HTTP/1.1t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=488122&d2=www.gamblingnews.xyz IP51.161.115.163:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectburned-koala.landingtrack.com FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=488122&d2=www.gamblingnews.xyz HTTP/1.1
Host: t1.hightid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tads.stravaganz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12mw6ufnb4
Raund: 2zt
Location: https://go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=488122&pub_clickid=66360960768944608926ccdd&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D
|
|
| mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3Mzc1OTIyfX0= | 94.130.197.240 | 302 Found | 0 B |
URL GET HTTP/2mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3Mzc1OTIyfX0= IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDA4OTkxOTkiLCJzc3AiOjM3NTgsInNwb3RfaWQiOjU1NzIxNCwicmNoYW5nZSI6ZmFsc2V9fV0sInNpdGUiOnsiaWQiOiI1NTcyMTQiLCJwYWdlIjoiaHR0cHM6Ly9iaWQuYmlkY2xpY2ttZWRpYS5jb20vIiwiY2F0IjpbIklBQjI1Il19LCJkZXZpY2UiOnsidyI6MTI4MCwiaCI6MTAyNH0sInVzZXIiOnsiaWQiOiJqYnBqcjN2c3Jjd3ZjZTV5bXhsZ2wifSwiZXh0Ijp7ImR0IjoxNzE0ODE3Mzc1OTIyfX0= HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onclink.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://mcpuwpsh.com/popunder/in/click/?mid=2244116770342206445&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pop_winurl=&ip=91.90.42.154&testab=&px_id=557214&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=55c2b2ac85d9a33ddc94499e3865d43a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=4,83,89&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=4,83,89
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/popunder/in/click/?mid=2244116770342206445&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pop_winurl=&ip=91.90.42.154&testab=&px_id=557214&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=55c2b2ac85d9a33ddc94499e3865d43a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=4,83,89&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=4,83,89 | 94.130.197.240 | | 0 B |
URL mcpuwpsh.com/popunder/in/click/?mid=2244116770342206445&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pop_winurl=&ip=91.90.42.154&testab=&px_id=557214&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=55c2b2ac85d9a33ddc94499e3865d43a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=4,83,89&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=4,83,89 IP94.130.197.240:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder/in/click/?mid=2244116770342206445&pid=0&site=557214&sc=NO&usage_type=DCH&subid=140899199&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=bid.bidclickmedia.com&hostname=auc-popunder-hz-1&site_id=0&spot_id=557214&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pop_winurl=&ip=91.90.42.154&testab=&px_id=557214&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=55c2b2ac85d9a33ddc94499e3865d43a&score=352.19561119405313&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DcfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=4,83,89&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=4,83,89 HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://track-us.byte-builders.net/pop/imp?auth=n25uq8&c=cfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA
X-Firefox-Spdy: h2
|
|
| go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=488122&pub_clickid=66360960768944608926ccdd&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D | 198.134.116.30 | | 0 B |
URL go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=488122&pub_clickid=66360960768944608926ccdd&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D IP198.134.116.30:0 ASN#27257 WEBAIR-INTERNET
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=488122&pub_clickid=66360960768944608926ccdd&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tads.stravaganz.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 10:09:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://onclink.org/in/p/?spot_id=547780&cat=25&sub_id=1446709922&campaign=1358562&country=no&area=465513_
|
|
| mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDQ2NzA5OTIyIiwic3NwIjozNzU4LCJzcG90X2lkIjo1NDc3ODAsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiNTQ3NzgwIiwicGFnZSI6Imh0dHBzOi8vdGFkcy5zdHJhdmFnYW56LmNvbS8iLCJjYXQiOlsiSUFCMjUiXX0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImpicGpyM3ZzcmN3dmNlNXlteGxnbCJ9LCJleHQiOnsiZHQiOjE3MTQ4MTczNzY1OTF9fQ== | 94.130.197.240 | 302 Found | 0 B |
URL GET HTTP/2mcpuwpsh.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDQ2NzA5OTIyIiwic3NwIjozNzU4LCJzcG90X2lkIjo1NDc3ODAsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiNTQ3NzgwIiwicGFnZSI6Imh0dHBzOi8vdGFkcy5zdHJhdmFnYW56LmNvbS8iLCJjYXQiOlsiSUFCMjUiXX0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImpicGpyM3ZzcmN3dmNlNXlteGxnbCJ9LCJleHQiOnsiZHQiOjE3MTQ4MTczNzY1OTF9fQ== IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxNDQ2NzA5OTIyIiwic3NwIjozNzU4LCJzcG90X2lkIjo1NDc3ODAsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiNTQ3NzgwIiwicGFnZSI6Imh0dHBzOi8vdGFkcy5zdHJhdmFnYW56LmNvbS8iLCJjYXQiOlsiSUFCMjUiXX0sImRldmljZSI6eyJ3IjoxMjgwLCJoIjoxMDI0fSwidXNlciI6eyJpZCI6ImpicGpyM3ZzcmN3dmNlNXlteGxnbCJ9LCJleHQiOnsiZHQiOjE3MTQ4MTczNzY1OTF9fQ== HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://onclink.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://mcpuwpsh.com/popunder/in/click/?mid=6681398418029929163&pid=0&site=547780&sc=NO&usage_type=DCH&subid=1446709922&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tads.stravaganz.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=547780&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pop_winurl=&ip=91.90.42.154&testab=&px_id=547780&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=3773d648a9975400e176cd28a1f06834&score=449.2165630456498&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=89,4,83&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=89,4,83
X-Firefox-Spdy: h2
|
|
| track-us.byte-builders.net/pop/imp?auth=n25uq8&c=cfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA | 88.214.195.96 | | 0 B |
URL track-us.byte-builders.net/pop/imp?auth=n25uq8&c=cfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA IP88.214.195.96:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=n25uq8&c=cfBJ62noxo98ogHZHRwooa4nKOJuZLKYdecejneUaxzENi92anIRmxoI37OWJ82g0s2wCHdlAtUlfM6pOYJ385uiwsv5ygnkoU27EPu6OySgf9xJZbeA90Z5CskLRiv-3104bz5tObF3XTHQZ7iM6ocOXBVIH9y32Us9In4xFjn7eHZB7tOm1yrZpgoMy3Op7cafcnAZAxA5QDyrEYC2g0WBVSXstsdK3dgPMV8WF7jJEGZybqbp99Nz_4M5zYsd87K67JCFK8DJNi2mfxnwmTURa2_dCJ2-q04KHSR-XYkxAk-ekwIi6iDpDWR9qjk532cZA9Q3PRkKlNjBAcv0k7NSUgOk8WgDal9AHoLbSiv0KJYYyefBj0B2l2ugW2fOSJ_kVEPSaGGZ_o4UFxRmue03BrpYxUo2j64pvm1P1caVDRF-78O8ojXsoc2QWWGvz5n7zv-xT-U_Nd7duF4k_owSV6l3Qez4v40u8gHivDIpRBlFYpzgvRfnrrpkjyod80C1nSyKqZrZMzaZjRcFwLrYtHKZ3n0Acj6ZcqYdVOIPXBfYMz8Bg5YIAGn2nSCncvY51D7ebvTXiTd4CvCBSRbgWigtpL2h1EXGnhIMQfvtlWsX6YtKBHU5N7PCrhrRgTID9zwciqufJfgn4rh9a7G0I7ss2p8a8vsXQDL3fvReijU4zFrNsPx7lkA HTTP/1.1
Host: track-us.byte-builders.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 04 May 2024 10:09:36 GMT
Content-Length: 0
Connection: keep-alive
Location: https://fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=557214&utm_content=54175¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w
|
|
| mcpuwpsh.com/popunder/in/click/?mid=6681398418029929163&pid=0&site=547780&sc=NO&usage_type=DCH&subid=1446709922&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tads.stravaganz.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=547780&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pop_winurl=&ip=91.90.42.154&testab=&px_id=547780&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=3773d648a9975400e176cd28a1f06834&score=449.2165630456498&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=89,4,83&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=89,4,83 | 94.130.197.240 | | 0 B |
URL mcpuwpsh.com/popunder/in/click/?mid=6681398418029929163&pid=0&site=547780&sc=NO&usage_type=DCH&subid=1446709922&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tads.stravaganz.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=547780&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pop_winurl=&ip=91.90.42.154&testab=&px_id=547780&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=3773d648a9975400e176cd28a1f06834&score=449.2165630456498&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=89,4,83&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=89,4,83 IP94.130.197.240:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder/in/click/?mid=6681398418029929163&pid=0&site=547780&sc=NO&usage_type=DCH&subid=1446709922&sid=0&cid=16324&price=0&is_cpm=0&cpm=4&ecpm=3.114000082016&crid=54175&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=tads.stravaganz.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=547780&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fwin%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pop_winurl=&ip=91.90.42.154&testab=&px_id=547780&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.15722542938503506&placement_type_id=7&skin_test=&verify_hash=3773d648a9975400e176cd28a1f06834&score=449.2165630456498&durl=&ml=&tag_ab=&original_bid=0.004&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.1224&url=https%3A%2F%2Ftrack-us.byte-builders.net%2Fpop%2Fimp%3Fauth%3Dn25uq8%26c%3DlNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=89,4,83&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=175&scroll_percent=0&empty_clicks=0&aid=3780&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=89,4,83 HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Sat, 04 May 2024 10:09:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://track-us.byte-builders.net/pop/imp?auth=n25uq8&c=lNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P
X-Firefox-Spdy: h2
|
|
| track-us.byte-builders.net/pop/imp?auth=n25uq8&c=lNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P | 88.214.195.96 | | 0 B |
URL track-us.byte-builders.net/pop/imp?auth=n25uq8&c=lNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P IP88.214.195.96:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=n25uq8&c=lNugiVyRY2uVyAIPPUMv6LBj72N2Je7iJtUMl41qSvizpmrTUerYoPVpgLpZnRZ0eP4x47Ab0hhNDtAbXSKutDg4sam3RhE5GOnQruZhk1o_u5GDyq6vXhPp4qCEqbcLefgF6p24ZrcISRRnD5eMt0ybQ9EfM-xUUnD1E_KNPGX__DwXCBdv7MK1iYYltTFzaqp4L3fIy-GclkVM7s_XklgIrs7xJUYa4Ke7KP1xZ8sm3eJX1u-j1nRSW0PMcC_xyuLQQROOWgHUIh0b9LpkTkx8-Kjl7vdQkTB-QDu_F6Tl9hjOvadz9TG2e32VKNCqpTbQMwEhn6hQWmjWTq5cd5oTqWq8T6HcI3EyladHNNV5CQk1WMgvmW-UVQq1mnE2tgKiEzQXzbB8JzU48izFW9H9tgm0DPTFDwiF4_iE0XKfd9PnTtLhBkcGbBDZ6j_Oq32ybaXT9riSHXzGfYlbPwUUzMRgEQnvVDh7-Ng5pzOAdbirhYCsVTi3LFL7525YbDWMoj3bbKkbaOy_txDBHmSLYrYttSXs0OpwQ7FfFUv59WLhcK52zx5NpEX3zlRRfGabRim04g_hZ3eZyqfZZ_7mg07s7PDgno7-f7zOTUp1eP7Eo09_UkxuEFJXjmhNP7U7sqf0j6j8zncSn3fPL5wZF_Nq0QWv6G_-6iI67Me3XY_P HTTP/1.1
Host: track-us.byte-builders.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 04 May 2024 10:09:36 GMT
Content-Length: 0
Connection: keep-alive
Location: https://fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=547780&utm_content=54175¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w
|
|
| fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=557214&utm_content=54175¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w | 3.69.185.50 | | 1.6 kB |
URL fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=557214&utm_content=54175¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w IP3.69.185.50:0
File typeHTML document, ASCII text, with very long lines (709) Hashcd4b6d559d1aca6c345616eb9e1a1d2f bfdc61dab386006592dc7864938e2f25e9637f31 87e8bafe7e0e1234ea313b4d4d5148174551372993f1c31b0a6519a65120700d
GET /67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=557214&utm_content=54175¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w HTTP/1.1
Host: fairspin-h.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Sat, 04 May 2024 10:09:36 GMT
Location: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Set-Cookie: 2b30eb962003529aa1d435285d39b1c0=MTgyNTkyODQ2; path=/; secure; httponly; samesite=lax
|
|
| fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=547780&utm_content=54175¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w | 3.69.185.50 | | 1.6 kB |
