nowlive.me/2/103.html?id=103
45.141.156.196200 OK 9.7 kB URL HTTP/1.1 nowlive.me/2/103.html?id=103
IP 45.141.156.196:0
ASN #30860 Virtual Systems LLC
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (21362), with CRLF line terminators
Hash 037be7f02ba0ad2926e515f0cd53ec63
e3d64c1b56e088171f6b417018afdf7a51f000a6
d9be0ea4a8535cde65a39e78ffaf2198439ec98dc557ce3991d688cd4e8fb3fd
Analyzer Verdict Alert fortinet Phishing
GET /2/103.html?id=103 HTTP/1.1
Host: nowlive.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 17 Jan 2023 06:38:33 GMT
Content-Type: text/html
Last-Modified: Sat, 14 Jan 2023 21:03:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63c318bc-81dd"
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 405f8f149ccdf0005ca0d890c96a9cb4
64de3200cef76133dfad901d6709697d6842405e
3a10790c397a419450ac2c90b941fd20bc49af1dbaeb34678836306de8febfce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A10790C397A419450AC2C90B941FD20BC49AF1DBAEB34678836306DE8FEBFCE"
Last-Modified: Mon, 16 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13780
Expires: Tue, 17 Jan 2023 10:28:14 GMT
Date: Tue, 17 Jan 2023 06:38:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13788
Expires: Tue, 17 Jan 2023 10:28:22 GMT
Date: Tue, 17 Jan 2023 06:38:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 17 Jan 2023 05:49:12 GMT
content-type: application/json
age: 2962
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d6e2abd68203014e8e24d4a9e20e980a
5edbbb1a36083d5077b90b82e7aa10049e90c5d6
88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14332
Expires: Tue, 17 Jan 2023 10:37:26 GMT
Date: Tue, 17 Jan 2023 06:38:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TR1ZS4TGlZ0kfEDLsTDhbrDDaf7owY2lXCsQh2EFxvb4bndy52NoHefluqaUaq5fG3zixGxFKuw=
x-amz-request-id: 5NC1MCGQ81VFQ4FM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 17 Jan 2023 05:44:53 GMT
age: 3221
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
widgets.amung.us/classic.js
172.67.8.141200 OK 6.8 kB URL HTTP/1.1 widgets.amung.us/classic.js
IP 172.67.8.141:0
File type ASCII text, with very long lines (12997), with no line terminators
Hash e6dbc3810ce88a15b6dd7bf36f944fcd
e992835d614158a4762a4cf35a49b42ed5cd2504
1622c30705591416867c1b55975a1bc66a59746216db9e3bcd76339f372d6604
GET /classic.js HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:34 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:48 GMT
etag: W/"63c04134-32c5"
expires: Wed, 18 Jan 2023 06:32:15 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: HIT
Age: 379
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16b86ef3b51d-OSL
releases.flowplayer.org/7.2.6/skin/skin.css
143.204.55.18200 OK 41 kB URL HTTP/2 releases.flowplayer.org/7.2.6/skin/skin.css
IP 143.204.55.18:0
File type Unicode text, UTF-8 text, with very long lines (1263)
Hash 977323326d3b4ab22afa6fe64e5a93cc
0f03e2bef1a1331e5d47f7a07851820241dff652
ce7e9cc6858aeb30a23bc3bf5fee9fd57a339b273ab8b1681bf0dd7a2429505f
GET /7.2.6/skin/skin.css HTTP/1.1
Host: releases.flowplayer.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 40582
last-modified: Tue, 17 Apr 2018 11:12:25 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 16 Jan 2023 18:26:54 GMT
etag: "977323326d3b4ab22afa6fe64e5a93cc"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H7oXrCOaU2NcHMyXq77I0zexm0v5_8okCs5tL3fIyMTQ2033tyodrw==
age: 44032
vary: Origin
X-Firefox-Spdy: h2
nowlive.me/z-2333351
45.141.156.196200 OK 937 B IP 45.141.156.196:0
ASN #30860 Virtual Systems LLC
File type ASCII text, with very long lines (676)
Hash 6c6f2b51298539911295393c3fd99ac4
dd493860ad617905560d1314de8e178cb68e93b4
1076778abbb799c0c014c2d9c6a5c1422505dd059db97257934581c9cf50b35c
Analyzer Verdict Alert fortinet Phishing
GET /z-2333351 HTTP/1.1
Host: nowlive.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/2/103.html?id=103
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 17 Jan 2023 06:38:34 GMT
Content-Type: application/octet-stream
Content-Length: 937
Last-Modified: Tue, 17 Jan 2023 06:17:01 GMT
Connection: keep-alive
ETag: "63c63d5d-3a9"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ee56f3aa7ddc9c39f856f7e68544229f
8ee161b8f318838a73b90b4d4192577876fa38a1
fef46b83b3fe02c6d67e2a3c8a533c0bb2506bee0bf021b81b3c5f192179aa9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6398
Cache-Control: max-age=142384
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:34 GMT
Etag: "63c5b29c-118"
Expires: Wed, 18 Jan 2023 22:11:38 GMT
Last-Modified: Mon, 16 Jan 2023 20:25:00 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:34 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/hls.js/0.9.1/hls.light.min.js
104.17.24.14200 OK 44 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/hls.js/0.9.1/hls.light.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fce4674ec2b3194975f320c81d72bbef
9d14e3fe32cf12ef14644d8a9f0e8adf79381ece
f5b9c83b2898ef194921062cb55a7f0cd7368833e0c5d973eaf3703a9b9944bc
GET /ajax/libs/hls.js/0.9.1/hls.light.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 43486
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e7d-2afb7"
last-modified: Mon, 04 May 2020 16:10:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 23448570
expires: Sun, 07 Jan 2024 06:38:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PyoCtEHpzgCy5sXuOpYLXarqScX5wdlbLQPMEU3Qha52aCByPuMWV2Jn%2FDtEu3HRKfNnw5hLudnROcdhaNY9sY5Vw2S3MYRcO%2FB%2F025CRASjoZZaQ2oPsK%2FclF4iT3tcu1S88v2Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78ad16b8fb4db521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ee56f3aa7ddc9c39f856f7e68544229f
8ee161b8f318838a73b90b4d4192577876fa38a1
fef46b83b3fe02c6d67e2a3c8a533c0bb2506bee0bf021b81b3c5f192179aa9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6398
Cache-Control: max-age=142384
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:34 GMT
Etag: "63c5b29c-118"
Expires: Wed, 18 Jan 2023 22:11:38 GMT
Last-Modified: Mon, 16 Jan 2023 20:25:00 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 17 Jan 2023 06:17:25 GMT
age: 1269
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
relationsquiver.com/21/51/07/21510760b6d533922bc4866e828f0d11.js
173.233.137.36200 OK 21 kB URL HTTP/1.1 relationsquiver.com/21/51/07/21510760b6d533922bc4866e828f0d11.js
IP 173.233.137.36:0
File type HTML document, ASCII text, with very long lines (60160), with no line terminators
Hash b3dca943856af2ed663e83eea47f15fc
80878d5b791f2ee69c49b53391deab9297d161c6
714cee93c837ed726ab6db0d4fe0f3e94c8a6759047119d13a97c19bb985f82e
GET /21/51/07/21510760b6d533922bc4866e828f0d11.js HTTP/1.1
Host: relationsquiver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 17 Jan 2023 06:38:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 711c3d2c7626f725d36b284b021dcae9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3838
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:35 GMT
Last-Modified: Tue, 17 Jan 2023 05:34:37 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
releases.flowplayer.org/7.2.6/skin/icons/flowplayer.woff2
143.204.55.18200 OK 7.9 kB URL HTTP/2 releases.flowplayer.org/7.2.6/skin/icons/flowplayer.woff2
IP 143.204.55.18:0
File type Web Open Font Format (Version 2), TrueType, length 7908, version 1.0\012- data
Hash 73ccb97fd8df0703038a40b00dc8ae5f
541a51bbb2a3c5b77bfc0a0bc5fe8eca0822ebb2
676b7fcb662822833ca633f1e26c68236067f30530dea79dab00be4cd8f9ef9a
GET /7.2.6/skin/icons/flowplayer.woff2 HTTP/1.1
Host: releases.flowplayer.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nowlive.me
Connection: keep-alive
Referer: https://releases.flowplayer.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 7908
date: Tue, 17 Jan 2023 06:33:43 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Tue, 17 Apr 2018 11:12:27 GMT
etag: "73ccb97fd8df0703038a40b00dc8ae5f"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vKB-QMvMB4w3sHgV4mGAIwbOa3QjviX8pgcyTbWMkCAN9vhVAxmM4A==
age: 293
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f637b17cad09977f65d44f5376f6aa67
05ca1dffe88e816364f3e87ae5968e844ce36238
d8303b2db5d756e1991b8374cd21da1bd71011d9bfc0ac3617227209bc988647
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1099
Cache-Control: max-age=149694
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:35 GMT
Etag: "63c5e3de-117"
Expires: Thu, 19 Jan 2023 00:13:29 GMT
Last-Modified: Mon, 16 Jan 2023 23:55:10 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
velocitycdn.com/script/bootstrap.js
172.64.133.10200 OK 33 kB URL HTTP/1.1 velocitycdn.com/script/bootstrap.js
IP 172.64.133.10:0
File type Unicode text, UTF-8 text, with very long lines (37814), with NEL line terminators
Hash e733a9e20e3388e4069c69c23506f68d
c9314ba6cd41036cc77b8bfb497923845540dab4
86b3879193832a6ad687e60cf7974ed0d7db2026f86a9fbd921b23ad6588289b
GET /script/bootstrap.js HTTP/1.1
Host: velocitycdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdsHTs-9ffcjpaplkv1tnkaNtySRGcWLxrgsWY0nYWarMGFtNGheoJvNFpkCjs6HvcvK4lT4Ecf7eo_I7AAPd4Ab39AWye6d
x-goog-generation: 1670939553826085
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 100623
x-goog-hash: crc32c=AsVyBQ==, md5=QW9pKNjz2NZmVavAl7rKAw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Tue, 17 Jan 2023 06:30:12 GMT
Cache-Control: public, max-age=14400
Age: 1882
Last-Modified: Tue, 13 Dec 2022 13:52:33 GMT
ETag: W/"416f6928d8f3d8d66655abc097baca03"
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGd8V3IgcIFHKQcXztrWbzzKmYHYH%2BYmhWYEZThQQ7WSlElCxumgD0s3iblMVA9r0VReNl5YhfHWjHPDNRO3UL%2FDmeZ%2FC2g79QNoBTa7PI6JyCKdMkRkTY4aOozOyF0%2FdDk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16bccf5a7302-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.sjumbotv.me/ads1.htm
45.141.156.196200 OK 399 B IP 45.141.156.196:0
ASN #30860 Virtual Systems LLC
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (457), with CRLF line terminators
Hash 76977efd57f96699948ade728d954a18
a62f154aa368b45b30a07f483490a0aeb38d3805
8b368628772b4108751f382d77d3ad11bd2aa8975b9e2dd28c8303098b96bda1
Analyzer Verdict Alert fortinet Malware
GET /ads1.htm HTTP/1.1
Host: www.sjumbotv.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html
Last-Modified: Sun, 15 Jan 2023 15:39:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63c41e29-2df"
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 8af822322c0c8cca6f4cadfcbf630370
880c56482c0d932446f689f374e760eddcecf751
7f1ef1b04796828b2203cca23b4683eb3e6b1c39058cbcfe1310c984780c69c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112291
Date: Tue, 17 Jan 2023 06:38:35 GMT
Etag: "63c5519a-1d7"
Expires: Wed, 18 Jan 2023 13:50:06 GMT