URL fairspin-h.click/67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=547780&utm_content=54175¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w IP3.69.185.50:0
File typeHTML document, ASCII text, with very long lines (709) Hash3265db3d2d7e4c6120a58b4249601565 8dfe1522f7e33f5dff158d2cb3e68f89df118c96 39073234f4da56711d165e9ad77a0445877335c9a192b3f2b2e6adb183836de7
GET /67828/1389?l=3863¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03&utm_medium=67828&utm_source=31&utm_term=547780&utm_content=54175¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w HTTP/1.1
Host: fairspin-h.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Sat, 04 May 2024 10:09:37 GMT
Location: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Set-Cookie: 2b30eb962003529aa1d435285d39b1c0=MTgyNTkyODQ3; path=/; secure; httponly; samesite=lax
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hashfd8bddddbac9fef2d4fcde9341f7375d 445365baac2ee0efca5809833c95e920ac16e6fb d4076f2daeaa918e4288ce1a56256607fa1c77a98717adb276951bc76598ddf1
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 10:09:37 GMT
Last-Modified: Sat, 04 May 2024 09:42:44 GMT
Server: ECAcc (ska/F7A3)
X-Cache: Miss from cloudfront
Via: 1.1 1461474e0d89d7660f19f427648cae0e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: hizbg1aihEUKhDi9lq03DUA4ED83wPd_sHLn2MH_d6DC9GJeUwUb3A==
Age: 1614
|
|
| smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= | 52.57.19.141 | | 90 kB |
URL smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= IP52.57.19.141:0
Hash972174dae4dbdbcf161df9adac0b82ab fa1e998d953191c4ecdf43fcc5c9b16397a723a0 fc15152d031a06c3b8d1a3b07d49547caa254d81f174fd726e77b4c1901e2b45
GET /r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.24.0
cache-control: no-cache, private
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg | 52.57.19.141 | | 794 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Hashad8d92a0eb34e4f0a2c2c9c470b81718 765742be6ebed2106ab8fc18b7db65628ac33be9 b7d1e1f0ae0e827e73a6e43af5801b55efff7e62d1e203467ba853b36f5fe4c0
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
content-length: 794
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-31a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/palm.png | 52.57.19.141 | | 39 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/palm.png IP52.57.19.141:0
File typegzip compressed data, from Unix Hash99326d70e269bd2c712edc50a4e92609 d3ba04cceb525b5d1d81b2ea35b41bb0efb4e651 d0fa68cd1b276857be498f7b12f7fe90b31d5471b4d460e3ea8b278724743347
GET /uploads/landings/3-screens-slot-6514839815026/img/top_section/palm.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-952c"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png | 52.57.19.141 | | 878 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png IP52.57.19.141:0
File typePNG image data, 58 x 58, 8-bit colormap, non-interlaced Hashc21cea1e0b156f209295cf0ba71d4fda eaffab87b2477e3bc805651c8c4e2adb555a58da 8bddfff8835eb99207c88364adab535b5865db9a7a73fbc275413f055a32a997
GET /uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
content-length: 878
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-36e"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form/email.svg | 52.57.19.141 | | 631 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form/email.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Hasha5c8de89c4f7aa6157a52371f48ab9c3 ea62fc70e6f188f29d4a4fb893a3075c40a15a47 31a4bb97ecb12333a17960d01b658eaf998dce6d884c08244d0d2d5172286b7c
GET /uploads/landings/3-screens-slot-6514839815026/img/form/email.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
content-length: 631
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-277"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js | 52.57.19.141 | | 142 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js IP52.57.19.141:0
File typegzip compressed data, from Unix Size142 kB (141507 bytes) Hash2b70675406d1b043f14f838d42d55c62 24f43ef702d73b2afc1f70ce848516c2591e76f7 f2042741d2c804a8e602cc7f342e401a5ed1843d31d9489bd015dbe908fae74c
GET /uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: application/javascript
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: W/"65e6d7f3-6d190"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo.svg | 52.57.19.141 | | 102 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Size102 kB (101848 bytes) Hashc1661b3188d04ccbc36618be2d50c995 19d5113d5aa2e583d60de39b18d578b1acf962b1 13ff76ccddf023bc53d4fbe4661bcc8dbb312ce15bc64437af883138d97d3ebb
GET /uploads/landings/3-screens-slot-6514839815026/img/logo.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-1bef"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/main.png?v=1 | 52.57.19.141 | | 298 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/main.png?v=1 IP52.57.19.141:0
File typegzip compressed data, from Unix Size298 kB (298078 bytes) Hash30d4f9806fba961698a9604d477922dc dcd28bfe4d1144a3f6f98f5a1655a1303a290827 e8a8806eaf54e70cb4920c967dba03992a2c84f0c7144f0f383ae55020523cff
GET /uploads/landings/3-screens-slot-6514839815026/img/top_section/main.png?v=1 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-311c0"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond1.png | 52.57.19.141 | | 214 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond1.png IP52.57.19.141:0
File typegzip compressed data, from Unix Size214 kB (214032 bytes) Hash607e1b1e1a08b2e62eb291977f01f575 bc171952f7dca6c61cf284c9748d8eadbc549fe2 f80f54919c1e956d4d9a2bc0aa384cde1e57eca1911050154ae713d48ec4af03
GET /uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond1.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-f20"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/coin2.png | 52.57.19.141 | | 237 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/coin2.png IP52.57.19.141:0
File typegzip compressed data, from Unix Size237 kB (236628 bytes) Hash0c20a643427546c30714301f0bf178ef 160ef699fa3e5271e4bac2e862d8a42a0052a601 474c5ff22fb477ba4d061d5fa93710e382518be99ddb0be2311cde432f4ea122
GET /uploads/landings/3-screens-slot-6514839815026/img/top_section/coin2.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-1fa6"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.png | 52.57.19.141 | | 100 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.png IP52.57.19.141:0
File typegzip compressed data, from Unix Size100 kB (100507 bytes) Hashae35321d683734639f6f23e1d4f11c60 d6b197f4f4a52e9f6c8e9c665b93473709b8c9f6 158c0c11014c4c484a746070117c1a54e5308fad1ad8b9c6a3f115ac3fd724e8
GET /uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-ef8"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond2.png | 52.57.19.141 | | 102 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond2.png IP52.57.19.141:0
File typegzip compressed data, from Unix Size102 kB (101580 bytes) Hash45d26162182b6aeb66ba2a7ba31437ca 25816846d0031034fbea7fe83cd347f7adb72b48 d146d6c6a5f0b5932d10217f1922d90d43227678cffa81683fd1ba92406e0e7a
GET /uploads/landings/3-screens-slot-6514839815026/img/top_section/diamond2.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-1009"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/jane.png?v=1 | 52.57.19.141 | | 177 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/jane.png?v=1 IP52.57.19.141:0
File typegzip compressed data, from Unix Size177 kB (177415 bytes) Hasheb0670281f3fa1bf48dc9d5179eb305e a704a1b7a8796525ec5f61e6613b8a71ed0f71bf 92a88dbea00da2fb83be9d35d7b47c89322c7e74642bbcf09fc8977379ea1d05
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/jane.png?v=1 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-1509f"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg | 52.57.19.141 | | 794 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Hashad8d92a0eb34e4f0a2c2c9c470b81718 765742be6ebed2106ab8fc18b7db65628ac33be9 b7d1e1f0ae0e827e73a6e43af5801b55efff7e62d1e203467ba853b36f5fe4c0
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_4.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
content-length: 794
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-31a"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_9.svg | 52.57.19.141 | | 865 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_9.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Hashd6d0f0026d24d4454b39a1028a5652ca f6f70fe137ee19c208b0e181480a816a969c4e09 e9061faf3079385ea77b43f93511c7dc7797b3841a61a847edecd0033627f698
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_9.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
content-length: 865
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-361"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Bold-f33d03d5.woff2 | 52.57.19.141 | | 92 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Bold-f33d03d5.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 92236, version 1.0 Hash25c02e7be3e7dcd51c2fedf848b4042f bf5aa25a8f14d17d3cf8b8c9697b12a4908bc94f f33d03d51ace62dac894b7860dd8dd2a789c000b5f4f85cc965913664c4d8b03
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Bold-f33d03d5.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 92236
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: "65e6d7f3-1684c"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/bg.jpg | 52.57.19.141 | | 74 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/bg.jpg IP52.57.19.141:0
File typegzip compressed data, from Unix Hashf7e410a06be74c5b8e651fc27b0725f1 d148af158385e1ed413a73f3ff23a5f3678a0868 be40595007fe864735f18dade46605e3f2a3f236024256c1c768976a43b42543
GET /uploads/landings/3-screens-slot-6514839815026/img/form_section/bg.jpg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/jpeg
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-120ed"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-SemiBold-fb6ce0e0.woff2 | 52.57.19.141 | | 92 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-SemiBold-fb6ce0e0.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 91624, version 1.0 Hash50643fb8630473f52c0daeb083bffba2 545f444e057d636f96ea9843cb19b0c239134283 fb6ce0e09a4d71eafeb589ac8badfbebd816b2bbb009cdc08f3ab72655ab45dd
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-SemiBold-fb6ce0e0.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 91624
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-165e8"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Inter-ExtraBold-5e083152.woff2 | 52.57.19.141 | | 100 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Inter-ExtraBold-5e083152.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 100088, version 1.0 Size100 kB (100088 bytes) Hash4600d64ad5006f3a506fdffd38c14f94 6d909e8d5bc2e842a5048f6b0627f0e31720171b 5e0831528b5cafdbd1d72797594650031d8ef86ec62bd9c3ce5163103850f822
GET /uploads/landings/3-screens-slot-6514839815026/assets/Inter-ExtraBold-5e083152.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 100088
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: "65e6d7f3-186f8"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png | 52.57.19.141 | | 878 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png IP52.57.19.141:0
File typePNG image data, 58 x 58, 8-bit colormap, non-interlaced Hashc21cea1e0b156f209295cf0ba71d4fda eaffab87b2477e3bc805651c8c4e2adb555a58da 8bddfff8835eb99207c88364adab535b5865db9a7a73fbc275413f055a32a997
GET /uploads/landings/3-screens-slot-6514839815026/img/form_section/ic_4.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
content-length: 878
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-36e"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Light-e21e7ed7.woff2 | 52.57.19.141 | | 91 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Light-e21e7ed7.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 91192, version 1.0 Hashc69ceaa160f37024fbf34baedbad692f 25778854e65706ecb021a702d0dcd181fed4646c e21e7ed7d99fb24c423453dd68f626c40b03167a8b8f10baa9683b8558ae7533
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Light-e21e7ed7.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 91192
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: "65e6d7f3-16438"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form/email.svg | 52.57.19.141 | | 631 B |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/form/email.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Hasha5c8de89c4f7aa6157a52371f48ab9c3 ea62fc70e6f188f29d4a4fb893a3075c40a15a47 31a4bb97ecb12333a17960d01b658eaf998dce6d884c08244d0d2d5172286b7c