Last-Modified: Mon, 16 Jan 2023 13:31:06 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Q7Jyyhq1JdMbGGRzEMshcuGPNiCMjAy_NEwlU650dfUgeluT4B8RdQ==
Age: 1140
velocitycdn.com/script/ut.js?cb=1673937515100
172.64.133.10200 OK 24 kB URL HTTP/1.1 velocitycdn.com/script/ut.js?cb=1673937515100
IP 172.64.133.10:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 4b583c9f97bff486ea195ff04918205b
58a2ba18e06eadab8b18561f85671fa6659d0984
a28f0acc634c773a9468e4a5d603a4b997374eda1b44241944a1aea63662c662
GET /script/ut.js?cb=1673937515100 HTTP/1.1
Host: velocitycdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycduakcdFsMvqrae2-NJ2kdJl48zP7BEzn6rMK_H41QZbiX23XUnJHtg2An5I0I6PLkPtrfLHIQ8ChDV-ohVNIZOa
x-goog-generation: 1670939749168345
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 71395
x-goog-hash: crc32c=aFnw8A==, md5=1ZA8yu2VHCgNZ/QYhUjh6Q==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Tue, 17 Jan 2023 07:17:10 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 13 Dec 2022 13:55:49 GMT
ETag: W/"d5903ccaed951c280d67f4188548e1e9"
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BeVEmRc2VpHfUqA3zd0x7VG0uo4kSsnVRiByKWbAbD0iRM%2BQLiGLYqvgVql%2B%2F1GehePgJGyC58Tq%2FOpZLzXap8ay%2BsOeQ%2FYr6OVtveiMHMWcWrrXL08lNV8ZhjT7y2HOEfs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16bd9fcf7302-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1080&rd=1080&fd=714&bv=22.10.v.9&tmpl=70
173.233.139.164200 OK 0 B URL HTTP/1.1 toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1080&rd=1080&fd=714&bv=22.10.v.9&tmpl=70
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1080&rd=1080&fd=714&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: toncooperateapologise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
simplewebanalysis.com/stats
52.28.184.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.184.54:0
File type ASCII text, with no line terminators
Hash b1e7eb2ac55c98ede33b77aa0cb9b553
efdbeb057dd69f436864f42dafffa55b8950421b
bb5b1f66d802af532f4b58b3c6ed11304fcd1c744bd897fea19a7c29a20f21c9
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://nowlive.me
access-control-allow-credentials: true
set-cookie: uid_id2=ebb85662-d09e-4e47-9910-6d104ddbb96a:2:1; expires=Fri, 14 Jan 2033 06:38:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 440952d07125e3606577a3cfd618d406
59ed6821b82d21642743f87d55496d1b083fd559
f4d2eb9067b4418f282438b71d02e8338b17e01a7ad942d4852138501a60cf7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4D2EB9067B4418F282438B71D02E8338B17E01A7AD942D4852138501A60CF7A"
Last-Modified: Sat, 14 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11755
Expires: Tue, 17 Jan 2023 09:54:30 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.58.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.58.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 52xoA+V2VLrmAPYoFoFMmg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: F/FxTip/duT+4I6d3h0JKZOlOJ4=
youradexchange.com/script/suurl4.php?r=2333351&cbur=0.04344899341403252&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=&cbpage=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&cbref=&cbdescription=&cbkeywords=&cbcdn=velocitycdn.com&aggr=0
35.190.41.116200 OK 753 B URL HTTP/1.1 youradexchange.com/script/suurl4.php?r=2333351&cbur=0.04344899341403252&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=&cbpage=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&cbref=&cbdescription=&cbkeywords=&cbcdn=velocitycdn.com&aggr=0
IP 35.190.41.116:0
File type JSON data\012- , ASCII text, with very long lines (929)
Hash 09697ccfa98db3045bd0a2afafac39a6
14b2e175a31684b467083f77b2f2a23a1903446d
cd18ce3c2c3ecaea4376c35ffd2804a7caca94806fd52b0b9bb6d0fb499192d3
GET /script/suurl4.php?r=2333351&cbur=0.04344899341403252&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=&cbpage=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&cbref=&cbdescription=&cbkeywords=&cbcdn=velocitycdn.com&aggr=0 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nowlive.me/
Origin: http://nowlive.me
Connection: keep-alive
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
www.adexchangeguru.com/a/display.php?r=1848595
35.201.126.110200 OK 2.5 kB URL HTTP/1.1 www.adexchangeguru.com/a/display.php?r=1848595
IP 35.201.126.110:0
Hash 864ebba65afc4ab4256c0c281d21a8a3
e3e3b59c4aaac320fc003d2a715daf3065f734aa
3f5ffbc7b9f58353d4e8a95650cbba64ea5cf508c5bdcef89935fdac18d774ae
GET /a/display.php?r=1848595 HTTP/1.1
Host: www.adexchangeguru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sjumbotv.me/
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f528083260dcac6a051dc94d7fb7c60b
2fcfdcdd42505d6c4324cd5a36d3decdc08b222f
5e64a289276aba6f1a215d6201d8de6214804b5db5483bd674ee427b8fbcbd62
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E64A289276ABA6F1A215D6201D8DE6214804B5DB5483BD674EE427B8FBCBD62"
Last-Modified: Mon, 16 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10072
Expires: Tue, 17 Jan 2023 09:26:27 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c8aef562cc7c81bc55f7b54c036e815c
fa73fb7f667dce84ef01c5c1a990cdb7971a2eea
8b694a731f8bcb8a92c3faa17b39ec2255027605b8211d4ce2fc8330208b6508
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 15 Jan 2023 12:04:30 GMT
Expires: Sun, 22 Jan 2023 12:04:29 GMT
Etag: "fa73fb7f667dce84ef01c5c1a990cdb7971a2eea"
Cache-Control: max-age=450953,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ad16be7becb4f1-OSL
witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:35 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=fe7a739c-d408-4c73-aa62-067164a8ce76
Location: https://xml.serving-passthrough.com/click?i=3z-b0c-sYhM_0
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: 2COqAciCnqKDRu6XLhuiIdxcPO_1cf10hwVD4xwNLn50KXPv9gWsLQ==
witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698678&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:35 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=071a7f34-5b4d-42a9-bbc4-b655e0479ac1
Location: https://granorizes.com/ie?v=4&c=CtiP1iqOhHCzeLKkcY-ReskzeE8rk0RVOiLpy0uqBxlrPZAB8rS7S4FFiQ1dwChTi-IudsUC8NGgtoeR4DSjiEDXlmO_FuGMJzb1EKjJzdwfITrTyDz5hvTGPrA6P6rhC3s9FSoEy3tzrFmCVeSqnCaRelt2HwrHvY0kA4OhhIAjHb34m1IDE283TtdJ-EnbXv4PhSl7Fr4NlKQFEclap6jWqKwHyLlIVDmiGvCWbCDAy5yfNAnzKWvm112MNsBHEELhg2dXeRzvukIi5x7aTNfldYR24HwzNpPIaIBoL-Nx13pnnQsRKE8V04sQZBkclqed4xruITkArkvfOyZwwUjF4Mr1dGakPIk-QthgKNSvjAwHo7AJ_TTIZuBteNVya7bStMqXghbnwotLfkWGtXkfIjJOtS7hUbb8tvek8U2YqT2gcc9ZhEp76w6kCQxervJnvEHxpHyu5i3fqF9RF1OUNVK97mg=
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 1fb0b89a5ccfb45255b8e8539e256ee2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: IvTOrcJa2vb-htGHvvTFivQtoy5rYPytNFjJGs86m5spHQEtWwjT5Q==
my.rtmark.net/gid.js?userId=52b437f460064f0982defff96e780d70
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=52b437f460064f0982defff96e780d70
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0971289a761c0f13b69dd1b0153e9133
d0affa4cce6dbcdeab30ae124efe1a6ca2c56495
918f458b2476488dc579014c2441305498b303583a0faaf61e2a8617af10d7ff
GET /gid.js?userId=52b437f460064f0982defff96e780d70 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://nowlive.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=52b437f460064f0982defff96e780d70; expires=Wed, 17 Jan 2024 06:38:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 27 kB IP 104.17.167.186:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (689)
Hash fb57d5512940d7e176d8749e6e4a844e
b5eeddad4a087303e8c68b397fb62981264fcecc
b4feb556f100b394ece04368fd0454d39bb196d08b694f02bd4d57705f053215
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Fri, 17 Feb 2023 06:38:35 GMT
etag: W/"xkCBFtC0Wl/JiS60JFipuQ=="
cf-cache-status: HIT
age: 1327476
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16bfcfb3b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 30 kB IP 104.17.167.186:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (689)
Hash 815ef37110ac6b63648f05ba53184bee
bebecd11757b35c25edcbb317a4c54c5c8d23697
36bf07548480e148703dd77a427ddd38209b3a2c5f805ca04e563d5d3bef1a1f
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=2678400
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Permissions-Policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
Link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
Expires: Fri, 17 Feb 2023 06:38:35 GMT
ETag: W/"xkCBFtC0Wl/JiS60JFipuQ=="
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1327477
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16c079561c16-OSL
alt-svc: h2=":443"; ma=60
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: http://nowlive.me
Cache-Control: private, max-age=10
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Max-Age: 2592000
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16c07babb4fa-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a685ba36166c17fe9074543f607e549a
4524efb60c13cb99b8a64567e55241d4a8e91f45
9f3b05c3b4ee19380c2076fe8096d97943a6f2a969f08c0657c05478c7041f42
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9F3B05C3B4EE19380C2076FE8096D97943A6F2A969F08C0657C05478C7041F42"
Last-Modified: Mon, 16 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=235
Expires: Tue, 17 Jan 2023 06:42:30 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
www.adexchangeguru.com/ad/display.php?stamat=m%257C%252CQojYjtiPqB1dAN0dEdHP3xP.32b%252CZMkKdRAQlkuDbgTABrav5AzGjvbfIMXnrKKTJkv9QZ_gamZlmR42Wx3LqpbIQaBKD6x-aV0SDJIYaRLJzaTYnciZE_tfzzyUx08dG4HFQgI%252C&cbpage=http://www.sjumbotv.me/ads1.htm&cbur=0.550414909884732&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.me%2F
35.201.126.110200 OK 2.1 kB URL HTTP/1.1 www.adexchangeguru.com/ad/display.php?stamat=m%257C%252CQojYjtiPqB1dAN0dEdHP3xP.32b%252CZMkKdRAQlkuDbgTABrav5AzGjvbfIMXnrKKTJkv9QZ_gamZlmR42Wx3LqpbIQaBKD6x-aV0SDJIYaRLJzaTYnciZE_tfzzyUx08dG4HFQgI%252C&cbpage=http://www.sjumbotv.me/ads1.htm&cbur=0.550414909884732&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.me%2F
IP 35.201.126.110:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (762)
Hash a2a6c28af3d88034c17c67eb1aab1e4d
712962e0f327a1a55f4365544e887d44df5bbeac
fd78a09b9a515327b1251c0af08d9ca0706d24dcfb5e5a2e13c14d56276564fd
GET /ad/display.php?stamat=m%257C%252CQojYjtiPqB1dAN0dEdHP3xP.32b%252CZMkKdRAQlkuDbgTABrav5AzGjvbfIMXnrKKTJkv9QZ_gamZlmR42Wx3LqpbIQaBKD6x-aV0SDJIYaRLJzaTYnciZE_tfzzyUx08dG4HFQgI%252C&cbpage=http://www.sjumbotv.me/ads1.htm&cbur=0.550414909884732&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.me%2F HTTP/1.1
Host: www.adexchangeguru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sjumbotv.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Link: <//www.adexchangeguru.com>; rel=dns-prefetch,<//www.adexchangeguru.com>; rel=preconnect,<//gimmehost.org>; rel=dns-prefetch,<//gimmehost.org>; rel=preconnect