GET /uploads/landings/3-screens-slot-6514839815026/img/form/email.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
content-length: 631
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-277"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Regular-4d50f9bd.woff2 | 52.57.19.141 | | 92 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Regular-4d50f9bd.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 92140, version 1.0 Hashc9801bdcb4fbe2c27b04cd34056ab9ec 4bbc997943e7308cbe6d72f4df8ae0db7d19b345 4d50f9bd552e81720aa30ec81bf67852785d8bc7104dff5675b458825edeac8f
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Regular-4d50f9bd.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 92140
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: "65e6d7f3-167ec"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Black-cc2e0c0d.woff2 | 52.57.19.141 | | 91 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Black-cc2e0c0d.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 91372, version 1.0 Hasha2d2c119a02f90df62f98fa4ab7fa150 96455aa78eb4b1751293014d5f8d46aceeb94540 cc2e0c0d004a69e95f9d06faa1e45da5411b9082d65500c35b4290130b159146
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Black-cc2e0c0d.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 91372
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-164ec"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-c7964882.woff2 | 52.57.19.141 | | 92 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-c7964882.woff2 IP52.57.19.141:0
File typeWeb Open Font Format (Version 2), TrueType, length 91992, version 1.0 Hash0539a27483ec2db1fa4e01f61ef6c51f 48158e416297058245eaf8338566f3da2fa2d6c0 c79648825c6950fad23b8fd4ffa749cad49d525b644b4ed613d3ee4b676f56cc
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-c7964882.woff2 HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: font/woff2
content-length: 91992
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: "65e6d7f3-16758"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_2.jpg | 52.57.19.141 | | 120 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_2.jpg IP52.57.19.141:0
File typegzip compressed data, from Unix Size120 kB (120443 bytes) Hash490b055cb9ad0f162654136b18332bf7 2171b3bf40d5c1745501494dbe285f4540cd6889 a2661ab5766367b7161a39580ee30ee87a00086c738b5cb77844567ca8ff557d
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/game_2.jpg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/jpeg
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-59ec"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-fc2dc930.woff | 52.57.19.141 | | 139 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-fc2dc930.woff IP52.57.19.141:0
File typeWeb Open Font Format, TrueType, length 138800, version 0.0 Size139 kB (138800 bytes) Hash197b3b159ff23fa82123755e2c965e6a 5af248c21ec561cd9b3ec17cf82a53c3e801415a fc2dc930f1e4440222da755673e09e2971005aeff8bdd26d4eb0b3a5a5a337bc
GET /uploads/landings/3-screens-slot-6514839815026/assets/Montserrat-Medium-fc2dc930.woff HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-1b41d556.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:39 GMT
content-type: font/woff
content-length: 138800
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: "65e6d7f4-21e30"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/chunk-common.ea2dbb60.js?01e3bc1fef3b160d | 172.66.40.68 | | 149 kB |
URL fairspin.io/js/chunk-common.ea2dbb60.js?01e3bc1fef3b160d IP172.66.40.68:0
File typegzip compressed data, from Unix Size149 kB (148918 bytes) Hash3642f0314e0798fa2904682bd8c9460c d03663c871884c7b5063538c41a4f8d6f3386db0 f1375eaa494eb3c039678c16cf56b49906a9d5cb7e65d612ad4b902748450c3b
GET /js/chunk-common.ea2dbb60.js?01e3bc1fef3b160d HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"a6325-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25b1dd1b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/common-f4148500.js | 52.57.19.141 | | 13 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/common-f4148500.js IP52.57.19.141:0
File typegzip compressed data, from Unix Hash3e6cc3748df2968e1e44af594ca15953 3a825c395bcda3f841dbc182b0a500028c155c97 076fab3cf6b1e20787a695864201bdd9e938c875e05710722fdcec777d9b5bb3
GET /uploads/landings/3-screens-slot-6514839815026/assets/common-f4148500.js HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: application/javascript
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: W/"65e6d7f3-939"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/rakeback__2.svg | 52.57.19.141 | | 365 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/rakeback__2.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Size365 kB (365097 bytes) Hash1de4984284ae68c33e0227770bfed7d9 43ef159b4bbc9134a43068ef87494ef6d978847b 323fa31bf481d0bf56a4086a5855e1719819ac06878bfab96816665a0547d800
GET /uploads/landings/3-screens-slot-6514839815026/img/vantages/rakeback__2.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-19b22"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/views/documents/dispute.01e3bc1fef3b160d.css | 172.66.40.68 | | 30 kB |
URL fairspin.io/css/views/documents/dispute.01e3bc1fef3b160d.css IP172.66.40.68:0
File typegzip compressed data, from Unix Hash2ad1b3cc337fc2a1ac68f8b6788f7f50 6b3e4289276642bb6872327c6b02769bc9f13dd7 1e50943158e69248ce3874c1de8475d22ebef4281107b2db94283c1c680dc122
GET /css/views/documents/dispute.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"14a2-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25c1f1eb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fs.yiikede.com/pixel/2/home?user_id=null | 188.114.97.1 | 200 OK | 68 B |
URL GET HTTP/3fs.yiikede.com/pixel/2/home?user_id=null IP188.114.97.1:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerGoogle Trust Services LLC Subjectyiikede.com Fingerprint78:24:53:97:1A:58:65:B6:D3:D2:42:97:30:35:CE:C6:62:D3:7C:16 ValiditySun, 21 Apr 2024 15:56:54 GMT - Sat, 20 Jul 2024 15:56:53 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /pixel/2/home?user_id=null HTTP/1.1
Host: fs.yiikede.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Cookie: pixel-id=d2bc97bb-b472-4d91-aa02-463e1d5663c1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:43 GMT
content-type: image/png
content-length: 68
x-powered-by: Express
access-control-allow-origin: *
referrer-policy: no-referrer
cache-control: no-store
set-cookie: pixel-id=d2bc97bb-b472-4d91-aa02-463e1d5663c1; Domain=yiikede.com; Path=/; Expires=Sun, 04 May 2025 10:09:43 GMT; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15724800; includeSubDomains
x-ipcountry: NO
x-req-status: 200
x-req-time: 0.002
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9l%2FOSuWTNuvuZ16AK5D9KpaOTiiprUi4PChbsXXEUZQCzcdmlN3Qhi9EaTWNBFY6aakGHB4ZCQ0yEx0gZOZyMlYLBBHh6B5VXJ7tTAbCo1XhpyI7iCcN%2F2DBkTlO1%2BGgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7b263eb50b527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| downstairsnegotiatebarren.com/sfp.js | 104.21.35.227 | | 38 kB |
URL downstairsnegotiatebarren.com/sfp.js IP104.21.35.227:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:29 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: cd422532071bb128c8d98c9a90460c67
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 10:09:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Zoq2oMYroNhWEd3JgaQrfoflc9W1hKzayNnVkq46SpsF1h8mH%2BsrsrmdL0ByR5hc7FAHEpm1%2FGbszl5yANpSI87fIE%2FoUgOoSM%2B8qmrNCeq9NJIF%2BwQRGZYyNb4%2BWOZFSc%2BIxuozqmOXY1tRNTgVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b210da96b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_2.svg | 52.57.19.141 | | 9.8 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_2.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Hash1aa9bb9f5ff94c35554e027a389120dc db181ffb34afb6c9695d098407f878b182f76d58 27defdbad5713b609e4a423e2f596975284c49fd7bebccba0a6bce4647013f7d
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_2.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-6c6"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_5.jpg | 52.57.19.141 | | 27 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_5.jpg IP52.57.19.141:0
File typegzip compressed data, from Unix Hash68b175ed5c4d43b0c43b63fda90a3eaf ac4e1169edd806993d4d430e3873757f7cde2235 b66fce6b0de084845aab23aa432855aa643fbc740998deab3786964b07ceae31
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/game_5.jpg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/jpeg
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-5245"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.itskiddien.club/?rb=LCDC7FK1AfH7tsKsfm9ZNFJVbEeN0Wpwy2aI8I6u8a0ICj6AI2VKh6RnxdKrl1N5SkTdpyHOMw4jWRorC36z_79sBlxwP3LMzTOe3z-xqbWnH8j2Zq-EqFoy_pTf3cNkqokuQcKMC9FrZx5l74NwzUOQtEXT-TuVBt83RQy7Zy14HadeFxpLafbNJMC66PnW0IfgiToEZlxUn748Zy_i1B91raiKrEaRrrUKwwwAVcxSxh24-g5Z7QiDh8EGMfK0jUsgLwrHnbQtTk29&request_ab2=0&zoneid=5902452&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=12&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=4223f8b6-0693-4351-9692-c7743e2f045d&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link | 139.45.197.236 | | 31 kB |
URL cdn.itskiddien.club/?rb=LCDC7FK1AfH7tsKsfm9ZNFJVbEeN0Wpwy2aI8I6u8a0ICj6AI2VKh6RnxdKrl1N5SkTdpyHOMw4jWRorC36z_79sBlxwP3LMzTOe3z-xqbWnH8j2Zq-EqFoy_pTf3cNkqokuQcKMC9FrZx5l74NwzUOQtEXT-TuVBt83RQy7Zy14HadeFxpLafbNJMC66PnW0IfgiToEZlxUn748Zy_i1B91raiKrEaRrrUKwwwAVcxSxh24-g5Z7QiDh8EGMfK0jUsgLwrHnbQtTk29&request_ab2=0&zoneid=5902452&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=12&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=4223f8b6-0693-4351-9692-c7743e2f045d&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link IP139.45.197.236:0
File typegzip compressed data, max speed, from Unix Hashed2bf016c9bc6fe6c79afbb14c7742c9 dbbab341005ca6765f47ad054fb98a52ceb8694f 54ee1a1ddc16085124e81ecfaa4eec013552c2630c1191de6fee1cc3e50b5fa2
GET /?rb=LCDC7FK1AfH7tsKsfm9ZNFJVbEeN0Wpwy2aI8I6u8a0ICj6AI2VKh6RnxdKrl1N5SkTdpyHOMw4jWRorC36z_79sBlxwP3LMzTOe3z-xqbWnH8j2Zq-EqFoy_pTf3cNkqokuQcKMC9FrZx5l74NwzUOQtEXT-TuVBt83RQy7Zy14HadeFxpLafbNJMC66PnW0IfgiToEZlxUn748Zy_i1B91raiKrEaRrrUKwwwAVcxSxh24-g5Z7QiDh8EGMfK0jUsgLwrHnbQtTk29&request_ab2=0&zoneid=5902452&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=12&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=4223f8b6-0693-4351-9692-c7743e2f045d&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://videzz.net/
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Cookie: OAID=00805209bd094d4be6b334797d8c1afe; oaidts=1714817372
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:33 GMT
content-type: application/json
x-trace-id: 0b9cd959ebc3be3721d53017f48323d7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://videzz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080522eb7fc42c4f18c5b84107d6df7; expires=Sun, 04 May 2025 10:09:33 GMT; path=/; secure; SameSite=None
oaidts=1714817373; expires=Sun, 04 May 2025 10:09:33 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 10:09:33 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_4.jpg | 52.57.19.141 | | 28 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_4.jpg IP52.57.19.141:0
File typegzip compressed data, from Unix Hashfa3fa3accd1eeab901a37b3d7fb2cba0 2d83b38d0bd9f82e1af9ae38c5f2332bcd9354b6 0f17c13c73c0f8e2d247a51fd70e1dff8f40e308989a87060d85e93278aa9efc
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/game_4.jpg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/jpeg
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-46b7"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/promo/base.01e3bc1fef3b160d.css | 172.66.40.68 | | 614 B |
URL fairspin.io/css/package/promo/base.01e3bc1fef3b160d.css IP172.66.40.68:0
File typegzip compressed data, from Unix Hash1b9735f919b43d75e00391d50499dcb4 782ca5241e0ecd3ced9cb8adbb06f7bf7bdd0bc8 f2dfc6e465d766648ac018abdfa924037fd4f15f2e43162fb63f76aad26c4d83
GET /css/package/promo/base.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:42 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"40f-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2608c18b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_1.svg | 52.57.19.141 | | 42 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_1.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Hashcb45a82fb6319fd474e31d2e7a3efaec 2734a1aa5f238d5d3b9c8fd44e46e4602c516721 67ab50ac48ed003db65cbea0f6579afa58fdde96414e465c33856159c07e7fb2
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_1.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-8e1"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Montserrat+Alternates:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap | 142.250.74.138 | | 31 kB |
URL fonts.googleapis.com/css2?family=Montserrat+Alternates:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap IP142.250.74.138:0
File typegzip compressed data, max compression Hash7890c57e55b62a6c782958694d0faa6d 2514af5f2650570ffa084b71347aaf94d38354d5 54e6bbd20093b5e41998de0e42c0a2892d3cdfc0f2f7febd9510eef1d5c30605
GET /css2?family=Montserrat+Alternates:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topsites.hadesex.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:09:33 GMT
date: Sat, 04 May 2024 10:09:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize.svg | 143.204.42.42 | 200 OK | 705 B |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash68d90bcf82ace16d02b63834daa4f0f0 a6bacb83e47435027815ac62c8203201b92c8b75 e8b185441167ae52e8f42f4e8dee681605cb64525c50d3129bd57f6700535f87
GET /fairspin/views/tourney/prize.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 705
last-modified: Thu, 13 Apr 2023 09:28:30 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:07:11 GMT
cache-control: max-age=600, must-revalidate
etag: "68d90bcf82ace16d02b63834daa4f0f0"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e_02iW9LsAcmXJnccccyRas8CRBE-vJp5IJhFBQrlyP8MiL4x7rxlA==
age: 153
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_1.jpg | 52.57.19.141 | | 26 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/game_1.jpg IP52.57.19.141:0
File typegzip compressed data, from Unix Hash2465fb67b94226f16e7fdd206cda09c9 53d9fa73d7765e7675f6d61d942b0747e4a59af2 0054c2c32893f77b11abd1fecf0d84db4b6b5f55e74c126571b94078b6008489
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/game_1.jpg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/jpeg
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-4bd5"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/diamond_1.png | 52.57.19.141 | | 11 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/diamond_1.png IP52.57.19.141:0
File typegzip compressed data, from Unix Hashad3af52931beb506967b33ea2ffd7b66 950c79efe1f745bd604294ef5aef882b64fd0b4e 2aba3e66f2aec511020027e5161a58a7aa110116881cdee5ae65b446fcd42cf9
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/diamond_1.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-18af"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg | 143.204.42.42 | | 817 B |
URL d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashc2c3cadcc5b107aaaee8df05b7811921 a14a45989222a601d7968ce21d57339b09a9a9a1 88169c656c516ac6374fe2a7988e103f6eb99db165ce6478aa68ce1b74e67ba9
GET /static/langs/en.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 817
last-modified: Thu, 13 Apr 2023 09:36:21 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:02:02 GMT
cache-control: max-age=600, must-revalidate
etag: "c2c3cadcc5b107aaaee8df05b7811921"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YMUymi8unDhOyvFlOkSirzw1Ke9Dujsd3FBzg4iwUoyCoXVFQWP1xA==
age: 463
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/search-flat.svg | 143.204.42.42 | 200 OK | 704 B |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/search-flat.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashbaf9d7094c2e606313e0808a8dbb417a 5a9effdb1a61362c3697219b072597a2812c5caf 8a964407cdcf33c64bb1ee333487f1e432b6a73ccb3076bd21959b3e66e5c6e2
GET /fairspin/icons/search-flat.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 704
last-modified: Thu, 13 Apr 2023 09:28:08 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:03:15 GMT
cache-control: max-age=600, must-revalidate
etag: "baf9d7094c2e606313e0808a8dbb417a"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: coe9odXSWzARy2eMggOCckgjEFYbueEcrJPRUagYoowuHvpv2SKplA==
age: 390
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/dropdown/icon-expand.svg | 143.204.42.42 | | 255 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/dropdown/icon-expand.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashcf5a6d9f651f31a0c99ae81c44602081 b355acff0b875817c428c4c4c1caa60b2f561927 67337b268c43ae06ed88d66665efe659af77df38869589d8f02516f96262b178
GET /fairspin/base/dropdown/icon-expand.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 255
last-modified: Thu, 13 Apr 2023 09:28:05 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:03:15 GMT
cache-control: max-age=600, must-revalidate
etag: "cf5a6d9f651f31a0c99ae81c44602081"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A5mQw2Z2d92m_zCLlaDcaFQKvBmp35JsmZ28rdC26QFHKfJPvMzNRg==
age: 390
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/header/arrow.svg | 143.204.42.42 | 200 OK | 213 B |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/header/arrow.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash554ba7c2ce40f7e1738b4adb98fb7fc0 63c2683bee5246c7f671a275405fa3e4599ee157 c1132df5458783714b79e68ee0b5d658319db5c8855af74adc4bb447a89298db
GET /fairspin/header/arrow.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 213
last-modified: Wed, 10 May 2023 09:38:39 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:03:15 GMT
cache-control: max-age=600, must-revalidate
etag: "554ba7c2ce40f7e1738b4adb98fb7fc0"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 962v9j4pXQgsB7PAeew6u3PCuEWvPm_lcCOXlTqs6BG5jfZsMt-U2w==
age: 390
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-left.svg | 143.204.42.42 | | 539 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-left.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashf2047a57488852a7d3ecdc6ba997c440 687cea91cf782bfc28718d16a67fde6102f01002 8b40630fca0b7533aa265a54e073640708f53ea4786694ef3feba940412d2cd3
GET /fairspin/base/chevron-left.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 539
date: Fri, 03 May 2024 18:45:24 GMT
last-modified: Mon, 04 Dec 2023 16:35:13 GMT
etag: "f2047a57488852a7d3ecdc6ba997c440"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Rn3-gVCn56gpy6i592XnAu6aGQ3Qxu1GD5jKBM44zUwGp08OkVaPDg==
age: 55461
vary: Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-right.svg | 143.204.42.42 | | 536 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-right.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashe45668d2755ca7060f694a140bd5b455 27e95f2affe8356804c1ddd895b214a366ce3562 7e5ee8e87fa03e9e68eac6994c217e37dbac851b57c57144af2bd39e37be3831
GET /fairspin/base/chevron-right.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 536
date: Fri, 03 May 2024 18:45:25 GMT
last-modified: Mon, 04 Dec 2023 16:35:13 GMT
etag: "e45668d2755ca7060f694a140bd5b455"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: osfWYUpTb0quVEaNCKye6YO7qIdYBaCnEW35PmfqAD3bOE0Y9otS2A==
age: 55460
vary: Origin
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_3.svg | 52.57.19.141 | | 13 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_3.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Hashcf4c4b720817125426e93dfe61d4df87 1014dd4e4e0b74469767b30e451b95ddcb43c467 43ccfa6fcfdaa17d83ac1ee1365b2b1d5a5c4a22ea31c9b1e7d63c4b448ab332
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_3.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-4af9"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_6.svg | 52.57.19.141 | | 100 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/logo/logo_6.svg IP52.57.19.141:0
File typegzip compressed data, from Unix Hashb483b36479a0a57deb61a41bb1267534 011989586171c9707aa34f32b44d97a3b9876dd0 43021a8bc4a193192aec8cd995e346f3def81989fb6437825ad3af5040ff3dde
GET /uploads/landings/3-screens-slot-6514839815026/img/logo/logo_6.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-471"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.66.40.68 | | 0 B |
URL fairspin.io/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.66.40.68:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Sat, 04 May 2024 10:09:44 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b26b2933b4fd-OSL
X-Firefox-Spdy: h2
|
|
| fairspin.io/api/v1/player/initial-data?featureNames=LOYALTY_PROGRAM&featureNames=TOURNAMENTS&featureNames=MINI_GAME_WHEEL_OF_FORTUNE&featureNames=TRUE_SIGN&featureNames=FAST_TRACK_INTEGRATION&featureNames=FAST_TRACK_INBOX&featureNames=PLAYER_TRANSACTIONS_TAB&featureNames=AWARDS_BLOCK&featureNames=HORIZONTAL_MENU&featureNames=SIDE_MENU_PROMOTIONS&featureNames=FAQ_BLOC&featureNames=VIEW_KYC_POLICY&featureNames=VIEW_PRIVACY_POLICY&featureNames=VIEW_RESPONSIBLE_GAMING_POLICY&featureNames=VIEW_SELF_EXCLUSION_POLICY&featureNames=VIEW_TERMS_AND_CONDITIONS&featureNames=VIEW_UNDERAGE_GAMING_POLICY&featureNames=VIEW_APB_POLICY&featureNames=VIEW_AML_POLICY&featureNames=VIEW_GAME_STATISTICS&featureNames=VIEW_FAIRNESS_POLICY&featureNames=VIEW_BLOG&featureNames=ADWISE_INTEGRATION&featureNames=HIDE_CASHIER_WITHDRAWAL_METHODS_FOR_NON_DEPOSIT_PLAYER&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=CASHIER_INPUT_RANGE&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=NOMINATION_POP_UP&featureNames=PLAY_WITH_BONUS_BLOCK&featureNames=TOKEN_PAGE&featureNames=PLAYER_PUBLIC_STATISTIC | 172.66.40.68 | | 33 kB |
URL fairspin.io/api/v1/player/initial-data?featureNames=LOYALTY_PROGRAM&featureNames=TOURNAMENTS&featureNames=MINI_GAME_WHEEL_OF_FORTUNE&featureNames=TRUE_SIGN&featureNames=FAST_TRACK_INTEGRATION&featureNames=FAST_TRACK_INBOX&featureNames=PLAYER_TRANSACTIONS_TAB&featureNames=AWARDS_BLOCK&featureNames=HORIZONTAL_MENU&featureNames=SIDE_MENU_PROMOTIONS&featureNames=FAQ_BLOC&featureNames=VIEW_KYC_POLICY&featureNames=VIEW_PRIVACY_POLICY&featureNames=VIEW_RESPONSIBLE_GAMING_POLICY&featureNames=VIEW_SELF_EXCLUSION_POLICY&featureNames=VIEW_TERMS_AND_CONDITIONS&featureNames=VIEW_UNDERAGE_GAMING_POLICY&featureNames=VIEW_APB_POLICY&featureNames=VIEW_AML_POLICY&featureNames=VIEW_GAME_STATISTICS&featureNames=VIEW_FAIRNESS_POLICY&featureNames=VIEW_BLOG&featureNames=ADWISE_INTEGRATION&featureNames=HIDE_CASHIER_WITHDRAWAL_METHODS_FOR_NON_DEPOSIT_PLAYER&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=CASHIER_INPUT_RANGE&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=NOMINATION_POP_UP&featureNames=PLAY_WITH_BONUS_BLOCK&featureNames=TOKEN_PAGE&featureNames=PLAYER_PUBLIC_STATISTIC IP172.66.40.68:0
File typegzip compressed data, from Unix Hasha77ad55ccdffd910fefa7754f58b9f06 34a3f31f65d8d9bb91ba47ca5b985d45db1e0a64 d505e2a562af4e387c4150fa9b9dee2bb99a91d7e26ab0307a6b33b8e22d3540
GET /api/v1/player/initial-data?featureNames=LOYALTY_PROGRAM&featureNames=TOURNAMENTS&featureNames=MINI_GAME_WHEEL_OF_FORTUNE&featureNames=TRUE_SIGN&featureNames=FAST_TRACK_INTEGRATION&featureNames=FAST_TRACK_INBOX&featureNames=PLAYER_TRANSACTIONS_TAB&featureNames=AWARDS_BLOCK&featureNames=HORIZONTAL_MENU&featureNames=SIDE_MENU_PROMOTIONS&featureNames=FAQ_BLOC&featureNames=VIEW_KYC_POLICY&featureNames=VIEW_PRIVACY_POLICY&featureNames=VIEW_RESPONSIBLE_GAMING_POLICY&featureNames=VIEW_SELF_EXCLUSION_POLICY&featureNames=VIEW_TERMS_AND_CONDITIONS&featureNames=VIEW_UNDERAGE_GAMING_POLICY&featureNames=VIEW_APB_POLICY&featureNames=VIEW_AML_POLICY&featureNames=VIEW_GAME_STATISTICS&featureNames=VIEW_FAIRNESS_POLICY&featureNames=VIEW_BLOG&featureNames=ADWISE_INTEGRATION&featureNames=HIDE_CASHIER_WITHDRAWAL_METHODS_FOR_NON_DEPOSIT_PLAYER&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=CASHIER_INPUT_RANGE&featureNames=SPORT_BETTING_SDK_INTEGRATION_ENABLED&featureNames=NOMINATION_POP_UP&featureNames=PLAY_WITH_BONUS_BLOCK&featureNames=TOKEN_PAGE&featureNames=PLAYER_PUBLIC_STATISTIC HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
sentry-trace: da7655514c0647d4831d13843095bc1a-b3501f48e506c372-0
baggage: sentry-environment=production,sentry-public_key=5315aeed78a34f3289e80890caa88744,sentry-trace_id=da7655514c0647d4831d13843095bc1a,sentry-sample_rate=0.2,sentry-sampled=false
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:43 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
set-cookie: XSRF-TOKEN=c99b5058-9e82-4058-8586-b2acc4abfa28; Path=/; Secure