Content-Encoding: gzip
Via: 1.1 google
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: http://nowlive.me
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
xml.serving-passthrough.com/click?i=3z-b0c-sYhM_0
172.64.207.19302 Found 0 B URL HTTP/2 xml.serving-passthrough.com/click?i=3z-b0c-sYhM_0
IP 172.64.207.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=3z-b0c-sYhM_0 HTTP/1.1
Host: xml.serving-passthrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nowlive.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 17 Jan 2023 06:38:35 GMT
content-length: 0
location: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5R0WvDnNMd8JNqGbeWxKBXD63mBGiGEvbA%2FHOipR3ruzhZ%2BoOapF2S9DJjQMpi4LuzJmAgylcGadMov1%2BRS1hxWTPR3MLgIXoYL40Q8iUu4nuRAQOiQHuL1Qd4ysiYZ%2FWrXuPTD2OZhnp%2FNX9QU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad16c09c0972f4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nowlive.me/favicon.ico
45.141.156.196404 Not Found 132 B IP 45.141.156.196:0
ASN #30860 Virtual Systems LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3d06c0eef8d0d7b16c06a4d59d7b9a8a
f1b09ab082acf6c0cc7208e344eb3f6619c49cf9
648d8e644dcbdc4ec115a30bd51d8054071891a3e4971aee01963f1cb17fb4ca
GET /favicon.ico HTTP/1.1
Host: nowlive.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/2/103.html?id=103
Cookie: ppu_show_on_21510760b6d533922bc4866e828f0d11=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ebb85662-d09e-4e47-9910-6d104ddbb96a%3A2%3A1
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b4c80fca9a7bc1b84369cdb60024668
91427b4fd16fa613fb83f053b271f00396b36e90
07bb6c4b267a5f46a15cca9ad9644ca38af67daa1448ad67f583f58e3c8dfcc1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f95ed1df9397c495400ef18235551c12
910f7910d640bdd561cefc45ddc91d7beecf13cd
2d8d57ba2d50303cc4ae5e5677f68370fc9b74fe002ccba471f964d78aaab43f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D8D57BA2D50303CC4AE5E5677F68370FC9B74FE002CCBA471F964D78AAAB43F"
Last-Modified: Mon, 16 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Tue, 17 Jan 2023 07:40:52 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
www.gstatic.com/cv/js/sender/v1/cast_sender.js
142.250.74.35200 OK 2.0 kB URL HTTP/2 www.gstatic.com/cv/js/sender/v1/cast_sender.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (1143)
Hash c439f328a6d5a2f9cba8f719b4a0c39b
c91a5d5bce3629fa350f8bed6a6693ab477a0f99
79dc7857f15689c75f5126726ad2b5894d3a43018928420482eba684b800f193
GET /cv/js/sender/v1/cast_sender.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="cloudview"
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-length: 2007
date: Tue, 17 Jan 2023 06:38:35 GMT
expires: Tue, 17 Jan 2023 06:38:35 GMT
cache-control: private, max-age=3000
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.dailyd.me/sj.html
45.141.156.196200 OK 966 B IP 45.141.156.196:0
ASN #30860 Virtual Systems LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (641), with CRLF line terminators
Hash 11e56f1e6c6e53dd7ed50117b915a502
9c225e14ffad4d812a95814f089697273fe08f02
081ab0b18b4b1da00c54ea58e29670aec9bacfce2273419d6bc5e4eb50420954
GET /sj.html HTTP/1.1
Host: www.dailyd.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sjumbotv.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html
Last-Modified: Fri, 22 Oct 2021 21:04:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61732745-9da"
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 91ce90bc4c825500f36f3378a85ee90b
bd2537b9d280d4656ef0b0816f8f568f226fdbe3
353d0c66a9c0438c7712815c20b62a12319f82aea4550fd3a76a91aa6a3965ed
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "353D0C66A9C0438C7712815C20B62A12319F82AEA4550FD3A76A91AA6A3965ED"
Last-Modified: Mon, 16 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19605
Expires: Tue, 17 Jan 2023 12:05:20 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
granorizes.com/ie?v=4&c=CtiP1iqOhHCzeLKkcY-ReskzeE8rk0RVOiLpy0uqBxlrPZAB8rS7S4FFiQ1dwChTi-IudsUC8NGgtoeR4DSjiEDXlmO_FuGMJzb1EKjJzdwfITrTyDz5hvTGPrA6P6rhC3s9FSoEy3tzrFmCVeSqnCaRelt2HwrHvY0kA4OhhIAjHb34m1IDE283TtdJ-EnbXv4PhSl7Fr4NlKQFEclap6jWqKwHyLlIVDmiGvCWbCDAy5yfNAnzKWvm112MNsBHEELhg2dXeRzvukIi5x7aTNfldYR24HwzNpPIaIBoL-Nx13pnnQsRKE8V04sQZBkclqed4xruITkArkvfOyZwwUjF4Mr1dGakPIk-QthgKNSvjAwHo7AJ_TTIZuBteNVya7bStMqXghbnwotLfkWGtXkfIjJOtS7hUbb8tvek8U2YqT2gcc9ZhEp76w6kCQxervJnvEHxpHyu5i3fqF9RF1OUNVK97mg=
162.55.246.161200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=CtiP1iqOhHCzeLKkcY-ReskzeE8rk0RVOiLpy0uqBxlrPZAB8rS7S4FFiQ1dwChTi-IudsUC8NGgtoeR4DSjiEDXlmO_FuGMJzb1EKjJzdwfITrTyDz5hvTGPrA6P6rhC3s9FSoEy3tzrFmCVeSqnCaRelt2HwrHvY0kA4OhhIAjHb34m1IDE283TtdJ-EnbXv4PhSl7Fr4NlKQFEclap6jWqKwHyLlIVDmiGvCWbCDAy5yfNAnzKWvm112MNsBHEELhg2dXeRzvukIi5x7aTNfldYR24HwzNpPIaIBoL-Nx13pnnQsRKE8V04sQZBkclqed4xruITkArkvfOyZwwUjF4Mr1dGakPIk-QthgKNSvjAwHo7AJ_TTIZuBteNVya7bStMqXghbnwotLfkWGtXkfIjJOtS7hUbb8tvek8U2YqT2gcc9ZhEp76w6kCQxervJnvEHxpHyu5i3fqF9RF1OUNVK97mg=
IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 281649999a92b99584c5914c021cfee7
451a8c25ced83b09f599af2728ba4206901e6daa
8c35a411f73c0f848a8a5f8dbaa03f405fa2404d1f2c6e5b5685cfe4a081a600
GET /ie?v=4&c=CtiP1iqOhHCzeLKkcY-ReskzeE8rk0RVOiLpy0uqBxlrPZAB8rS7S4FFiQ1dwChTi-IudsUC8NGgtoeR4DSjiEDXlmO_FuGMJzb1EKjJzdwfITrTyDz5hvTGPrA6P6rhC3s9FSoEy3tzrFmCVeSqnCaRelt2HwrHvY0kA4OhhIAjHb34m1IDE283TtdJ-EnbXv4PhSl7Fr4NlKQFEclap6jWqKwHyLlIVDmiGvCWbCDAy5yfNAnzKWvm112MNsBHEELhg2dXeRzvukIi5x7aTNfldYR24HwzNpPIaIBoL-Nx13pnnQsRKE8V04sQZBkclqed4xruITkArkvfOyZwwUjF4Mr1dGakPIk-QthgKNSvjAwHo7AJ_TTIZuBteNVya7bStMqXghbnwotLfkWGtXkfIjJOtS7hUbb8tvek8U2YqT2gcc9ZhEp76w6kCQxervJnvEHxpHyu5i3fqF9RF1OUNVK97mg= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nowlive.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Tue, 17 Jan 2023 06:38:34 GMT
content-type: text/html
content-length: 4875
x-app-id: 11
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
95.211.229.245200 OK 484 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (726)
Hash bef868f7f166302a5a73868e3aadbd88
a86d997620e023cb1e4c46cf781308e5fb5dc8e6
d253c8ccefe71c815c5403b62ee19dd6a4e4629cc505797a2894f82c60c22e34
GET /splash.php?cat=&idzone=3947848&type=8&p=&sub= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nowlive.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c6426bc07f31.870658203187720670%22%3B%7D; expires=Thu, 16 Jan 2025 06:38:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
whos.amung.us/pingjs/?k=nowlivepro&t=&c=c&x=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&y=&a=-1&d=1.202&v=27&r=8595
104.22.75.171200 OK 49 B URL HTTP/1.1 whos.amung.us/pingjs/?k=nowlivepro&t=&c=c&x=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&y=&a=-1&d=1.202&v=27&r=8595
IP 104.22.75.171:0
File type ASCII text, with no line terminators
Hash bdb1aab8d8655ba6675badf0c4a8fe20
c04e799b3243088a02f2dc98621c2dafb84c6f02
1b79af34989fb014e617869b273c8986a2f5a1e7e31b3cf6a2f80b4b9825d64f
GET /pingjs/?k=nowlivepro&t=&c=c&x=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&y=&a=-1&d=1.202&v=27&r=8595 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ad16c0f92609b7-ARN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8b4c80fca9a7bc1b84369cdb60024668
91427b4fd16fa613fb83f053b271f00396b36e90
07bb6c4b267a5f46a15cca9ad9644ca38af67daa1448ad67f583f58e3c8dfcc1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
granorizes.com/ie?v=4
162.55.246.161301 Moved Permanently 0 B IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Connection: keep-alive
Referer: https://granorizes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Tue, 17 Jan 2023 06:38:35 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=4059380
x-app-id: 11
crrepo.com/extban/311983020/creatives/23535842/319aeacf2ed4a52bfd9de24a54309803_3249.png
104.21.235.113200 OK 99 kB URL HTTP/1.1 crrepo.com/extban/311983020/creatives/23535842/319aeacf2ed4a52bfd9de24a54309803_3249.png
IP 104.21.235.113:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 2f6888afb114b08a4c6065bb0ea2c507
dd93ab46e4ff792cc744782b4bc3dbdad2739d68
a6d9b78b40b4db0140b16252d108affa4f44b3cb475d297d6e2116156d56b34d
GET /extban/311983020/creatives/23535842/319aeacf2ed4a52bfd9de24a54309803_3249.png HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.adexchangeguru.com/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 30 Oct 2022 09:40:18 GMT
ETag: W/"635e4682-181d2"
Content-Encoding: gzip
Via: 1.1 google
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4626
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tv6alRgFt43FdCPHc06O%2FX7cMv6e%2FVRkAfanvOS5IA0kHbyM5hRq62ZkNDrPxZHjuMoqDePWtR2w4nqoKNp5zBL3fAtLH35DjC%2FUd2ZSjwcEPfTuwv7kKiZQ5MHC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16c24e07756a-LHR
alt-svc: h2=":443"; ma=60
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=http%3A%2F%2Fnowlive.me%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1x8&iframe=1
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=http%3A%2F%2Fnowlive.me%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1x8&iframe=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?cat=&idzone=3947848&type=8&p=http%3A%2F%2Fnowlive.me%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=1x8&iframe=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c6426bc07f31.870658203187720670%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 17 Jan 2023 06:38:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263c6426bc07f31.870658203187720670%22%3B%7D; expires=Thu, 16 Jan 2025 