activeLanguage=en; Expires=Mon, 03-Jun-2024 10:09:43 GMT; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87e7b265cab7b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/static/fonts/Stolzl-Regular.woff2 | 172.66.40.68 | 200 OK | 26 kB |
URL GET HTTP/2fairspin.io/static/fonts/Stolzl-Regular.woff2 IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 26044, version 1.0 Hasha32cf5a5fc78e97a756aa8d31c4654c9 69a586806e28d1c51f40dbb53aa25cdcd4556d4d 51209645f9cf3a1a54e71b9e1960452171af6e7509d3bff79742d66a9a1bc38e
GET /static/fonts/Stolzl-Regular.woff2 HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/static/font.css
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:44 GMT
content-type: font/woff2
content-length: 26044
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:11 GMT
etag: W/"65bc-18f0f842a98"
cf-cache-status: EXPIRED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b26b192bb4fd-OSL
X-Firefox-Spdy: h2
|
|
| fairspin.io/cdn-cgi/challenge-platform/h/g/jsd/r/87e7b24cac94b4fd | 172.66.40.68 | 200 OK | 0 B |
URL POST HTTP/2fairspin.io/cdn-cgi/challenge-platform/h/g/jsd/r/87e7b24cac94b4fd IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/g/jsd/r/87e7b24cac94b4fd HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12479
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:44 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=AFhlnB_Uc5EfKTyihqoqGS0lNAJwQottfMvElCUPaNU-1714817384-1.0.1.1-okj6PZPiyfP8BuhuoqreRc09.Ws79.F6EPh_IbYYUyhwrJkl12uuSRX98HY4azXqgOPWJg8.zDPUFTDq4Ovznw; path=/; expires=Sun, 04-May-25 10:09:44 GMT; domain=.fairspin.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87e7b26e5d38b4fd-OSL
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-T5SMJ4G | 142.250.74.168 | | 76 kB |
URL www.googletagmanager.com/gtm.js?id=GTM-T5SMJ4G IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (6049) Hashadca67e4f309e9979d5c982c61b90f82 707cf0aca4a9c224c51a60923af3126dd95663c9 36a5b977821ae03c5e50ee8c7150b73570cb404b2b2c0347a7badd36febbdcad
GET /gtm.js?id=GTM-T5SMJ4G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:45 GMT
expires: Sat, 04 May 2024 10:09:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76462
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fairspin.io/css/views/documents/aml.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 1.2 kB |
URL GET HTTP/2fairspin.io/css/views/documents/aml.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (5282), with no line terminators Hash22556a4ad8e454b4ab67e960ed285a86 9ef26f4eee7e625007f25d7d2c3d56368a5b6c17 7ddea04bf852086002aaffc70c49c443bf22ab7a1bfc6cf7d2956e6be462be8f
GET /css/views/documents/aml.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"14a2-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25c0f16b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= | 52.57.19.141 | | 95 kB |
URL smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= IP52.57.19.141:0
Hash25927420adc1764aa54848bd1be7322e 499c1554862b2cddf22a18232fea830ba3dacb62 4e38b64f81b5905509c9c584e0484bb03a1ae7ed955461258b39d88a70331dc6
GET /r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onclink.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.24.0
cache-control: no-cache, private
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/sprite-critical-v13.svg | 143.204.42.42 | | 22 kB |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/sprite-critical-v13.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hash590294a544191d931fb3167ed53ddcd0 51e78b43d78902da8b95f5408b60f99297abfa03 64a38afb7f1b8112b3ea692e2a3504e8c0240ae0428bd0001223362535dd97a6
GET /fairspin/base/sprite-critical-v13.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
date: Fri, 03 May 2024 20:52:32 GMT
last-modified: Mon, 22 Apr 2024 07:11:29 GMT
etag: W/"b57aacb8738671e383d9f38f167db747"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JQQwDzMqtXei-vMU799pWZezjBDQJF7S5tUc3LyMc0Qt9lXyoOUT2A==
age: 47835
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg | 143.204.42.42 | | 817 B |
URL d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashc2c3cadcc5b107aaaee8df05b7811921 a14a45989222a601d7968ce21d57339b09a9a9a1 88169c656c516ac6374fe2a7988e103f6eb99db165ce6478aa68ce1b74e67ba9
GET /static/langs/en.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 817
last-modified: Thu, 13 Apr 2023 09:36:21 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:02:02 GMT
cache-control: max-age=600, must-revalidate
etag: "c2c3cadcc5b107aaaee8df05b7811921"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: G3D_uNEfzKqTvH7zqZl64h-9cfhh7WbWnRbAQp6CwkUPVkwoPKUFPA==
age: 465
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/index.f2531364.js?01e3bc1fef3b160d | 172.66.40.68 | | 9.1 kB |
URL fairspin.io/js/index.f2531364.js?01e3bc1fef3b160d IP172.66.40.68:0
File typegzip compressed data, from Unix Hashb72ce89378099b30b87af591eb99b935 e9518f174b1e9d5bd4f70e6fae74c273c4eccad6 f5d6a67cf0c0d12cd895707208fd14a1808ca2923639e19ba1f020d9fda9b67d
GET /js/index.f2531364.js?01e3bc1fef3b160d HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"1ca6-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25b2df3b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js | 172.66.40.68 | | 30 kB |
URL fairspin.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js IP172.66.40.68:0
File typeJavaScript source, ASCII text, with very long lines (7852), with no line terminators Hashec79deef82f166c6c1142142d0d60eb4 044c6860745e8f8d686d1d36c3d1a3100d88c7fb ac5c6219c3a816c6f4fc9682e477d6a706d4581418784354a3b92bd3bb0ef1de
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:44 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=14400, public
server: cloudflare
cf-ray: 87e7b26b2938b4fd-OSL
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-T5SMJ4G | 142.250.74.168 | | 76 kB |
URL www.googletagmanager.com/gtm.js?id=GTM-T5SMJ4G IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (6049) Hashe38039cfa89a85ec627997928350c473 a2f1a36e34ff17572e1a4c78becad278f9b520be dabdffb48a36c54b7335442d6c5ae06d9a906d8d7e50eb54a35ec6c64411ec73
GET /gtm.js?id=GTM-T5SMJ4G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:09:48 GMT
expires: Sat, 04 May 2024 10:09:48 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76415
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fairspin.io/js/package/base/slider.8c12a76c.js | 172.66.40.68 | | 20 kB |
URL fairspin.io/js/package/base/slider.8c12a76c.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hash365ea6bd8768104506109791d2ec924c 493793ea64fd14b18cf890c315272464b99ba33c 139b8e5d27f3968846dd5aae15f19d9744ecd46c94d31c2c5f80849e3e0735e7
GET /js/package/base/slider.8c12a76c.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:46 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"105c-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b27a8c8bb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/package/views/auth.e1ad0a9e.js | 172.66.40.68 | | 50 kB |
URL fairspin.io/js/package/views/auth.e1ad0a9e.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hash18ac7bde164d1575c48f146e9696e9fd 8c93711f83f3a12719c7b5ca1c19a8feb2f41820 ffe4b45e887f6edbbdabe45051de13e4f5a71f5043f82a12072d29f7fa125fce
GET /js/package/views/auth.e1ad0a9e.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:46 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"1fc7f-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b277e8b6b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/api/v1/configuration/auth | 172.66.40.68 | | 92 kB |
URL fairspin.io/api/v1/configuration/auth IP172.66.40.68:0
File typegzip compressed data, from Unix Hashcf32a63228d1e627137575bc9bf8e9dc 6dabb2b5407871497740c4dea21cccf108ba6bd0 af0d8560c0018e9620473f6778cb527a66850581e6811fdfae719167419cc908
GET /api/v1/configuration/auth HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
sentry-trace: fecd911c751e46e1b172bf75fc072c0a-a85249771bb034a6-0
baggage: sentry-environment=production,sentry-public_key=5315aeed78a34f3289e80890caa88744,sentry-trace_id=fecd911c751e46e1b172bf75fc072c0a,sentry-sample_rate=0.2,sentry-transaction=home,sentry-sampled=false
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:50 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
set-cookie: XSRF-TOKEN=ab6feb1a-f0fb-4687-a5a9-70e0eb3d27c3; Path=/; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87e7b28f4f00b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| track-us.byte-builders.net/pixel/js?auth=dzy1az&event=visit | 88.214.195.96 | 200 OK | 422 B |
URL GET HTTP/1.1track-us.byte-builders.net/pixel/js?auth=dzy1az&event=visit IP88.214.195.96:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerGlobalSign nv-sa Subject*.byte-builders.net Fingerprint6F:B4:9C:42:54:FC:D7:2A:62:1E:E5:FB:CD:C9:09:F7:FA:EE:2B:90 ValidityFri, 17 Nov 2023 08:37:05 GMT - Tue, 17 Dec 2024 12:20:06 GMT
File typeJavaScript source, ASCII text Hash8cf1f6bafae5577c5971af5c35e8df0a f4eaea5079840cada8c76b636df054a4d014c635 7c33d46b37d0676d1cf9cdf00d4b26ab840fd38b9a560078aacd6828250c979b
GET /pixel/js?auth=dzy1az&event=visit HTTP/1.1
Host: track-us.byte-builders.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 04 May 2024 10:09:50 GMT
Content-Type: text/javascript
Content-Length: 422
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Access-Control-Allow-Origin: *
|
|
| fairspin.io/js/package/views/auth.e1ad0a9e.js | 172.66.40.68 | | 28 kB |
URL fairspin.io/js/package/views/auth.e1ad0a9e.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hash8e18dddf7820188edfe5da685ae3682e 40ea99216c23ea43040c001bfe7d8a45d30d4b30 0c13c18fbdd2a9ad319a4ee1b40fd56ac0da9d96ae888ea645dd9360b50944fd
GET /js/package/views/auth.e1ad0a9e.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:50 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"1fc7f-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b29189cab4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg | 143.204.42.42 | | 817 B |
URL d1rc9ikfnf4p5a.cloudfront.net/static/langs/en.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashc2c3cadcc5b107aaaee8df05b7811921 a14a45989222a601d7968ce21d57339b09a9a9a1 88169c656c516ac6374fe2a7988e103f6eb99db165ce6478aa68ce1b74e67ba9
GET /static/langs/en.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 817
last-modified: Thu, 13 Apr 2023 09:36:21 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:02:02 GMT
cache-control: max-age=600, must-revalidate
etag: "c2c3cadcc5b107aaaee8df05b7811921"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P2how4nFL6avM_WINYjbRuk_ql0NbrzUNbEM29HdIAvFjhD7nQB2tQ==
age: 469
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/package/base/slider.8c12a76c.js | 172.66.40.68 | | 1.8 kB |
URL fairspin.io/js/package/base/slider.8c12a76c.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hash12a754e3fc295ee23f088b60394f6278 9accbd06eba8327eda2d34674af546e03a643113 2b564808584c83cda4ffe0020258bc3735037725d5e44be3d25574768a838509
GET /js/package/base/slider.8c12a76c.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:50 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"105c-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b293ecf3b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/static/font.css | 172.66.40.68 | | 1.4 kB |
URL fairspin.io/static/font.css IP172.66.40.68:0
File typegzip compressed data, from Unix Hashc3a157cc053552afa220d421d33e2339 beb4217324411b7897c2c1d850b8cb543cef96fe 5614470473d618c516792cc54e7ea3e19ceb58bff14f387f51d72455823c0049
GET /static/font.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:11 GMT
etag: W/"4e9-18f0f842a98"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25aad5fb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| onclink.org/in/p/?spot_id=547780&cat=25&sub_id=1446709922&campaign=1358562&country=no&area=465513_ | 109.206.163.116 | | 599 kB |
URL onclink.org/in/p/?spot_id=547780&cat=25&sub_id=1446709922&campaign=1358562&country=no&area=465513_ IP109.206.163.116:0
File typegzip compressed data, from Unix Size599 kB (598604 bytes) Hash87768f01170acf1e04a2eb578024d0c0 1ebdd2e1246b47d95d8600bb2a1ede49b1cb9a1d 657d2c52e847e2f6ca9b36ca3c759b1d660556bdd56257ff7f3bfef21b235c9f
GET /in/p/?spot_id=547780&cat=25&sub_id=1446709922&campaign=1358562&country=no&area=465513_ HTTP/1.1
Host: onclink.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tads.stravaganz.com/
DNT: 1
Connection: keep-alive
Cookie: 1095.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 10:09:36 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Sun, 05 May 2024 10:09:36 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize-more.svg | 143.204.42.42 | | 831 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize-more.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hash9e7aeb7b45428c23acc10204c9c3f75c 907ad41707d833813dc1744efd6a6bf09ba504dc a5dadbaca9e298ac441e0ea09d9712724d6e635fff5dedcb81954ecc24612e91
GET /fairspin/views/tourney/prize-more.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 13 Apr 2023 09:28:30 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 10:07:11 GMT
cache-control: max-age=600, must-revalidate
etag: W/"700491ce1f2530b685deb915f98f2340"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UyvDoaOfSHroVW_yDpTN305OkUK9pUsy1K-XzUGGu7Tx2XTIn59BqQ==
age: 161
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/hot.svg | 143.204.42.42 | | 586 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/hot.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash3f7f6897ea4f9bf240d417d807c82eea 3c04992a5d957b0e4c28e8bf37a1603d8ad71eee 089f9f6f94cace6759759899acff6309b4aed264044ad7ff5315c5dacd2c46af
GET /fairspin/game/card/hot.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 586
date: Fri, 03 May 2024 20:52:40 GMT
last-modified: Sat, 24 Jun 2023 10:40:49 GMT
etag: "3f7f6897ea4f9bf240d417d807c82eea"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0B1XyidL5hSh_D_7S78wJh5fyTGtDqZf6BfTOeOyZ54lA3OkRYMy4g==
age: 47834
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-left.svg | 143.204.42.42 | | 539 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/base/chevron-left.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashf2047a57488852a7d3ecdc6ba997c440 687cea91cf782bfc28718d16a67fde6102f01002 8b40630fca0b7533aa265a54e073640708f53ea4786694ef3feba940412d2cd3
GET /fairspin/base/chevron-left.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 539
date: Fri, 03 May 2024 18:45:24 GMT
last-modified: Mon, 04 Dec 2023 16:35:13 GMT
etag: "f2047a57488852a7d3ecdc6ba997c440"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mcFdnp9vebkQAniWUn7YDhra_g6vC7iQ3sNgthb7td-ZHPe73-wgmg==
age: 55470
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/views/home.72a7f0d0.js | 172.66.40.68 | | 11 kB |
URL fairspin.io/js/views/home.72a7f0d0.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hash52797785f5348f2feca0245152111983 35dd0bf5691e01aaa9d9dd017d6192c6a4fcff13 2b0e1b258872a119a0a199429c7010f6611618e6f7e416f327ce5c83aaf5a706
GET /js/views/home.72a7f0d0.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:48 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"7e74-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2832fe0b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/9908.71c54c61.js | 172.66.40.68 | | 5.9 kB |
URL fairspin.io/js/9908.71c54c61.js IP172.66.40.68:0
File typegzip compressed data, from Unix Hashea96a3ab3a6350fa1f406473b3057e85 ed2a61b4d89c057e35b2a459ce688ca2e7e089fe ad756a31bf80ab3cbd143beee74ceba5a6b53f23642cee6ca88f0f35ac53aeb3
GET /js/9908.71c54c61.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:54 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"5c39-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2aa98e4b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/diamond.png | 52.57.19.141 | | 246 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/slots/diamond.png IP52.57.19.141:0
File typegzip compressed data, from Unix Size246 kB (246110 bytes) Hash8b2416d1beb9db7871552f0fd58afcca e365d14309d81295771476ce3114a7b95c0287e3 ac6c3a8bcb0e8b5d02b2743b5e80d21fb4e409cb8af255fe1ceaac0412e2d718
GET /uploads/landings/3-screens-slot-6514839815026/img/slots/diamond.png HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/png
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-ecf"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| track-us.byte-builders.net/pixel?auth=dzy1az&event=visit&site=fairspin.io&ln=en-US | 88.214.195.96 | | 0 B |
URL track-us.byte-builders.net/pixel?auth=dzy1az&event=visit&site=fairspin.io&ln=en-US IP88.214.195.96:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?auth=dzy1az&event=visit&site=fairspin.io&ln=en-US HTTP/1.1
Host: track-us.byte-builders.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 04 May 2024 10:09:55 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Access-Control-Allow-Origin: *
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/bookmark.svg | 143.204.42.42 | | 331 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/bookmark.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash274efca7ed09c4cd1a293cbb35085341 40f64af6f83dd993361c743285fcbefa885c9b74 9d48e862cc05ede7f9acb7cbfe61db13a98ca84a740ce02d14abeb2e9e216639
GET /fairspin/game/card/bookmark.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 331
date: Fri, 03 May 2024 20:52:40 GMT
last-modified: Sat, 24 Jun 2023 10:40:48 GMT
etag: "274efca7ed09c4cd1a293cbb35085341"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nGG98Tk_nu_AYkSnMATmaTF1MoMGF5fV1jPtdyzriIF9NHSnvR0iig==
age: 47837
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/hot.svg | 143.204.42.42 | | 586 B |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/game/card/hot.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash3f7f6897ea4f9bf240d417d807c82eea 3c04992a5d957b0e4c28e8bf37a1603d8ad71eee 089f9f6f94cace6759759899acff6309b4aed264044ad7ff5315c5dacd2c46af
GET /fairspin/game/card/hot.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 586
date: Fri, 03 May 2024 20:52:40 GMT
last-modified: Sat, 24 Jun 2023 10:40:49 GMT
etag: "3f7f6897ea4f9bf240d417d807c82eea"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6C_Guu2zSn7TqPagdLA9U9zX65Bi1t9q4QSplGQvXE_ztRvy1demjg==
age: 47837
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.svg | 52.57.19.141 | | 821 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.svg IP52.57.19.141:0
File typeSVG Scalable Vector Graphics image Size821 kB (821040 bytes) Hasha55f8ba0e82a710ed31830db9d10283b f0b0873b0f5216afe46d7cdbde24abf428392cb3 2244faf4dbb625d9bfa30de25c55c9353400c1d15ce3865a5f6b97ec8eacb903
GET /uploads/landings/3-screens-slot-6514839815026/img/vantages/transactions.svg HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:38 GMT
content-type: image/svg+xml
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:40 GMT
etag: W/"65e6d7f4-1ed79"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize-more.svg | 143.204.42.42 | | 14 kB |
URL d1rc9ikfnf4p5a.cloudfront.net/fairspin/views/tourney/prize-more.svg IP143.204.42.42:0
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash9882c6cc58e26103de59a2e03ac66e8f 0bbf53ea9d851d440553b7dbc463616080156913 fc8af71723c49866ad93a0c6ff6fccdf18e8ba641476cb88a202a3123a848d55
GET /fairspin/views/tourney/prize-more.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 13 Apr 2023 09:28:30 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 04 May 2024 10:07:11 GMT
cache-control: max-age=600, must-revalidate
etag: W/"700491ce1f2530b685deb915f98f2340"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8u3NhRhlsxViBTsDCy8z3GxJNFTKckBUOqMhUt8-8RWkL-7dofJoLQ==
age: 165
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?v=3&t=l&pid=727559769&rv=4510&u=AAAAggAIAAAAAIA&ut=AAAAAQ&h=Ag>m=45je4510v9101764082za200&ccid=101764082&cid=G-RSXFCSM4F3&l=L5772.S85.B76.E7524.I3878.EC7.TC14.HTC0~gtm.init.S1.V1.E7518.TS5ogtcrossdomain.TI22.TE9.TS5ogt1pdatav2.TI24.TE3.TS5ccdgalast.TI25.TE1.TS5ccdautoredact.TI26.TE1.TS5ccdadd1pdata.TI27.TE1.TS5ccdadd1pdata.TI28.TE1.TS5ogteventcreate.TI29.TE1.TS5ccdconversionmarking.TI30.TE1.TS5ccdgaregscope.TI31.TE1.TS5ogtgooglesignals.TI32.TE1.TS5setproductsettings.TI33.TE0.TS5ogtgadatatos.TI34.TE1.TS5ccdgafirst.TI35.TE1~gtm.js.S0.V0.E7493.TS5gct.TI13.TE1~*.S1.V0.E7225~*.S0.V0.E7223~gtm.dom.S1.V0.E950~gtm.load.S0.V0.E98~gtm.init_consent.S2.V0.E7292 | 142.250.74.168 | | 0 B |
URL www.googletagmanager.com/a?v=3&t=l&pid=727559769&rv=4510&u=AAAAggAIAAAAAIA&ut=AAAAAQ&h=Ag>m=45je4510v9101764082za200&ccid=101764082&cid=G-RSXFCSM4F3&l=L5772.S85.B76.E7524.I3878.EC7.TC14.HTC0~gtm.init.S1.V1.E7518.TS5ogtcrossdomain.TI22.TE9.TS5ogt1pdatav2.TI24.TE3.TS5ccdgalast.TI25.TE1.TS5ccdautoredact.TI26.TE1.TS5ccdadd1pdata.TI27.TE1.TS5ccdadd1pdata.TI28.TE1.TS5ogteventcreate.TI29.TE1.TS5ccdconversionmarking.TI30.TE1.TS5ccdgaregscope.TI31.TE1.TS5ogtgooglesignals.TI32.TE1.TS5setproductsettings.TI33.TE0.TS5ogtgadatatos.TI34.TE1.TS5ccdgafirst.TI35.TE1~gtm.js.S0.V0.E7493.TS5gct.TI13.TE1~*.S1.V0.E7225~*.S0.V0.E7223~gtm.dom.S1.V0.E950~gtm.load.S0.V0.E98~gtm.init_consent.S2.V0.E7292 IP142.250.74.168:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?v=3&t=l&pid=727559769&rv=4510&u=AAAAggAIAAAAAIA&ut=AAAAAQ&h=Ag>m=45je4510v9101764082za200&ccid=101764082&cid=G-RSXFCSM4F3&l=L5772.S85.B76.E7524.I3878.EC7.TC14.HTC0~gtm.init.S1.V1.E7518.TS5ogtcrossdomain.TI22.TE9.TS5ogt1pdatav2.TI24.TE3.TS5ccdgalast.TI25.TE1.TS5ccdautoredact.TI26.TE1.TS5ccdadd1pdata.TI27.TE1.TS5ccdadd1pdata.TI28.TE1.TS5ogteventcreate.TI29.TE1.TS5ccdconversionmarking.TI30.TE1.TS5ccdgaregscope.TI31.TE1.TS5ogtgooglesignals.TI32.TE1.TS5setproductsettings.TI33.TE0.TS5ogtgadatatos.TI34.TE1.TS5ccdgafirst.TI35.TE1~gtm.js.S0.V0.E7493.TS5gct.TI13.TE1~*.S1.V0.E7225~*.S0.V0.E7223~gtm.dom.S1.V0.E950~gtm.load.S0.V0.E98~gtm.init_consent.S2.V0.E7292 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:57 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| api.fstournament.com/api/client/v1/retargeting-configurations?platformCode=fairspin | 18.197.41.140 | | 18 kB |
URL api.fstournament.com/api/client/v1/retargeting-configurations?platformCode=fairspin IP18.197.41.140:0
Hash60c4f777e4131bdf88440ed891249a55 5c2367745fe42991245546770135d94e0f8f02de 01d30dd23b26373a4908541b6b92f463a9eb6f87d37f1153abfccfb6b34c5b40
GET /api/client/v1/retargeting-configurations?platformCode=fairspin HTTP/1.1
Host: api.fstournament.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:51 GMT
content-type: application/json
server: nginx/1.21.6
cache-control: no-cache, private
x-request-id: 1ef09fe7-2403-64c0-962f-62531bfed04d
access-control-allow-origin: https://fairspin.io
access-control-allow-credentials: true
access-control-expose-headers: link
X-Firefox-Spdy: h2
|
|
| fairspin.io/api/ws/847/1drpnis2/websocket | 172.66.40.68 | | 0 B |
URL fairspin.io/api/ws/847/1drpnis2/websocket IP172.66.40.68:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/ws/847/1drpnis2/websocket HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://fairspin.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +IyjI7/N0beUcmo1JPNM8A==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 04 May 2024 10:09:58 GMT
Connection: upgrade
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Set-Cookie: XSRF-TOKEN=11b94d37-162e-40f9-b2b4-12148ef9d8b0; Path=/; Secure
Upgrade: websocket
Sec-WebSocket-Accept: EaCmV367krOFqn0oa5MfDti+7QE=
Sec-WebSocket-Extensions: permessage-deflate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87e7b2c1d9ff1c0a-OSL
|
|
| fairspin.io/css/package/base/form/phone.01e3bc1fef3b160d.css | 172.66.40.68 | | 6.5 kB |
URL fairspin.io/css/package/base/form/phone.01e3bc1fef3b160d.css IP172.66.40.68:0
File typegzip compressed data, from Unix Hashdd4469a2184e62434172394c1ab92a67 e113ed7fdb11d0644d6b04d8c02b3c5584d10b7b 1c133f621d92720312491977f866ba6aa9317af08e51638b6a236904d6db312e
GET /css/package/base/form/phone.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"1c3-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25b7e32b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| o4504605226893312.ingest.sentry.io/api/4504637998104576/envelope/?sentry_key=5315aeed78a34f3289e80890caa88744&sentry_version=7&sentry_client=sentry.javascript.vue%2F7.100.1 | 34.120.195.249 | | 589 B |
URL o4504605226893312.ingest.sentry.io/api/4504637998104576/envelope/?sentry_key=5315aeed78a34f3289e80890caa88744&sentry_version=7&sentry_client=sentry.javascript.vue%2F7.100.1 IP34.120.195.249:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
Hash478b411c59eb87249bea32cf7c7be5d2 023907c62eb55758905bb3c0e640b5b204ae0652 bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
POST /api/4504637998104576/envelope/?sentry_key=5315aeed78a34f3289e80890caa88744&sentry_version=7&sentry_client=sentry.javascript.vue%2F7.100.1 HTTP/1.1
Host: o4504605226893312.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fairspin.io/