06:38:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamsmlcebogeicxbmsbcenxgxamsbmrxregeimmccrbebnxgxamslescrogeioslmrxbmnxgxamsmsromageicxbmsbocnxgxamslescrogeimmccrlaonxgxamslxxmabgeimmccrlacnxgxamslxxcxsgeicxbmsboenxgxamsbcserxgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamslxxmabgeislsaroornxgxamsmarmlcgeioslmroemnxgxamslxxmabgeioslmrxlsnxgxamslxxcxsgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamsobsccrgeimmccrbeanxgxamslxxcxsgeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamsxamomcgeialbserebnxgxamsosomemgeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamsbrarebgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamsmamoxsgeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamsmllbccgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamslescrogeimcclsoeonxgxamsmlmlelgeimcclsxlcnxgxamsmlcebogeimcclossbnxgxamsmoooeegeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamsmoooeegeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamsmobcebgeimcclsxlbnxgxamsbmrxregeimccloscanxgxamsbrarebgeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamsmmrbmbgeimcclsxsbnxgxamslescrogeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamsbxxbsrgeimcclsxlonxgxamslescrogeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeimasbsoebnsgxamsbrxalegxcceimaoobbebnxgxamsbrxalxgxcceialbbblbanxgxamsbroemmgxcceiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamsbroemmgeiclsmrmxbnxgxamsbroemmgeimmrocrrcnxgxamsbroemmgxcceiallocbocnxgxamsbroemmgxcceimcoaxmxcncgxamsbrorbmgxcceimbeboxmonsgxamsbrsralgxcceialaroxrcnxgxamsbrreeogxcceimxxerrxenxgxamsbrarebgxcceimbscxmoonxgxamsbrarebgxcceimbsbarcenxgxamsbaeasegxcceimoobcobenxgxamsbaeasegxcceicloaxxacnxgxamsbamaragxcceimeembecenxgxamsbabarcgxcceimaoolslanxgxamsbmxbbxgxcceiaaxcambbnxgxamsbmclmagxcceiocmlslsrnxgxamsbmrxregxcceimsacexoonxgxamsbmrxregxcceimcssmlrcnsgxamsbmrxregxcceimccloscenxgxamsbmrxregeicloaxxmenxgxamsbmrxregxcceimmelcxsenxgxamsbmasamgxcceimxlbmosanrgxamsbmabmrgxcceimxlbmoobnogxamslescrogxcceimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimxeoxsbensgxamsleamlcgxcceimxlbmxbbnxgxamsleamlcgxcceialrexexbnxgxamslxxcxsgxcceimxlbalscnogxamslxxcxsgxcceimclsaoxbncgxamslxxcxcgxcceimaooloranxgxamslxxcxcgxcceimxlbalcenxgxamslxxmabgxcceixaoossalnxgxamslxxmalgxcceimxlbmxlonxgxamslxxblxgxcceimbcxlrmanagxamsloxecrgcbeimbsblroanagxamsloxblogxcceimrrcrrlenxgxamsloxblsgxcceimbcxlrmcnxgxamsloxblsgxcceimrbleaebnogxamslocacrgxcceimmooobrcnxgxamslorlbxgxcceimmooobrbnxgxamslorlbxgxcceimxlbmoscnrgxamslomllogxcceimcssmlrencgxamslomllogxcceimxlbmosonxgxamslomllogxcceimcssmlronogxamslomllogxcceimcoaxmxonrgxamslobraegxcceimbsblrobnogxamslolcoegxcceimclxlloanxgxamslolaxagxcceimbcbrbxbnsgxamslseoobgcbeimbclracbnxgxamslseoobgcbeimxxrecsanxgxamslsxcecgxcceixaoosscrnxgxamslsoemsgxcceimeembescnxgxamslsoemsgxcceiceecmorsnxgxamslsobebgxcceimexexabbnxgxamslsobxxgxcceimrxccoscnxgxamslsscmogxcceicloaecoenxgxamslsscmsgxcceimaooblebnxgxamslsscmrgxcceimeembesonxgxamslsscmagxcceicmarxbbonxgxamslsscmagxcceimboslabcnxgxamslsrobmgxcceimxxerrecnxgxamslsrobmgxcceimbscxmocnxgxamslsrobmgxcceimxxerrebnxgxamslsrobmgxcceimxxerreanxgxamslsrobmgxcceimbxacsacnxgxamslsrobmgxcceicxmecmcanxgxamslsrobmgxcceimmlsebobnxgxamslsmrxrgmoe; expires=Wed, 18 Jan 2023 06:38:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C3947848%7C77930828%7C0%7C%7C142%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63c6426bc07f31.870658203187720670%7C60a413c1ebfcec3fb520ec306f42f1a5%7C0%7Cnowlive.me%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 18 Jan 2023 06:38:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
X-Robots-Tag: noindex, follow
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b073f40f02cd8c2571be6fa0f10e7dd5
0fd2074f12ae9bff87c227a9a06a4aa94e4a1c62
ae6f0c8d277d61d52de7d29f41c78715ea8efad7287779adb0f9973f3292c76e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE6F0C8D277D61D52DE7D29F41C78715EA8EFAD7287779ADB0F9973F3292C76E"
Last-Modified: Sun, 15 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10541
Expires: Tue, 17 Jan 2023 09:34:16 GMT
Date: Tue, 17 Jan 2023 06:38:35 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 112d7856106ff225c02e05f4e5e80563
9f5a80d52dfdb3e85941cc88a6d97f36b7afe7ae
f6bbc2b697521da6cfb2a94711cf1b2ac96a2b825d3927f90feacce28d5bf15e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 22:25:05 GMT
Expires: Sat, 21 Jan 2023 22:25:04 GMT
Etag: "9f5a80d52dfdb3e85941cc88a6d97f36b7afe7ae"
Cache-Control: max-age=401788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ad16c2cf66b4f1-OSL
backoffice.affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
172.66.43.170302 Found 212 B URL HTTP/2 backoffice.affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
IP 172.66.43.170:0
File type HTML document, ASCII text, with no line terminators
Hash 5cc8fc8ac84fb922cf4ae00c239ae8fc
c1434acf56f53ef9eb5ca1d59792576bd44ff1fa
e0acc32f1541baaab96b19e5486eae846a1b428d2740a6bd7057cc4eea693070
GET /clk/C16E731082C611EDAE940DF8A2DD9FBB HTTP/1.1
Host: backoffice.affmore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html; charset=utf-8
content-length: 212
location: https://www.freshspins.com/no?btag=1001391_C16E731082C611EDAE940DF8A2DD9FBB_51530993
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QI8KCFWywNB3bLCruOcdRUdV5LyicRP3wXrwd2vfU0PJosO8Im70WPa5sLZM%2FFtQkqCCTM%2BgF1mBazuPzd5LAY7M4gMneygkw0F%2B2LygIm8q1%2BAYtKA06ho2GpaJXoLIDZpKe6ZFDlw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad16c2eddbb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a248b09b4d5752744250ac80b2f038dc
d147efb69eb7cbe090fea0098f3df86e085b5729
0efc570ed9acdc286da0a8fd8b28370d896d6f0fb16c3d92661ff73c1a3efd4a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0EFC570ED9ACDC286DA0A8FD8B28370D896D6F0FB16C3D92661FF73C1A3EFD4A"
Last-Modified: Sat, 14 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3802
Expires: Tue, 17 Jan 2023 07:41:58 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
602atqsrihh6.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 602atqsrihh6.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: 602atqsrihh6.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a248b09b4d5752744250ac80b2f038dc
d147efb69eb7cbe090fea0098f3df86e085b5729
0efc570ed9acdc286da0a8fd8b28370d896d6f0fb16c3d92661ff73c1a3efd4a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0EFC570ED9ACDC286DA0A8FD8B28370D896D6F0FB16C3D92661FF73C1A3EFD4A"
Last-Modified: Sat, 14 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3802
Expires: Tue, 17 Jan 2023 07:41:58 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
adsco.re/p
162.252.214.5200 OK 411 B IP 162.252.214.5:0
File type ASCII text, with very long lines (487), with no line terminators
Hash c85ac51e3736e859373c6702e15dfd3b
17682ca9da9c6bf877d2707a25ffc17702e59c4b
4b19ade4db34f350c0d37152eb5152f6a640fa387458a4a6918fef01f4ff604f
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 1752
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: http://nowlive.me
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 112d7856106ff225c02e05f4e5e80563
9f5a80d52dfdb3e85941cc88a6d97f36b7afe7ae
f6bbc2b697521da6cfb2a94711cf1b2ac96a2b825d3927f90feacce28d5bf15e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 22:25:05 GMT
Expires: Sat, 21 Jan 2023 22:25:04 GMT
Etag: "9f5a80d52dfdb3e85941cc88a6d97f36b7afe7ae"
Cache-Control: max-age=401787,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ad16c418c1b4f1-OSL
witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.dailyd.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:36 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=0f14d91d-b306-4869-9b6b-c507c8a756d3
Location: https://jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=9d1cf9e1-ca30-4649-b4a2-48b983b578f5&ep=QL6BJEEDTDPDTHAQ4PFDFTAA252TFT2CM6BI5IQDQIZVY73NP7CWXHLQVC234OWQUTDDJDQROXUSBQDSQSCFBVDS65C5MJ23EIURNGVJ3UB7D5SG5RBPOGCCJTFI74OQLAT42KU6AQYXZVQNWFB7TEBAPAW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7UBGO647VLGN55GGZ6MJTDXR4E33VTFDO2HOVALEXNHGZ2ICI2EV2UCUFJ4PSWB3NZR2MJPTOZ7T4EVYRVGGHPSFCFCO3OZRTMZZGIB65QXP25VNCMOOHVUEL5YGSNCLNA7JFDVHOTSPV7CNIUYVEVBKAIGZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 4ded1750dc7e0bef188a5520fb9fef28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: JfQuZEnEbLuEfSSBcg3a3dqeaUjgrtX3qFyTFViOEHhDFdKD4yya1A==
witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698678&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.dailyd.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:36 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=22f5ef5c-6272-4700-b3a6-5a61f4162555
Location: https://xml.serving-passthrough.com/click?i=Ijwqc*p4Vrw_0
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: 6N4SVY9jdKYe-ypN1OEDQPsjl066g11fOZAtXN4llZfdTKjBCahskA==
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e73a628ae7bd33ee52f32c29a6084396
6d0936b633648652398cfd00a59fe31413f96660
ac1d977062c5b177bb05eb196a4385dd279c69ae9933dfecefdf5939b55a5bf9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC1D977062C5B177BB05EB196A4385DD279C69AE9933DFECEFDF5939B55A5BF9"
Last-Modified: Sun, 15 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1969
Expires: Tue, 17 Jan 2023 07:11:25 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.dailyd.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:36 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=4c6ef2dc-d716-411f-b496-e3dce51ecba7
Location: https://jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=b2581c89-91fa-4e7f-8432-1ac695ea41ab&ep=HG6PA7QD5GNAPACKAI5LEDB6TMLZ6AQU4KIJMYZ75E3LPZ5D3SI4NHG3C4EMFY4VKKNFSYKX3QNE3QDSQSCFBVDS65C5MJ23EIURNGU2ZWDKDCNZIAMK2WOWTS3EHMAPFBA42GWXM4AWYWCK4PVLKWWJXEW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7U6KKY346JVRNH2P7EEWTJSAA3HFQ6OWS7H3HDYJNUYUHFYU7VRTL5HZSPOL7T46K3SWDLROK2WBF3JZFOBACDUVCSTX7YJWZLW3M4B2FX3HIIS2AR77N42R6X2VMKNLGZOS47JCQ6JLJSFAHJTUUFOLU46ZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: isyIP8AkLeU1ia3uwWSiewJ8ZSZpssPRvmMbgDKiElz4ZiNv8fzPKw==
witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
108.157.214.77302 Found 0 B URL HTTP/1.1 witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
IP 108.157.214.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=698678&&ref=[URI_ENCODED_REFERER] HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.dailyd.me/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Tue, 17 Jan 2023 06:38:36 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=48cea23f-6c71-4990-ac0e-ed3e810d7606
Location: https://granorizes.com/ie?v=4&c=o-jxNcOHRBLtT1kaGluT6G2Cw69qCZd4RP3Vwh89QKsY3LE9tRQeKHMonLKBuBZGWqyiIyIR18ENB1IDvvoXjKadsK9ffhUUWAG1p0r48ll7tN5yTgQhazxLWUXvm-ioLoZpU9oTuvMHs5w66sNqTQWHIDRtYQE-g_rkMXQKRsXMEQXD9MZEm3tQmCQkvXNqFb-BrFYLWhN2giHjEyOmmMoc8CvRYXCcSOvYrzslrK-tOb-wtd8_6l88IhfysWMSnzuQz_c8WJrc-MMZ1N6bbtCQzysSMbV0qUeeM0QRoMmnFmZBFWfIau9xnHddTDJqo5LCRCugMUq5AAoZWIMcZryb0vao6OFUsM6oB39BfIu1TYl2FkOJCe-sSttUHngp8kRGXFDEclAWaw6Zam7i0VtGUpP-aq-C-8oOFoKPFcD_a7B18UuwgVYxeSZRRUN-SQ56_Md7ol9C8e5y_FW1-QRl-B0neBGQKZfd7f8igvY_7qXCvKoB3uZ9EV8X5EPme02v5ZYyP_vJCbf4JD5b2k1OJt7qtiRQIbmjwPlNSkZQIXipfIQSj5CqoMjjhzd29dJXcDIezCcD6ayfN-hm3LYGREQ=
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 1fb0b89a5ccfb45255b8e8539e256ee2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: Wqm4w_tHLJX3D6lVWFZHUAJ_j9M9SpT01hItZj4k6TWz27gUJov5iA==
my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0971289a761c0f13b69dd1b0153e9133
d0affa4cce6dbcdeab30ae124efe1a6ca2c56495
918f458b2476488dc579014c2441305498b303583a0faaf61e2a8617af10d7ff
GET /gid.js?userId=f1tf837423yb755796232e3a5ivvz337 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Cookie: ID=52b437f460064f0982defff96e780d70