Content-Type: text/plain;charset=UTF-8
Content-Length: 64399
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 429 Too Many Requests
server: nginx
date: Sat, 04 May 2024 10:09:58 GMT
content-type: application/json
retry-after: 60
x-sentry-rate-limits: 60:transaction;profile:organization:transaction_usage_exceeded
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js | 52.57.19.141 | | 155 kB |
URL smarttds.cloud/uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js IP52.57.19.141:0
File typeJavaScript source, ASCII text, with very long lines (37997) Size155 kB (155087 bytes) Hash27036f2cc0a481620a8def650b272252 e08ceca8904ce779eb85535d6be53407500bee99 2d74371c50345920b352c6e177d1bc4e8bed82ab0337c5c01cc89c1cf611500c
GET /uploads/landings/3-screens-slot-6514839815026/assets/index-3642a04c.js HTTP/1.1
Host: smarttds.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/r/EJgj?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:37 GMT
content-type: application/javascript
server: nginx/1.24.0
last-modified: Tue, 05 Mar 2024 08:29:39 GMT
etag: W/"65e6d7f3-6d190"
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/cdn-cgi/rum? | 172.66.40.68 | | 0 B |
IP172.66.40.68:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 411
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
date: Sat, 04 May 2024 10:10:05 GMT
access-control-allow-origin: https://fairspin.io
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87e7b2eeda6db4fd-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/5880.a1143d00.js | 172.66.40.68 | 200 OK | 3.0 kB |
URL GET HTTP/2fairspin.io/js/5880.a1143d00.js IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hash382b3e02fb67f91281458a0ec76f5fbc 93ed2e4da1082202f08df6b5425aed449c6d258f 4941497d1076b347b7716d111fbb9890ea80fb02a7e73ca452f78979030abcb0
GET /js/5880.a1143d00.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=sS8y8pdefCdan8zeUfUPgIFzJ78YCsvHon833hPSIpk-1714817385-1.0.1.1-3xb2jaxe6w8QK81Yf.As0fjtDa9APHsamhNaPQgA9AMeXqVwOlgPYpJkmfAFHs59mEWxk..NG5zyFJhR1DO_9A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:48 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"259c-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2832fd9b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/base/slider.01e3bc1fef3b160d.css | 172.66.40.68 | | 7.1 kB |
URL fairspin.io/css/package/base/slider.01e3bc1fef3b160d.css IP172.66.40.68:0
File typeASCII text, with very long lines (43601), with no line terminators Hash84ddbef2df8b0041a9b37436cecc78cc 2d9eee920ab587e1d442739ff3e554b3f91337fa ca9ed951d04732b97adecceffce36986832e3bac958ef897853b5035a439a18a
GET /css/package/base/slider.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"5ed-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25b8e3fb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static.addtoany.com/menu/svg/icons/facebook.js | 104.22.71.197 | 200 OK | 429 B |
URL GET HTTP/3static.addtoany.com/menu/svg/icons/facebook.js IP104.22.71.197:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectstatic.addtoany.com Fingerprint5B:74:98:2D:F8:22:DB:0D:4E:74:B7:99:A7:7C:80:F6:CA:1A:8E:CA ValidityTue, 23 Apr 2024 07:56:27 GMT - Mon, 22 Jul 2024 07:56:26 GMT
File typeASCII text, with very long lines (439), with no line terminators Hash874e1638740e061f9fa55eda3180724c 108a7e30fa0f7d50b961845ec970a2745f3c821f d1bf990d09417220fcb615079a569e0a403c75beef0eac536e5976b7751c0370
GET /menu/svg/icons/facebook.js HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://static.addtoany.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 10:09:30 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-bgj: minify
etag: W/"68925fa8e347041c6006837e73c518bc"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHckTjoXuwSZA9lMRraMKCpOd%2BcFmeHjQbSapL4yb3KetBrr648Avto59mqGEa7rRKEbTaGmjlhEiDLjJQJ4bFxx56XnHuU3vt1j%2FPW7upUauuAxcedteBLZWq7%2B%2Fhu3vpTMQC%2BV"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8424
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b2145c629306-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fairspin.io/css/package/views/widget/daily-quest.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 31 kB |
URL GET HTTP/2fairspin.io/css/package/views/widget/daily-quest.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (30707), with no line terminators Hash16aebd736368ea66a87b48f425ede453 ee40a25a2215a2e3d9053683b20ad3b8035a65ec 1d47433fced61bd995aa1f59b7f7cfcccaa5553867eaae7f67f99f6449bfb707
GET /css/package/views/widget/daily-quest.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"77f3-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25bdebab4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.163:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 343380
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/brand/logo-v3-full.svg | 143.204.42.42 | 200 OK | 4.4 kB |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/brand/logo-v3-full.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha5cf5d88b1132facb95438f401658a72 0086c75343fdd214e7f1971582a8abef9c54fee9 1a30070f1b47362d43618fcab1c64a5407d27f39254a58902f417479899b32a0
GET /fairspin/brand/logo-v3-full.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fairspin.io
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
date: Fri, 03 May 2024 18:45:21 GMT
last-modified: Thu, 08 Jun 2023 07:54:56 GMT
etag: W/"ebe49bdd6cd3356436e1c5e5b5140430"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ae8tv0Yatzf89wZA0kkdN5jbrkypGbz_PPalWFIJVrRn2-KeEDT8BA==
age: 55467
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
X-Firefox-Spdy: h2
|
|
| happy-granny.com/thumbs/AA/qp/bA.jpg | 172.67.151.219 | 200 OK | 68 kB |
URL GET HTTP/2happy-granny.com/thumbs/AA/qp/bA.jpg IP172.67.151.219:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerGoogle Trust Services LLC Subjecthappy-granny.com Fingerprint20:1E:A8:F5:1D:E7:E4:0D:AE:D2:C4:CF:B8:6C:B0:F1:83:C4:4E:D5 ValiditySun, 31 Mar 2024 12:31:02 GMT - Sat, 29 Jun 2024 12:31:01 GMT
File typeJPEG image data, baseline, precision 8, 1280x720, components 3 Hasha657eaf03e478ec459ec4625ef9be906 05532e484815dcfd962a35b0fd79f5c6b9a9d5b5 67afc81381faa136205a4c10e10756cec5deacf449e6afbf57bffe71fed73e0c
GET /thumbs/AA/qp/bA.jpg HTTP/1.1
Host: happy-granny.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:34 GMT
content-type: image/jpeg
content-length: 68329
last-modified: Fri, 03 May 2024 16:03:02 GMT
etag: "66350ab6-10ae9"
expires: Mon, 03 Jun 2024 00:25:16 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 35058
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I6U71KX576qs67tixF683uplDRqa0Sj1Q4cerMg20pNzg0PvGDvecsUbctU4IVj81z8GgT7IbfMraT5%2BgILXO4mGp%2FCPTE%2BKfUhhafoDhtYDfzLgCeam9TgWJGyZeCAJGJa4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22bccf056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/sport-game-view.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 257 B |
URL GET HTTP/2fairspin.io/css/sport-game-view.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashff431306107ee16751b75f21f94696ec 3c9a62f9b6588045c31df247a6bd954fb529809c 7fe38fe7e09b250683a172b1be372cec8c38d6d0db8af2f04b73e3968cc938a2
GET /css/sport-game-view.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:42 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"101-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2609c2db4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/260.fed0a840.js | 172.66.40.68 | 200 OK | 83 kB |
URL GET HTTP/2fairspin.io/js/260.fed0a840.js IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3390) Hashc6bd04dc9b1905ced540958350f29790 a85eaf1f928d87bf9385160db21b58394f9fb621 8e10254ad7726aa62384b4c06fbc3a6c40a299d286f2bcfee5108ce1c69757c3
GET /js/260.fed0a840.js HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g; cf_clearance=AFhlnB_Uc5EfKTyihqoqGS0lNAJwQottfMvElCUPaNU-1714817384-1.0.1.1-okj6PZPiyfP8BuhuoqreRc09.Ws79.F6EPh_IbYYUyhwrJkl12uuSRX98HY4azXqgOPWJg8.zDPUFTDq4Ovznw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:45 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"144f1-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2701f48b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 104.18.11.207 | 200 OK | 31 kB |
URL GET HTTP/2maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP104.18.11.207:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:28 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 03/18/2024 12:28:12
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2ab8316fdef76f530c15e660f59a896d
cdn-cache: HIT
cf-cache-status: HIT
age: 323462
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87e7b20b0809b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/icon-caret-down.svg | 143.204.42.42 | 200 OK | 487 B |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/icon-caret-down.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashe7453d922ce15fe5f539aa315d1bbc2e dcbe2108044ba209e4e0db8db5cc61b89b8d7782 441423cc204d85802cb9e50d0ab4b1543cefc1b9f0cbe1a38955fbe8edb42cba
GET /fairspin/icons/icon-caret-down.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 487
last-modified: Thu, 13 Apr 2023 09:28:08 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:02:01 GMT
cache-control: max-age=600, must-revalidate
etag: "881646355259c834de1d3caaad53610a"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: U__KRN7dEl8yzQYgMDolVDrduWnzFSre0u0a2ld3VjNMwLkUgSKlDQ==
age: 470
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/views/widget/daily-quest.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 31 kB |
URL GET HTTP/2fairspin.io/css/package/views/widget/daily-quest.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (30707), with no line terminators Hash16aebd736368ea66a87b48f425ede453 ee40a25a2215a2e3d9053683b20ad3b8035a65ec 1d47433fced61bd995aa1f59b7f7cfcccaa5553867eaae7f67f99f6449bfb707
GET /css/package/views/widget/daily-quest.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:42 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"77f3-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2609c28b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= | 172.66.40.68 | 200 OK | 1.1 MB |
URL GET HTTP/2fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= IP172.66.40.68:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
Size1.1 MB (1077724 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smarttds.cloud/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=fbf6dfa9-3ca0-4840-8054-ac811c9291f5; Path=/
AFFILIATE_TRACK_ID=245864105; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PID_ID=67828; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_1=ubidex; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_2=popup; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_3=cpm; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_4=2024-03; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
AFFILIATE_PARAM_6=""; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
BINOM_CLICK_ID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
UTM_SOURCE=31; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
UTM_MEDIUM=67828; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
UTM_CAMPAIGN=fs_en_pop_visit_gambl_cpm_3_w; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
UTM_TERM=557214; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
UTM_CONTENT=54175; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
REFERER=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
REFERRAL_ID=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
AFFILIATE_HIT_RECORD_ID=27467991; Expires=Thu, 22-May-2092 13:23:46 GMT; Path=/
__cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw; path=/; expires=Sat, 04-May-24 10:39:41 GMT; domain=.fairspin.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87e7b24cac94b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/views/auth.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 20 kB |
URL GET HTTP/2fairspin.io/css/package/views/auth.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (19974), with no line terminators Hashe0958f2742a041df86359b03009dc7ba 3c3cd6fa90f08ff842489fe5ae6786a845a86cce 92f340c7ebad06818412e7fabf63356d3473ab938ee701ae4dc6c346ae0770f0
GET /css/package/views/auth.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"4e06-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25bce9cb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/chunk-common.01e3bc1fef3b160d.css?01e3bc1fef3b160d | 172.66.40.68 | 200 OK | 273 kB |
URL GET HTTP/2fairspin.io/css/chunk-common.01e3bc1fef3b160d.css?01e3bc1fef3b160d IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size273 kB (273429 bytes) Hash82cdbe704a982869e74c1c048bb521a2 adb33f24b4ec7965d20ea173fea3d133abc23574 15c6a56e1e8972f660a3dc818e8ed03c23ad57b27876704981ab1123306c2f09
GET /css/chunk-common.01e3bc1fef3b160d.css?01e3bc1fef3b160d HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"42c15-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25c3f6bb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/views/catalog/filter.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 5.4 kB |
URL GET HTTP/2fairspin.io/css/package/views/catalog/filter.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (5392), with no line terminators Hash7029b634172ed6a15c9b30a3f72f1f3d 587baeee68a8b4ef5fd189ab307bc1ea82edc63c 8ec8b856a3c6424730a58cc1a8999dd7467c896392bbef443c2f3417beee67f9
GET /css/package/views/catalog/filter.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"150e-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25bcea4b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| veepteero.com/?rb=QcQ8NKvSTXPEeXW8EOH_xEDsofYekoE-Y2FldvzSGFceTwLqnfy7bvnsguAc8t2UzeUjnIctQdP8fhJ-UhpTTgkSpGeVa0FOelegOpyk0erhzmWyMbAAbUGu4cknf-k-BX9oyv9StxT4tF53RJJFpcYqmP6CK0gF2X0oIczOzQz7d9-NmzyHiJ2f3g_W-4tHOmqre4qP5RZwNj7EdoK76EtocE2bdw6gt1ghqfERL91P3MzE7azZGl775z7heF5oOQLqHw%3D%3D&request_ab2=0&zoneid=5708417&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=13&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=642b8126-efd2-4695-92c2-0fece439143b&wasm=1&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link | 139.45.197.242 | 200 OK | 2.3 kB |
URL GET HTTP/2veepteero.com/?rb=QcQ8NKvSTXPEeXW8EOH_xEDsofYekoE-Y2FldvzSGFceTwLqnfy7bvnsguAc8t2UzeUjnIctQdP8fhJ-UhpTTgkSpGeVa0FOelegOpyk0erhzmWyMbAAbUGu4cknf-k-BX9oyv9StxT4tF53RJJFpcYqmP6CK0gF2X0oIczOzQz7d9-NmzyHiJ2f3g_W-4tHOmqre4qP5RZwNj7EdoK76EtocE2bdw6gt1ghqfERL91P3MzE7azZGl775z7heF5oOQLqHw%3D%3D&request_ab2=0&zoneid=5708417&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=13&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=642b8126-efd2-4695-92c2-0fece439143b&wasm=1&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link IP139.45.197.242:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectveepteero.com Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91 ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2337), with no line terminators Hash04f26619638e2936052fd2682e02c78b b384010fa61ed61c0d7f1597c890438fa333c49a db8540ab182453360fa880e3d51b1ee5d9cb5e2423ba6276054d6b45bedce1c0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?rb=QcQ8NKvSTXPEeXW8EOH_xEDsofYekoE-Y2FldvzSGFceTwLqnfy7bvnsguAc8t2UzeUjnIctQdP8fhJ-UhpTTgkSpGeVa0FOelegOpyk0erhzmWyMbAAbUGu4cknf-k-BX9oyv9StxT4tF53RJJFpcYqmP6CK0gF2X0oIczOzQz7d9-NmzyHiJ2f3g_W-4tHOmqre4qP5RZwNj7EdoK76EtocE2bdw6gt1ghqfERL91P3MzE7azZGl775z7heF5oOQLqHw%3D%3D&request_ab2=0&zoneid=5708417&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=13&pl=https%3A%2F%2Fvidezz.net%2Fembed-0m1y3k542y1s.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=642b8126-efd2-4695-92c2-0fece439143b&wasm=1&userId=0080522eb7fc42c4f18c5b84107d6df7&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://videzz.net/
Origin: https://videzz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:32 GMT
content-type: application/json
x-trace-id: f132c2654d9c6ea6d58450df7359fce8
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://videzz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080522eb7fc42c4f18c5b84107d6df7; expires=Sun, 04 May 2025 10:09:32 GMT; path=/; secure; SameSite=None
oaidts=1714817372; expires=Sun, 04 May 2025 10:09:32 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 10:09:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/icon-caret-down.svg | 143.204.42.42 | 200 OK | 487 B |
URL GET HTTP/2d1rc9ikfnf4p5a.cloudfront.net/fairspin/icons/icon-caret-down.svg IP143.204.42.42:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashe7453d922ce15fe5f539aa315d1bbc2e dcbe2108044ba209e4e0db8db5cc61b89b8d7782 441423cc204d85802cb9e50d0ab4b1543cefc1b9f0cbe1a38955fbe8edb42cba
GET /fairspin/icons/icon-caret-down.svg HTTP/1.1
Host: d1rc9ikfnf4p5a.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 487
last-modified: Thu, 13 Apr 2023 09:28:08 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 10:02:01 GMT
cache-control: max-age=600, must-revalidate
etag: "881646355259c834de1d3caaad53610a"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7ULZB2nzfsL0BycT_mUtynTfikanOMQq3pyO9D9Vjo7wG0P_nm4vjg==
age: 466
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| videzz.net/js/footer.static.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 | 78.142.18.54 | 200 OK | 140 kB |
URL GET HTTP/2videzz.net/js/footer.static.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 IP78.142.18.54:443 ASN#208046 ColocationX Ltd.
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectvidezz.net Fingerprint89:44:E3:9D:95:DD:6E:D2:2B:FB:70:64:42:59:D2:BF:B6:36:E7:33 ValidityThu, 02 May 2024 00:27:53 GMT - Wed, 31 Jul 2024 00:27:52 GMT
Size140 kB (140132 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/footer.static.min.js?v=b8dc06aa6195ca0716d0a0c4e3a76e42 HTTP/1.1
Host: videzz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/embed-0m1y3k542y1s.html
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 04 May 2024 10:09:28 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 07:30:38 GMT
vary: Accept-Encoding
etag: W/"662ca99e-22364"
expires: Mon, 03 Jun 2024 10:03:45 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/view-faq.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 2.2 kB |
URL GET HTTP/2fairspin.io/css/view-faq.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (2192), with no line terminators Hash7768bf0f2292f42fc2c2bb40a212bbc9 bc98989d3cb0f3a38f487cbfc8af7d677e36bae8 2038c8cf1d45b25373b68f56577e2dd14609cd591d94ec51e276f7b6cd5faa9c
GET /css/view-faq.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"890-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25bff06b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/views/provider/catalog.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 3.6 kB |
URL GET HTTP/2fairspin.io/css/views/provider/catalog.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (3620), with no line terminators Hash2f8a7dc5537ad9773a2ec6adb5da7f18 882ad781068710e7dc8dd780a4bbc00a74a4b645 3ad5c1032892370f8d54103e7c08f850c09f6ba25772413861edeaa060d0ba5b
GET /css/views/provider/catalog.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"e24-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25c2f44b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/chunk-vendors.01e3bc1fef3b160d.css?01e3bc1fef3b160d | 172.66.40.68 | 200 OK | 223 kB |
URL GET HTTP/2fairspin.io/css/chunk-vendors.01e3bc1fef3b160d.css?01e3bc1fef3b160d IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
Size223 kB (223195 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/chunk-vendors.01e3bc1fef3b160d.css?01e3bc1fef3b160d HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"367db-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25c3f68b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fairspin.io/js/chunk-vendors.c7a67574.js?01e3bc1fef3b160d | 172.66.40.68 | 200 OK | 1.5 MB |
URL GET HTTP/2fairspin.io/js/chunk-vendors.c7a67574.js?01e3bc1fef3b160d IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
Size1.5 MB (1451255 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/chunk-vendors.c7a67574.js?01e3bc1fef3b160d HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864106&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=547780&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=a1ffa233-458c-4e99-a78c-79741ae9e0d0¶m6=
Cookie: __cf_bm=2H1c2tMs2_L_NWeLvjv2urEkwZJMPB.4TjA_QBg0ciw-1714817381-1.0.1.1-i1OAzKG1eyM3ie7ECX1uqiHWEqf93t4yrVRc5Jk68WzO.bM.oybWRjMOd501hO2cJ3pzb1cHPorFn19iAPMS2g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:42 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:06 GMT
etag: W/"1624f7-18f0f841710"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b2607be3b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.itskiddien.club/apu.php?zoneid=5902452&var=5708419 | 139.45.197.236 | 200 OK | 94 kB |
URL GET HTTP/2cdn.itskiddien.club/apu.php?zoneid=5902452&var=5708419 IP139.45.197.236:443
Requested byhttps://videzz.net/embed-0m1y3k542y1s.html CertificateIssuerLet's Encrypt Subjectitskiddien.club FingerprintF8:F5:E1:2A:73:41:2E:21:C2:B1:A0:A3:DE:9D:2D:B2:87:3F:8E:5D ValidityFri, 29 Mar 2024 21:36:27 GMT - Thu, 27 Jun 2024 21:36:26 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash85fb5c1c5709277d03d657888a6a3c18 6de4f8235f477c9b67f16aed019a6860ffedab04 40139993aa19c50a981c8668752c55773172c81dd8374c692c2162685291daf5
GET /apu.php?zoneid=5902452&var=5708419 HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://videzz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:09:32 GMT
content-type: application/javascript
x-trace-id: 3671bd8f306cfe567dc7e39631e2d26a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00805209bd094d4be6b334797d8c1afe; expires=Sun, 04 May 2025 10:09:32 GMT; path=/; secure; SameSite=None
oaidts=1714817372; expires=Sun, 04 May 2025 10:09:32 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| myretrocollection.com/thumbs/AA/rc/5Q.jpg | 172.67.179.31 | 200 OK | 95 kB |
URL GET HTTP/2myretrocollection.com/thumbs/AA/rc/5Q.jpg IP172.67.179.31:443
Requested byhttps://topsites.hadesex.com/?source=140899199&site_id=557214&spot_id=557214 CertificateIssuerLet's Encrypt Subjectmyretrocollection.com FingerprintC1:EB:81:51:C9:EE:A3:94:D8:73:87:A0:C4:3A:69:D8:8A:DD:CB:33 ValiditySun, 10 Mar 2024 08:05:49 GMT - Sat, 08 Jun 2024 08:05:48 GMT
File typeJPEG image data, baseline, precision 8, 960x720, components 3 Hashb39c315b9dd966a4ecf1e036d1074354 c2603211054c12e6d4097863c3386cc59ea55b65 30fb123175d97fcd3fedf093d8e46c5c236c966a20e2c530045c18304c38c8c8
GET /thumbs/AA/rc/5Q.jpg HTTP/1.1
Host: myretrocollection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:33 GMT
content-type: image/jpeg
content-length: 95015
last-modified: Wed, 31 Jan 2024 16:02:30 GMT
etag: "65ba6f16-17327"
expires: Thu, 30 May 2024 20:11:56 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 309457
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqAO1n8ndLzUYqofcodSfpf7gO0UOEzCyoF2v9PONqgNLJEJ0IYUhHjq0WHSFMTOBsPwOYvwBfYlfDcrZ7pgccQdR7xFDJ43QPIi6WqzYHCaizEDjss3iLTOzD%2BK7yagNBewL2X29WQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b22a4a92b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fairspin.io/css/package/game/base.01e3bc1fef3b160d.css | 172.66.40.68 | 200 OK | 9.5 kB |
URL GET HTTP/2fairspin.io/css/package/game/base.01e3bc1fef3b160d.css IP172.66.40.68:443
Requested byhttps://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6= CertificateIssuerCloudflare, Inc. Subjectfairspin.io Fingerprint42:70:33:D5:87:B0:D6:44:11:86:E3:56:64:8B:E2:C7:11:37:26:0F ValidityMon, 26 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT
File typeASCII text, with very long lines (9549), with no line terminators Hash981101dc74af6d4d052933288c27cb24 2b1b93e4a02448f23abb235d7e38719f28794945 852351948e153e3e912885f2784aac96de1ea265548991e0371cf439ebffc4ed
GET /css/package/game/base.01e3bc1fef3b160d.css HTTP/1.1
Host: fairspin.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fairspin.io/?track_id=245864105&pid=67828&geo=3143244&utm_source=31&utm_medium=67828&utm_campaign=fs_en_pop_visit_gambl_cpm_3_w&utm_term=557214&utm_content=54175¶m1=ubidex¶m2=popup¶m3=cpm¶m4=2024-03¶m5=37e2b386-5e10-46e2-a0c0-b267fbe15ac2¶m6=
Cookie: __cf_bm=2g5qhVmpmq_IQLLZ8rE4QGY2BavLVDKrWgFijt9Z7AE-1714817381-1.0.1.1-EJvVuG36tEWosXLBvqGnm7xGx4p0A7aGIdZA49rBIUsYZMPnDVslNHeOHJ2QnSLkO9Kn0JNfz.p_Ab.fVyuEOw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:09:41 GMT
content-type: text/css; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Wed, 24 Apr 2024 09:51:05 GMT
etag: W/"254d-18f0f841328"
cf-cache-status: EXPIRED
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7b25b8e47b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
0.0.0.0