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://nowlive.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=52b437f460064f0982defff96e780d70; expires=Wed, 17 Jan 2024 06:38:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20177
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20177
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20177
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20177
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1490db-aa8a-4724-a608-8c0c03f98b35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1490db-aa8a-4724-a608-8c0c03f98b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805a998e9a6fc452c152ab9542b6d0cd
0bd57ea7809abfa4136506f565ac8ba45c936406
b24e0b322cacda63e43582e713cb38d80914f6b82c735307188a2ddd9829338f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1490db-aa8a-4724-a608-8c0c03f98b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10736
x-amzn-requestid: 78c83dbb-f641-4ece-bd8d-ce9d524f100d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm5FLvoAMFn1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-73b261b87d3eb7b709161fdf;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hUS-ajMYSYKXI2jsZJApvgUgr0lnbrm02BXZ6rsPS5h0daBcIRtgEw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
age: 31941
etag: "0bd57ea7809abfa4136506f565ac8ba45c936406"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87b645d1-9bdf-4fcb-990e-f3dfb01d71d5.jpeg
34.120.237.76200 OK 2.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87b645d1-9bdf-4fcb-990e-f3dfb01d71d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57f4bddae2488cc36924ba39e6cb5b75
84c4e591d4ec54c3f9b6749044029145103f2fb8
30f39db37bf4f4089a2c180cf3415dbcd2e73e4ad6088eb1ecf31c9f6f00d521
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87b645d1-9bdf-4fcb-990e-f3dfb01d71d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2711
x-amzn-requestid: 430c97a5-4c0a-44db-9d6b-9ee70a7195d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: exe1nHOvoAMFdYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3ab56-0b014a2a5ed5c5e11e9c8327;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:29:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3wVLWMCi0beEkSWrqXCiTZkcvJQii9WwU6Oy7RR3_ekn-yt_gp1xRg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 11:27:05 GMT
age: 69091
etag: "84c4e591d4ec54c3f9b6749044029145103f2fb8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
granorizes.com/ie?v=4&c=o-jxNcOHRBLtT1kaGluT6G2Cw69qCZd4RP3Vwh89QKsY3LE9tRQeKHMonLKBuBZGWqyiIyIR18ENB1IDvvoXjKadsK9ffhUUWAG1p0r48ll7tN5yTgQhazxLWUXvm-ioLoZpU9oTuvMHs5w66sNqTQWHIDRtYQE-g_rkMXQKRsXMEQXD9MZEm3tQmCQkvXNqFb-BrFYLWhN2giHjEyOmmMoc8CvRYXCcSOvYrzslrK-tOb-wtd8_6l88IhfysWMSnzuQz_c8WJrc-MMZ1N6bbtCQzysSMbV0qUeeM0QRoMmnFmZBFWfIau9xnHddTDJqo5LCRCugMUq5AAoZWIMcZryb0vao6OFUsM6oB39BfIu1TYl2FkOJCe-sSttUHngp8kRGXFDEclAWaw6Zam7i0VtGUpP-aq-C-8oOFoKPFcD_a7B18UuwgVYxeSZRRUN-SQ56_Md7ol9C8e5y_FW1-QRl-B0neBGQKZfd7f8igvY_7qXCvKoB3uZ9EV8X5EPme02v5ZYyP_vJCbf4JD5b2k1OJt7qtiRQIbmjwPlNSkZQIXipfIQSj5CqoMjjhzd29dJXcDIezCcD6ayfN-hm3LYGREQ=
162.55.246.161200 OK 5.1 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=o-jxNcOHRBLtT1kaGluT6G2Cw69qCZd4RP3Vwh89QKsY3LE9tRQeKHMonLKBuBZGWqyiIyIR18ENB1IDvvoXjKadsK9ffhUUWAG1p0r48ll7tN5yTgQhazxLWUXvm-ioLoZpU9oTuvMHs5w66sNqTQWHIDRtYQE-g_rkMXQKRsXMEQXD9MZEm3tQmCQkvXNqFb-BrFYLWhN2giHjEyOmmMoc8CvRYXCcSOvYrzslrK-tOb-wtd8_6l88IhfysWMSnzuQz_c8WJrc-MMZ1N6bbtCQzysSMbV0qUeeM0QRoMmnFmZBFWfIau9xnHddTDJqo5LCRCugMUq5AAoZWIMcZryb0vao6OFUsM6oB39BfIu1TYl2FkOJCe-sSttUHngp8kRGXFDEclAWaw6Zam7i0VtGUpP-aq-C-8oOFoKPFcD_a7B18UuwgVYxeSZRRUN-SQ56_Md7ol9C8e5y_FW1-QRl-B0neBGQKZfd7f8igvY_7qXCvKoB3uZ9EV8X5EPme02v5ZYyP_vJCbf4JD5b2k1OJt7qtiRQIbmjwPlNSkZQIXipfIQSj5CqoMjjhzd29dJXcDIezCcD6ayfN-hm3LYGREQ=
IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 3f1e6264acb2d0b0764793ef523f9857
02541069c74e3557a16d5b3b2aad22283117a8aa
a595caf354da03374049aa450f6de2809a3e51c25c5af392bd108b47d333822f
GET /ie?v=4&c=o-jxNcOHRBLtT1kaGluT6G2Cw69qCZd4RP3Vwh89QKsY3LE9tRQeKHMonLKBuBZGWqyiIyIR18ENB1IDvvoXjKadsK9ffhUUWAG1p0r48ll7tN5yTgQhazxLWUXvm-ioLoZpU9oTuvMHs5w66sNqTQWHIDRtYQE-g_rkMXQKRsXMEQXD9MZEm3tQmCQkvXNqFb-BrFYLWhN2giHjEyOmmMoc8CvRYXCcSOvYrzslrK-tOb-wtd8_6l88IhfysWMSnzuQz_c8WJrc-MMZ1N6bbtCQzysSMbV0qUeeM0QRoMmnFmZBFWfIau9xnHddTDJqo5LCRCugMUq5AAoZWIMcZryb0vao6OFUsM6oB39BfIu1TYl2FkOJCe-sSttUHngp8kRGXFDEclAWaw6Zam7i0VtGUpP-aq-C-8oOFoKPFcD_a7B18UuwgVYxeSZRRUN-SQ56_Md7ol9C8e5y_FW1-QRl-B0neBGQKZfd7f8igvY_7qXCvKoB3uZ9EV8X5EPme02v5ZYyP_vJCbf4JD5b2k1OJt7qtiRQIbmjwPlNSkZQIXipfIQSj5CqoMjjhzd29dJXcDIezCcD6ayfN-hm3LYGREQ= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: text/html
content-length: 5123
x-app-id: 11
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bea3a8-a37c-4400-a7fe-c935f3758bbc.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bea3a8-a37c-4400-a7fe-c935f3758bbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 21f47639234f79c560d44fc1d42d6aca
56cbcaed180dd893cde9dcf3721f6b86158aca9b
a2fa6d73aee8fc0c2ef001de097b1f0e262fcfcda31f97a05912c41eea1c946b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bea3a8-a37c-4400-a7fe-c935f3758bbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7209
x-amzn-requestid: c3b968c0-5b08-45bf-9f58-03a1fb574e8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm5FNqIAMFo6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-28d7f6dc7fea377b3c33282b;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pQ54ou2q6Dt1SH_7zOCVwNnlKdYxbdRnAO5qICIRJ6SzjHJAPmt5GA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:56:51 GMT
age: 31305
etag: "56cbcaed180dd893cde9dcf3721f6b86158aca9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4645b901-7a6a-474e-a0e9-8661e378c83d.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4645b901-7a6a-474e-a0e9-8661e378c83d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 304bb1b20c55a224a8aa28c2af0a0d0e
590f9978d35d8bff19b665505b9761f87c66b915
74a5930f8ccc54b5618892ace303d163066656b02c942273e8d6debcf2ab3614
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4645b901-7a6a-474e-a0e9-8661e378c83d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e53617f5-3c7b-4a81-a9bb-79667a1ef7c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ej0BwETpIAMFdcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63be33a4-328c82663ce8bb024b0181d9;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 03:57:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IrGvuEbwzYF0PIcAiXFsYSOc30EQlSkpX1Fi0WW_S1SYaXP-I67HQw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:52:19 GMT
age: 31577
etag: "590f9978d35d8bff19b665505b9761f87c66b915"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F144b7909-7293-4696-94a6-0afc31d3e351.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F144b7909-7293-4696-94a6-0afc31d3e351.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05aa269a0f2828ea2db69313f279b38c
f6304901ff8fa128627ca44eaf37072c5f4d5fd8
3f7de0fdee25471f646d0f1ab82729c449e3f05c83eec1b84a42c6b2d69dcce2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F144b7909-7293-4696-94a6-0afc31d3e351.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8868
x-amzn-requestid: deb46f6b-5234-4579-8f20-59906066d836
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZxKWEZfoAMFbzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba2f0e-6890657c300dba5c26a2118e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 02:48:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BK2NuVnKf9BYNXXPCP3qSN7wQAMvuh_KdaRjuAA_OojxpxyY3ksCmA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 04:20:07 GMT
age: 8309
etag: "f6304901ff8fa128627ca44eaf37072c5f4d5fd8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad210f0ba6ce6930724549cbba76e83d
e4badc3fbca9913bc11d968dac5cad1f900ff492
ad5f754d5dbe870feabfe090a46838614e96d72e78b9a2a8010ab339c67130be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9529
x-amzn-requestid: 56f2b9a5-91c6-421a-ad84-165376e23dcf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm6Fm-oAMFrDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-67a0c1fe6aad6e6b71e50463;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mzmFGVDfMuZte5CJUmchEQIVAuDUKdGfUpm7PRTUqnsP44IcDmbl8A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
etag: "e4badc3fbca9913bc11d968dac5cad1f900ff492"
content-type: image/jpeg
age: 31941
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=-nxovqy72JxSuAdbarSWvLJLxNGsPReoVoQE23qe20ng55zOQa0dkvaTYZtDEfDEVKmEnsAyyiTdDZFM96gxdPuFkcSYdv9rglRUNpgkyFCvEDeUTLh0LS5fRV4QjMx6_b45U2dva3EUkhvjyIhe0mE1cbHxFH-O8RZdG3q1HQ1bz6C-DWYo5jlYEfKUUXEXZdtBqSkiu17sUxmqej5dCWvO8fGKnvl5RCMrWw%3D%3D&request_ab2=0&zoneid=4862348&js_build=iclick-v1.470.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=4&pl=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.470.0&bs=b2358331-7c4a-42b6-98d0-6fb16e5aa8b8&userId=f1tf837423yb755796232e3a5ivvz337&m=link
139.45.197.243200 OK 1.3 kB URL HTTP/1.1 onmarshtompor.com/?rb=-nxovqy72JxSuAdbarSWvLJLxNGsPReoVoQE23qe20ng55zOQa0dkvaTYZtDEfDEVKmEnsAyyiTdDZFM96gxdPuFkcSYdv9rglRUNpgkyFCvEDeUTLh0LS5fRV4QjMx6_b45U2dva3EUkhvjyIhe0mE1cbHxFH-O8RZdG3q1HQ1bz6C-DWYo5jlYEfKUUXEXZdtBqSkiu17sUxmqej5dCWvO8fGKnvl5RCMrWw%3D%3D&request_ab2=0&zoneid=4862348&js_build=iclick-v1.470.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=4&pl=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.470.0&bs=b2358331-7c4a-42b6-98d0-6fb16e5aa8b8&userId=f1tf837423yb755796232e3a5ivvz337&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (1604), with no line terminators
Hash e968894cbdee1db08139db6ff6d3857a
b09980fdf8bda0ec2c4e450103ff59e6b5ef4f4b
cc60aedcf653c859f7503e0c47efdf48ef159fcaf0de5f8878c8a1d80ba37727
GET /?rb=-nxovqy72JxSuAdbarSWvLJLxNGsPReoVoQE23qe20ng55zOQa0dkvaTYZtDEfDEVKmEnsAyyiTdDZFM96gxdPuFkcSYdv9rglRUNpgkyFCvEDeUTLh0LS5fRV4QjMx6_b45U2dva3EUkhvjyIhe0mE1cbHxFH-O8RZdG3q1HQ1bz6C-DWYo5jlYEfKUUXEXZdtBqSkiu17sUxmqej5dCWvO8fGKnvl5RCMrWw%3D%3D&request_ab2=0&zoneid=4862348&js_build=iclick-v1.470.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=4&pl=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.470.0&bs=b2358331-7c4a-42b6-98d0-6fb16e5aa8b8&userId=f1tf837423yb755796232e3a5ivvz337&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nowlive.me/
Origin: http://nowlive.me
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 9be60ec13919d17c0dcbd88bc761daa8
Access-Control-Allow-Origin: http://nowlive.me
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=f1tf837423yb755796232e3a5ivvz337; expires=Wed, 17 Jan 2024 06:38:36 GMT; path=/
oaidts=1673937516; expires=Wed, 17 Jan 2024 06:38:36 GMT; path=/
syncedCookie=true; expires=Tue, 24 Jan 2023 06:38:36 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=9d1cf9e1-ca30-4649-b4a2-48b983b578f5&ep=QL6BJEEDTDPDTHAQ4PFDFTAA252TFT2CM6BI5IQDQIZVY73NP7CWXHLQVC234OWQUTDDJDQROXUSBQDSQSCFBVDS65C5MJ23EIURNGVJ3UB7D5SG5RBPOGCCJTFI74OQLAT42KU6AQYXZVQNWFB7TEBAPAW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7UBGO647VLGN55GGZ6MJTDXR4E33VTFDO2HOVALEXNHGZ2ICI2EV2UCUFJ4PSWB3NZR2MJPTOZ7T4EVYRVGGHPSFCFCO3OZRTMZZGIB65QXP25VNCMOOHVUEL5YGSNCLNA7JFDVHOTSPV7CNIUYVEVBKAIGZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
157.245.71.143302 Found 0 B URL HTTP/1.1 jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=9d1cf9e1-ca30-4649-b4a2-48b983b578f5&ep=QL6BJEEDTDPDTHAQ4PFDFTAA252TFT2CM6BI5IQDQIZVY73NP7CWXHLQVC234OWQUTDDJDQROXUSBQDSQSCFBVDS65C5MJ23EIURNGVJ3UB7D5SG5RBPOGCCJTFI74OQLAT42KU6AQYXZVQNWFB7TEBAPAW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7UBGO647VLGN55GGZ6MJTDXR4E33VTFDO2HOVALEXNHGZ2ICI2EV2UCUFJ4PSWB3NZR2MJPTOZ7T4EVYRVGGHPSFCFCO3OZRTMZZGIB65QXP25VNCMOOHVUEL5YGSNCLNA7JFDVHOTSPV7CNIUYVEVBKAIGZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
IP 157.245.71.143:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=9d1cf9e1-ca30-4649-b4a2-48b983b578f5&ep=QL6BJEEDTDPDTHAQ4PFDFTAA252TFT2CM6BI5IQDQIZVY73NP7CWXHLQVC234OWQUTDDJDQROXUSBQDSQSCFBVDS65C5MJ23EIURNGVJ3UB7D5SG5RBPOGCCJTFI74OQLAT42KU6AQYXZVQNWFB7TEBAPAW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7UBGO647VLGN55GGZ6MJTDXR4E33VTFDO2HOVALEXNHGZ2ICI2EV2UCUFJ4PSWB3NZR2MJPTOZ7T4EVYRVGGHPSFCFCO3OZRTMZZGIB65QXP25VNCMOOHVUEL5YGSNCLNA7JFDVHOTSPV7CNIUYVEVBKAIGZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D HTTP/1.1
Host: jj.indacorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=ghxirna9vr; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=ghxirna9vr-ghxirna9vr-g6-0-bz6o-9rvr-9ri4-d5e5cc; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
Strict-Transport-Security: max-age=31536000
granorizes.com/ie?v=4
162.55.246.161301 Moved Permanently 0 B IP 162.55.246.161:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 927
Connection: keep-alive
Referer: https://granorizes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Tue, 17 Jan 2023 06:38:35 GMT
content-length: 0
location: https://1bigdeal.site/zy89D9?cost=0.00007¤cy=usd&external_id=cf344r0tak9siav689ag&creative_id=261778&ad_campaign_id=78031&source=158&placement_id=4059380&age=-1
x-app-id: 11
jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=b2581c89-91fa-4e7f-8432-1ac695ea41ab&ep=HG6PA7QD5GNAPACKAI5LEDB6TMLZ6AQU4KIJMYZ75E3LPZ5D3SI4NHG3C4EMFY4VKKNFSYKX3QNE3QDSQSCFBVDS65C5MJ23EIURNGU2ZWDKDCNZIAMK2WOWTS3EHMAPFBA42GWXM4AWYWCK4PVLKWWJXEW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7U6KKY346JVRNH2P7EEWTJSAA3HFQ6OWS7H3HDYJNUYUHFYU7VRTL5HZSPOL7T46K3SWDLROK2WBF3JZFOBACDUVCSTX7YJWZLW3M4B2FX3HIIS2AR77N42R6X2VMKNLGZOS47JCQ6JLJSFAHJTUUFOLU46ZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
157.245.71.143302 Found 0 B URL HTTP/1.1 jj.indacorn.com/index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=b2581c89-91fa-4e7f-8432-1ac695ea41ab&ep=HG6PA7QD5GNAPACKAI5LEDB6TMLZ6AQU4KIJMYZ75E3LPZ5D3SI4NHG3C4EMFY4VKKNFSYKX3QNE3QDSQSCFBVDS65C5MJ23EIURNGU2ZWDKDCNZIAMK2WOWTS3EHMAPFBA42GWXM4AWYWCK4PVLKWWJXEW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7U6KKY346JVRNH2P7EEWTJSAA3HFQ6OWS7H3HDYJNUYUHFYU7VRTL5HZSPOL7T46K3SWDLROK2WBF3JZFOBACDUVCSTX7YJWZLW3M4B2FX3HIIS2AR77N42R6X2VMKNLGZOS47JCQ6JLJSFAHJTUUFOLU46ZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D
IP 157.245.71.143:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.php?key=3toplb3lqosbem32ue6s&feedid=pp103&subid=698580&uuid=b2581c89-91fa-4e7f-8432-1ac695ea41ab&ep=HG6PA7QD5GNAPACKAI5LEDB6TMLZ6AQU4KIJMYZ75E3LPZ5D3SI4NHG3C4EMFY4VKKNFSYKX3QNE3QDSQSCFBVDS65C5MJ23EIURNGU2ZWDKDCNZIAMK2WOWTS3EHMAPFBA42GWXM4AWYWCK4PVLKWWJXEW6RP3DA742R7Y7ORILSVU26DIBBEK5NIKDQDM2HRCV7JGXNFXXQK6IYECFCGMVYYAONZNRKEOWCVUIPG6U4NCYI6GCVMCX3BSCMDS2XUVWBHYRWJGSEVBBSDEBC5FFEJAMJP7ZNJJUX3T43CTPIAJQB3YBL4GEBPWJHWENWUFBPQCC5CGVB4RLEAZ2T7UNQYEACO7A3DYVGZE5G7RQMPHJRS53CLN2I4GKJHEVG2FSHRFFDCS5R7J63NMJ4EQE7U6KKY346JVRNH2P7EEWTJSAA3HFQ6OWS7H3HDYJNUYUHFYU7VRTL5HZSPOL7T46K3SWDLROK2WBF3JZFOBACDUVCSTX7YJWZLW3M4B2FX3HIIS2AR77N42R6X2VMKNLGZOS47JCQ6JLJSFAHJTUUFOLU46ZMA6S2V74D57TG3WD2C4PDSVGQJTV72FNPY4OBJZHXPW6KGGWLBKLLYYBQZ5JA7IXZV7UHMFL7OK2XLM4KSO6SVHRXYBBUOUVAJPWUBXTQNBSPJETMEDUI6IE2DRAVVP2I7MTTSEAE54HDDKIA3DLXL3AFYJP2GLYXVLZBSFIWQYX5RPLI3HUYWSA57A5HHYJQWRRJYECY75NB7PERTOV7EG5KUYAGFDQHQMZKIUFV3L4BTRUKCSNK7LTSOH4BF4DM63JSKY3AN3N4UQZBXQ6P7VVUBJJY4KYFST62OCXQOQXTODWJDMQ5AQ3EDJFB5UVCF3U3EHQTKXWU2S5K4THJFIRXH5ZLTAOYM4TCVZON7GWNTKCMTNLTWDIPH5EDMXNRZVZ4JRO72LWJ6LDN4MQTITWBCZODWIUEFEH645XIBSX5KGLNBY%3D HTTP/1.1
Host: jj.indacorn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=ghxirna98n; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=ghxirna98n-ghxirna98n-g6-0-bz6o-9rvr-9ri4-429ef7; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
Strict-Transport-Security: max-age=31536000
www.freshspins.com/no?btag=1001391_C16E731082C611EDAE940DF8A2DD9FBB_51530993
104.21.19.205200 OK 552 B URL HTTP/2 www.freshspins.com/no?btag=1001391_C16E731082C611EDAE940DF8A2DD9FBB_51530993
IP 104.21.19.205:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 12e2ed698f08017bfb23f20965670c03
32d3d7c5276b0a1e1b797429ca5089ac792c92e7
d8447db8b23a23b7da28118b000be2d38075e94699d18aaa1a94fbc1032b898d
GET /no?btag=1001391_C16E731082C611EDAE940DF8A2DD9FBB_51530993 HTTP/1.1
Host: www.freshspins.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1ElrD%2F2OVxLyC3zLarK4oRnMgXTOUaw%2Fb1eamXbFy6M%2B%2BUkuD4BDxkZTX%2Fs9rJ0M1LtUaBgoInLy%2Fz74VAtVcWgyoQpDKTAgD1r6YGKU8tWXTVNAEKd7kH1fU%2FscnP7TXr8YTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16c3bdfc1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&t=nowlive.me
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&t=nowlive.me
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&t=nowlive.me HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e064a4a246e6ef5513b190c51eb09e5a
b6092aebde33dfd37620c3b30600dc24b833a4b3
016669e3dcf54e814689a2f4fd5a8dab9f11d685862951f49b2d53735be878d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "016669E3DCF54E814689A2F4FD5A8DAB9F11D685862951F49B2D53735BE878D9"
Last-Modified: Mon, 16 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 17 Jan 2023 12:38:36 GMT
Date: Tue, 17 Jan 2023 06:38:36 GMT
Connection: keep-alive
602atqsrihh6.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 602atqsrihh6.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: 602atqsrihh6.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:36 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=w!nowlivepro&dn=TC&cc=1&r=&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
67.202.105.31200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!nowlivepro&dn=TC&cc=1&r=&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
IP 67.202.105.31:0
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!nowlivepro&dn=TC&cc=1&r=&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103 HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
expires: Wed, 18 Jan 2023 06:38:36 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Tue, 17 Jan 2023 06:38:36 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6dbb1ef9e30d097294185de3d3da4d11
8b51858d669e866317821638e6219180cfa7298c
823c2f8ca005a1527b8994f266a302a5a3c60ecf2e8fec239dbb5c26974da5bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "823C2F8CA005A1527B8994F266A302A5A3C60ECF2E8FEC239DBB5C26974DA5BC"
Last-Modified: Tue, 17 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12668
Expires: Tue, 17 Jan 2023 10:09:45 GMT
Date: Tue, 17 Jan 2023 06:38:37 GMT
Connection: keep-alive
ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
go.cm-trk6.com/aff_c?offer_id=6592&aff_id=43922&url_id=10851&aff_sub5=other&click_id=s8hnpa1moraa
172.255.248.105302 Found 314 B URL HTTP/1.1 go.cm-trk6.com/aff_c?offer_id=6592&aff_id=43922&url_id=10851&aff_sub5=other&click_id=s8hnpa1moraa
IP 172.255.248.105:0
File type HTML document, ASCII text, with very long lines (314), with no line terminators
Hash 5e330afcb83ef157f7d3dcdc7446f98a
74937be451dc91674c0a38eb256582343ec66434
55498100b4cc447054216d88df25b604974b9bda8bf7430caf3a7bb88f48c22e
GET /aff_c?offer_id=6592&aff_id=43922&url_id=10851&aff_sub5=other&click_id=s8hnpa1moraa HTTP/1.1
Host: go.cm-trk6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://granorizes.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 17 Jan 2023 06:38:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 314
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.cm-trk6.com; Path=/; Expires=Thu, 16 Feb 2023 06:38:37 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
6592=37_43922_6592_698d757847b41b88b5f6b7c86d006b74; Domain=go.cm-trk6.com; Path=/; Expires=Thu, 16 Feb 2023 06:38:37 GMT
op_6592=10851; Domain=go.cm-trk6.com; Path=/; Expires=Thu, 16 Feb 2023 06:38:37 GMT
user_id=d9d7bace-81ef-48e9-8d7d-24aa052ce896_86effc58611fd686b04b8b78ee078874; Domain=go.cm-trk6.com; Path=/; Expires=Sun, 16 Jan 2028 06:38:37 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Frapidrtr.com%2Fcr.php%3Fcid%3D236%26ACT%3D68155%26TRK%3D43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74.
Vary: Accept
Cache-Control: no-store, no-cache
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6dbb1ef9e30d097294185de3d3da4d11
8b51858d669e866317821638e6219180cfa7298c
823c2f8ca005a1527b8994f266a302a5a3c60ecf2e8fec239dbb5c26974da5bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "823C2F8CA005A1527B8994F266A302A5A3C60ECF2E8FEC239DBB5C26974DA5BC"
Last-Modified: Tue, 17 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12668
Expires: Tue, 17 Jan 2023 10:09:45 GMT
Date: Tue, 17 Jan 2023 06:38:37 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a093b9a3ed44261302adc8dda63a381b
a665b697829e1b63c33a7318525c70d708ddf1c0
088aa932746938247302cc5b594c68d3f8df16d957ede5509af328fe8c9ac681
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "088AA932746938247302CC5B594C68D3F8DF16D957EDE5509AF328FE8C9AC681"
Last-Modified: Tue, 17 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12129
Expires: Tue, 17 Jan 2023 10:00:46 GMT
Date: Tue, 17 Jan 2023 06:38:37 GMT
Connection: keep-alive
go.cm-trk6.com/rd.html?go=https%3A%2F%2Frapidrtr.com%2Fcr.php%3Fcid%3D236%26ACT%3D68155%26TRK%3D43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74.
172.255.248.105200 OK 255 B URL HTTP/1.1 go.cm-trk6.com/rd.html?go=https%3A%2F%2Frapidrtr.com%2Fcr.php%3Fcid%3D236%26ACT%3D68155%26TRK%3D43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74.
IP 172.255.248.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 997bfcab4e7a51023ff8da026ed4374a
35d15ad133e52c1b9dea0b3696a8719521387a9e
070d804ff334e0de872b9ac4c28c1bc578a043771099d2e9556782974ed560a3
Analyzer Verdict Alert fortinet Phishing
GET /rd.html?go=https%3A%2F%2Frapidrtr.com%2Fcr.php%3Fcid%3D236%26ACT%3D68155%26TRK%3D43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74. HTTP/1.1
Host: go.cm-trk6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://granorizes.com/
Connection: keep-alive
Cookie: user_id=d9d7bace-81ef-48e9-8d7d-24aa052ce896_86effc58611fd686b04b8b78ee078874
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Jan 2023 06:38:37 GMT
Content-Type: text/html
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unafeed.com/nlp/index.php?url_bnm_redirect=https://wasaround.com
188.166.0.235200 OK 112 kB URL HTTP/2 unafeed.com/nlp/index.php?url_bnm_redirect=https://wasaround.com
IP 188.166.0.235:0
ASN #14061 DIGITALOCEAN-ASN
Size 112 kB (112310 bytes)
Hash 940a352e3def32918151a33fda57353e
3a18db08899bd33471baf854d549d5cb180402b3
59dab97b8e69b8527412d9ac26b995033c6590c5fdb1ed6a1af3a82325301f9b
GET /nlp/index.php?url_bnm_redirect=https://wasaround.com HTTP/1.1
Host: unafeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Cookie: uclick=e2rnsynt8n; uclickhash=e2rnsynt8n-e2rnsynt8n-h9ej-0-5mgm-h9twvr-2tyd0-de1a8f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Muli:300,400,500,600,700,800,900&display=swap
142.250.74.106200 OK 969 B URL HTTP/2 fonts.googleapis.com/css?family=Muli:300,400,500,600,700,800,900&display=swap
IP 142.250.74.106:0
Hash ae47f4fda0edacdd8d25ec9e49d824d3
c36919da37e85a4d8b85692aaf7ef19e3a9e406e
47e19b9e29f71a1ef947d2497724966adbbb028261864255faed1aa33b2657cb
GET /css?family=Muli:300,400,500,600,700,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 17 Jan 2023 06:38:37 GMT
date: Tue, 17 Jan 2023 06:38:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
67.202.105.33204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103
IP 67.202.105.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!nowlivepro&lm=0&ts=1673937516076&dn=TC&iso=0&pu=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 24 kB IP 142.250.74.131:0
File type gzip compressed data, from Unix\012- data
Hash f96f8a0a1d833e9061da3700b38aa2ce
b0c6c09e2fb7f5951180bd8ebe9835b8ba4cd009
b22b52c038b7f3983201aa25e598eb87c7324acb0cc26b1d1a9034dc054b3cb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 31196, version 1.0\012- data
Hash ea2343c7dccad57360fb611d67204445
b603d9e68bb1ed5e4b33d5e31121160cb4d23452
2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc
GET /s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: null
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Jan 2023 14:34:43 GMT
expires: Thu, 11 Jan 2024 14:34:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 20:43:05 GMT
content-type: font/woff2
age: 489834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wasaround.com/assets/css/0.styles.ddc5af83.css
172.67.174.83200 OK 60 kB URL HTTP/2 wasaround.com/assets/css/0.styles.ddc5af83.css
IP 172.67.174.83:0
Hash 0275fb8fa0953312776eecb449fc492b
03951c6be2081c746e7fc53d0aed58ea02ef8a6c
b8af18837dbb24da2f649e995b068a879358932a9abebaf67b2fcab1f2ad6393
GET /assets/css/0.styles.ddc5af83.css HTTP/1.1
Host: wasaround.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:37 GMT
content-type: text/css
last-modified: Wed, 15 Jun 2022 15:21:30 GMT
etag: W/"62a9f8fa-40cff"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7153
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zEKBbY4YvtO0b5Pn2Y21ZDbK1%2FpfB95qCkbVSmo5b1XrcKV9ut%2FbO1QKGIDlwzIItnt1AgzAF5XvuS7%2F8Dth9Cw7Bfq8JO3%2FU92JDzoy3ly5iDWDpj5LTpJ9JtYn8L6y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16c99ae9b4fd-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-M7GJHRP
142.250.74.40200 OK 39 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-M7GJHRP
IP 142.250.74.40:0
File type ASCII text, with very long lines (1921)
Hash a08ee7aae12a950ad8b54d5208761e15
a78db708e536221254ccf5bc8ae7789096db4041
6a7e85f87d3a72cec49a2bfb54003920ee2af919bec9b46801addb1573579de7
GET /gtm.js?id=GTM-M7GJHRP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 17 Jan 2023 06:38:37 GMT
expires: Tue, 17 Jan 2023 06:38:37 GMT
cache-control: private, max-age=900
last-modified: Tue, 17 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 39138
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6f4934ef37f04950c15313f2cdc6902d
3ed5b8439867115a06edaf046472ee8d271c33ea
3fb58a81be10df91f59e3f6ceed7d607f77409087515cf675ff0d098c482c574
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0cd18c4a19cce4db4c1ee660e9a0a967
a60b429532788a57a53e8674de365ddd84fcf3e4
878401e98ec0ea4de88dad035d00618a4d3f382329f326711f3916b4325aab88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8829249304481108
142.250.74.98200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8829249304481108
IP 142.250.74.98:0
File type ASCII text, with very long lines (4885)
Hash 55398f6645d57cd4071ccf4df8536f85
00ab906a7acbb40ac2f6242c2f86d9cbae1f8360
83a3675010040f88ccfcab2f5c0e5d31062b8404ee128d9bb1b053ea8c5331fa
GET /pagead/js/adsbygoogle.js?client=ca-pub-8829249304481108 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 17 Jan 2023 06:38:37 GMT
expires: Tue, 17 Jan 2023 06:38:37 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6510006459356356557
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49362
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0cd18c4a19cce4db4c1ee660e9a0a967
a60b429532788a57a53e8674de365ddd84fcf3e4
878401e98ec0ea4de88dad035d00618a4d3f382329f326711f3916b4325aab88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 06:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 777a641e61a21014230ad6deb73a66a8
15155448ebfb63958bbb2857bc1bda181a8650ef
1b1603c17fb262a44139be91f6db805337814db0b567a7f62781c76c486243d0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 17 Jan 2023 06:38:37 GMT
Etag: "63c52cfd-1d7"
Last-Modified: Tue, 17 Jan 2023 05:50:11 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h8z4MmjAXA4TNsXJMxB--tRl07srS6k6gZjwAxCFYT-Qfkg-PegPrQ==
Age: 2906
my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0971289a761c0f13b69dd1b0153e9133
d0affa4cce6dbcdeab30ae124efe1a6ca2c56495
918f458b2476488dc579014c2441305498b303583a0faaf61e2a8617af10d7ff
GET /gid.js?userId=f1tf837423yb755796232e3a5ivvz337 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Cookie: ID=52b437f460064f0982defff96e780d70
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://nowlive.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=52b437f460064f0982defff96e780d70; expires=Wed, 17 Jan 2024 06:38:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.adexchangeguru.com/script/i.php?stamat=m%257C%252C%252CAhdnYia_tGU3Bk-GH0dEdHP3xP.80b%252CR8GcppAJDivPQqBDXuTbO4eeai3nixCJ18HNvv58iMDnI1gxHV6Q752XapTKrB7bgx7S40igmgpcOXLRfZj2d3AlmG6g5qm6ndeD6gNXUyR3ZqO8ih55u98NOnm6B_dkNwipJilC9IBUNJS8GMcO5Jje-ywlLn75uwwAy7Jlepo32I_V6vz1LQqL0FXlKjbqspCSLodysWNIgkkNCK03Uag9Eh-1MU1xXN55PhVhwfToBVSCeNrz8zhAUX_6K8Baj-zGa-WAqhenMRg2v9rt3q7NbkxBkIWMtJj2jI7-OhnoVxA_4Zl5f5UeOArLZz8K-2mc7y3iuqY7vlOojXQ4tBa38FSpdDzFj-rZG3pykIuJ8qBhfXeu1ky0W45FkYsrNGnRNN-ataEowryMDqMbOCicxe1ZHPJ8rq-11MhqJklZNgHoopnCgZsibT13ngDTwkTJVDtrYqvfcxPizgpBJKkF-lHye4qM_xqAAjIGD2p8VCuFybwxtiEsSlZpOnydSgqiN5ibD__nTo17WZe_o4VARFPsXlbtnl4UZcVrVFk%252C
35.201.126.110204 No Content 0 B URL HTTP/1.1 www.adexchangeguru.com/script/i.php?stamat=m%257C%252C%252CAhdnYia_tGU3Bk-GH0dEdHP3xP.80b%252CR8GcppAJDivPQqBDXuTbO4eeai3nixCJ18HNvv58iMDnI1gxHV6Q752XapTKrB7bgx7S40igmgpcOXLRfZj2d3AlmG6g5qm6ndeD6gNXUyR3ZqO8ih55u98NOnm6B_dkNwipJilC9IBUNJS8GMcO5Jje-ywlLn75uwwAy7Jlepo32I_V6vz1LQqL0FXlKjbqspCSLodysWNIgkkNCK03Uag9Eh-1MU1xXN55PhVhwfToBVSCeNrz8zhAUX_6K8Baj-zGa-WAqhenMRg2v9rt3q7NbkxBkIWMtJj2jI7-OhnoVxA_4Zl5f5UeOArLZz8K-2mc7y3iuqY7vlOojXQ4tBa38FSpdDzFj-rZG3pykIuJ8qBhfXeu1ky0W45FkYsrNGnRNN-ataEowryMDqMbOCicxe1ZHPJ8rq-11MhqJklZNgHoopnCgZsibT13ngDTwkTJVDtrYqvfcxPizgpBJKkF-lHye4qM_xqAAjIGD2p8VCuFybwxtiEsSlZpOnydSgqiN5ibD__nTo17WZe_o4VARFPsXlbtnl4UZcVrVFk%252C
IP 35.201.126.110:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script/i.php?stamat=m%257C%252C%252CAhdnYia_tGU3Bk-GH0dEdHP3xP.80b%252CR8GcppAJDivPQqBDXuTbO4eeai3nixCJ18HNvv58iMDnI1gxHV6Q752XapTKrB7bgx7S40igmgpcOXLRfZj2d3AlmG6g5qm6ndeD6gNXUyR3ZqO8ih55u98NOnm6B_dkNwipJilC9IBUNJS8GMcO5Jje-ywlLn75uwwAy7Jlepo32I_V6vz1LQqL0FXlKjbqspCSLodysWNIgkkNCK03Uag9Eh-1MU1xXN55PhVhwfToBVSCeNrz8zhAUX_6K8Baj-zGa-WAqhenMRg2v9rt3q7NbkxBkIWMtJj2jI7-OhnoVxA_4Zl5f5UeOArLZz8K-2mc7y3iuqY7vlOojXQ4tBa38FSpdDzFj-rZG3pykIuJ8qBhfXeu1ky0W45FkYsrNGnRNN-ataEowryMDqMbOCicxe1ZHPJ8rq-11MhqJklZNgHoopnCgZsibT13ngDTwkTJVDtrYqvfcxPizgpBJKkF-lHye4qM_xqAAjIGD2p8VCuFybwxtiEsSlZpOnydSgqiN5ibD__nTo17WZe_o4VARFPsXlbtnl4UZcVrVFk%252C HTTP/1.1
Host: www.adexchangeguru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.adexchangeguru.com/ad/display.php?stamat=m%257C%252CQojYjtiPqB1dAN0dEdHP3xP.32b%252CZMkKdRAQlkuDbgTABrav5AzGjvbfIMXnrKKTJkv9QZ_gamZlmR42Wx3LqpbIQaBKD6x-aV0SDJIYaRLJzaTYnciZE_tfzzyUx08dG4HFQgI%252C&cbpage=http://www.sjumbotv.me/ads1.htm&cbur=0.550414909884732&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.me%2F
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 17 Jan 2023 06:38:37 GMT
Access-Control-Allow-Origin: *
Via: 1.1 google
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash d76e611255f31c815ba7757e4c6af085
125675a9cb82c73270c1c55c775e2a077a37d0f6
274815d33c0f19105bed9dfb2fa32d684cc5d23810b5f90ebfb09d7d043e8974
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 17 Jan 2023 06:38:38 GMT
Etag: "63c5b27b-1d7"
Last-Modified: Tue, 17 Jan 2023 06:04:29 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bX8nnLK4WBZgOD0syFX7TyptTCwlM14QmAbqkXMYetwIn0MDZ45lXA==
Age: 2049
my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=f1tf837423yb755796232e3a5ivvz337
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0971289a761c0f13b69dd1b0153e9133
d0affa4cce6dbcdeab30ae124efe1a6ca2c56495
918f458b2476488dc579014c2441305498b303583a0faaf61e2a8617af10d7ff
GET /gid.js?userId=f1tf837423yb755796232e3a5ivvz337 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Cookie: ID=52b437f460064f0982defff96e780d70
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:38 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://nowlive.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=52b437f460064f0982defff96e780d70; expires=Wed, 17 Jan 2024 06:38:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dbcdd710186f38311b7b0acdaaa91a1b
91ee13beba7d45e6f40366dc109a38370277d896
b7d24b52dc0a52eefffe19bc19917f4656a43243148478a1b66073d10e49b3d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7D24B52DC0A52EEFFFE19BC19917F4656A43243148478A1B66073D10E49B3D8"
Last-Modified: Sun, 15 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 17 Jan 2023 12:38:39 GMT
Date: Tue, 17 Jan 2023 06:38:39 GMT
Connection: keep-alive
landerflows.com/src/click12/css/animate.min.css
207.120.33.5200 OK 5.9 kB URL HTTP/2 landerflows.com/src/click12/css/animate.min.css
IP 207.120.33.5:0
File type ASCII text, with very long lines (57790), with CRLF line terminators
Hash 7c2562592ef68bf7831897bd2f07ec14
00785a97d117ea713d661025972e7dc08e1bc5c5
b7d26bacfb40a71187963c6b666160879813653ed880c08062c8911a9bbe9640
GET /src/click12/css/animate.min.css HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: text/css
content-length: 5866
last-modified: Thu, 07 Jan 2021 16:10:13 GMT
etag: W/"5ff73265-e28d"
content-encoding: gzip
section-io-cache-id: cb460e5040924c6e68523722394894db
vary: Accept-Encoding
x-varnish: 452479 745014
age: 4655
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 496ab76cf2fd532a57d4b36e548ade3c
X-Firefox-Spdy: h2
landerflows.com/src/click12/img/no-mute.png
207.120.33.5200 OK 7.8 kB URL HTTP/2 landerflows.com/src/click12/img/no-mute.png
IP 207.120.33.5:0
File type PNG image data, 413 x 337, 8-bit/color RGBA, non-interlaced\012- data
Hash 04b36d021d910f3d98b77e7e71717700
5d3e42784ebf508d39528c5bb5fd9d666649b933
b157d878db142022a09fe469e223c5e7fc567bd3ee468481b17c9421bbf06e6a
GET /src/click12/img/no-mute.png HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: image/png
content-length: 7777
last-modified: Thu, 07 Jan 2021 16:10:13 GMT
etag: "5ff73265-1e61"
section-io-cache-id: 73ec7fb396aff6ab9ba4243cd0788959
x-varnish: 1368679 1697134
age: 4636
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: db9545d5a9f432aa591f8d2617e89303
X-Firefox-Spdy: h2
landerflows.com/src/click12/img/mute.png
207.120.33.5200 OK 3.6 kB URL HTTP/2 landerflows.com/src/click12/img/mute.png
IP 207.120.33.5:0
File type PNG image data, 370 x 322, 8-bit/color RGBA, non-interlaced\012- data
Hash 81c68667e33c31747a20b6839c3c3d3a
a60f7607bbece07e116f6d597fe7ddeef372fdd9
2055d2604c03203348da7717897338e8678ac218cdd60b8360bf59ed238b3814
GET /src/click12/img/mute.png HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: image/png
content-length: 3632
last-modified: Thu, 07 Jan 2021 16:10:13 GMT
etag: "5ff73265-e30"
section-io-cache-id: 14c9ed6ef0adbb1f65b44e5311a09303
x-varnish: 611810 643885
age: 4606
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: d8463320d95f978fffd154e76ee86d4e
X-Firefox-Spdy: h2
landerflows.com/src/click12/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
207.120.33.5200 OK 59 kB URL HTTP/2 landerflows.com/src/click12/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
IP 207.120.33.5:0
Hash dd94c621cd3ffefb3a4a38fe87818efe
ea110cc855166dfbf44eede8610e918d1956db35
8fb0a777a63db3dcf11d89c4e686c3bfb78d50a106c69f13c5d8aff016978da9
GET /src/click12/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089 HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 873019
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 5a779c70789e4a6d9739ea40e7f4c131
X-Firefox-Spdy: h2
landqck.com/ep.php/prmagms:72266/68155:43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
44.239.224.184302 Found 31 kB URL HTTP/2 landqck.com/ep.php/prmagms:72266/68155:43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
IP 44.239.224.184:0
File type PNG image data, 924 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a51f3e0a24d68115db8085de8712183
60b51c90c6bd8eac5cee3c75e41931126a38c163
c8588b668aedbd9395b341fe430e7f71b27d9c25eb681216d4d0b0d80a0c8556
GET /ep.php/prmagms:72266/68155:43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089 HTTP/1.1
Host: landqck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 17 Jan 2023 06:38:38 GMT
content-type: text/html; charset=UTF-8
location: https://landerflows.com/src/click12/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
set-cookie: AWSALB=VSVCnZJg2V4aGgtHgqsl8/TwfGQ+Lfksk4CI+n8irtkspabT2LJS3NrmkmpswiuMjGen7U386k+MhAR3BymQ6HAbquInG/ICDacMTg6S/JUNbq7+PYLSbx3uKpBg; Expires=Tue, 24 Jan 2023 06:38:38 GMT; Path=/
AWSALBCORS=VSVCnZJg2V4aGgtHgqsl8/TwfGQ+Lfksk4CI+n8irtkspabT2LJS3NrmkmpswiuMjGen7U386k+MhAR3BymQ6HAbquInG/ICDacMTg6S/JUNbq7+PYLSbx3uKpBg; Expires=Tue, 24 Jan 2023 06:38:38 GMT; Path=/; SameSite=None; Secure
vip_id=68155.47403-1146845; expires=Fri, 20-Jan-2023 06:38:38 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2
antiadblocksystems.com/eTjU.htm?_=BQFiAAAAAAAACZUAAqq9I_Wi0PntBY0oV8yEQ6zf3h-3epreZxcmCzHHLXrASAFUC34i_c8X3e4aPWM47vJ5oWMHuiTug4a8G1T0Dt0bHk5rqcMpBevV7hrx562m-ir6-V8rRzGDr1IGW-TrGAyxHaqsjprPndai0y6DNS2TS7zMcvOK4-PCeNVhmzILDB3sRvDEkohNK16opfNwMftBpzV6w3JVEtUXQlGprbsxAKHPKnEGhmPYn4Fseqot2WzNEBzTSqpKCJR9vB1cCdBhAlKBs3RMvFE391kcoJuGQRJZsQdgHmh54XVJV0OIocI3SVCrXp37zcC9OQKmt23y75AQ-2k3AqqopTF90ou_-RWnaYYCJCwpVuCnN0VlzPdpGIC-XOKvxPYt6h-mzMFB7k_cQ5djxBWin5eRtdj96l2vu0V7rN_USyWDFIlzSYyE48PilUZWWYEnaBVN_voUFq3u1zQ5E2PjhXkoQIY&v=4&oLTpatwg=4882545&minBid=&INfwnEue=0,0&HeZcwdIS=&BpxIbReX=&s=1280,1024,1,1280,1024,0
208.95.113.2200 OK 44 B URL HTTP/1.1 antiadblocksystems.com/eTjU.htm?_=BQFiAAAAAAAACZUAAqq9I_Wi0PntBY0oV8yEQ6zf3h-3epreZxcmCzHHLXrASAFUC34i_c8X3e4aPWM47vJ5oWMHuiTug4a8G1T0Dt0bHk5rqcMpBevV7hrx562m-ir6-V8rRzGDr1IGW-TrGAyxHaqsjprPndai0y6DNS2TS7zMcvOK4-PCeNVhmzILDB3sRvDEkohNK16opfNwMftBpzV6w3JVEtUXQlGprbsxAKHPKnEGhmPYn4Fseqot2WzNEBzTSqpKCJR9vB1cCdBhAlKBs3RMvFE391kcoJuGQRJZsQdgHmh54XVJV0OIocI3SVCrXp37zcC9OQKmt23y75AQ-2k3AqqopTF90ou_-RWnaYYCJCwpVuCnN0VlzPdpGIC-XOKvxPYt6h-mzMFB7k_cQ5djxBWin5eRtdj96l2vu0V7rN_USyWDFIlzSYyE48PilUZWWYEnaBVN_voUFq3u1zQ5E2PjhXkoQIY&v=4&oLTpatwg=4882545&minBid=&INfwnEue=0,0&HeZcwdIS=&BpxIbReX=&s=1280,1024,1,1280,1024,0
IP 208.95.113.2:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /eTjU.htm?_=BQFiAAAAAAAACZUAAqq9I_Wi0PntBY0oV8yEQ6zf3h-3epreZxcmCzHHLXrASAFUC34i_c8X3e4aPWM47vJ5oWMHuiTug4a8G1T0Dt0bHk5rqcMpBevV7hrx562m-ir6-V8rRzGDr1IGW-TrGAyxHaqsjprPndai0y6DNS2TS7zMcvOK4-PCeNVhmzILDB3sRvDEkohNK16opfNwMftBpzV6w3JVEtUXQlGprbsxAKHPKnEGhmPYn4Fseqot2WzNEBzTSqpKCJR9vB1cCdBhAlKBs3RMvFE391kcoJuGQRJZsQdgHmh54XVJV0OIocI3SVCrXp37zcC9OQKmt23y75AQ-2k3AqqopTF90ou_-RWnaYYCJCwpVuCnN0VlzPdpGIC-XOKvxPYt6h-mzMFB7k_cQ5djxBWin5eRtdj96l2vu0V7rN_USyWDFIlzSYyE48PilUZWWYEnaBVN_voUFq3u1zQ5E2PjhXkoQIY&v=4&oLTpatwg=4882545&minBid=&INfwnEue=0,0&HeZcwdIS=&BpxIbReX=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: antiadblocksystems.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nowlive.me/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Tue, 17 Jan 2023 06:38:39 GMT
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 72a93f7e22459283f865a80e533eb257
b02445edc39743f21dae622490c3c4ad88fc3a76
d8a63e319ea6c6add06dc92045209412398981cab3bf1a31c13bef678ef67cd3
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 21 Jan 2023 04:07:17 GMT
ETag: "b02445edc39743f21dae622490c3c4ad88fc3a76"
Last-Modified: Tue, 17 Jan 2023 04:07:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16dbf920b4f7-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 72a93f7e22459283f865a80e533eb257
b02445edc39743f21dae622490c3c4ad88fc3a76
d8a63e319ea6c6add06dc92045209412398981cab3bf1a31c13bef678ef67cd3
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 21 Jan 2023 04:07:17 GMT
ETag: "b02445edc39743f21dae622490c3c4ad88fc3a76"
Last-Modified: Tue, 17 Jan 2023 04:07:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16deda22b523-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a81660e76bb6fb96f2e953953a1ae8a0
7dce5aa1d3aade64495703d331bb8849e1451a44
9cfd47ce090a5955091a3d0eccfc37fe5728d9d26124f30e049b85eb80d50dc5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9CFD47CE090A5955091A3D0ECCFC37FE5728D9D26124F30E049B85EB80D50DC5"
Last-Modified: Mon, 16 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 17 Jan 2023 12:38:41 GMT
Date: Tue, 17 Jan 2023 06:38:41 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
142.250.74.106200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://bsrvtn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 13 Jan 2023 11:09:31 GMT
expires: Sat, 13 Jan 2024 11:09:31 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
age: 329350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/compactML/css/epcclgxcg.css
207.120.33.41200 OK 6.5 kB URL HTTP/2 bsrvtn.com/common_tpls/compactML/css/epcclgxcg.css
IP 207.120.33.41:0
File type ASCII text, with very long lines (35126), with no line terminators
Hash 298d279995e9c4c951a2fc0a77f1cf02
1cf2f61cc056eb88a8b1fe09ab05386f50fa3231
8165b3d7ae80d2684d7d6e5b3ca2b2900f11fee6eb9d7f86df8d2de9ea73a55e
GET /common_tpls/compactML/css/epcclgxcg.css HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: text/css
content-length: 6480
last-modified: Wed, 03 Mar 2021 16:49:48 GMT
etag: W/"603fbe2c-8936"
content-encoding: gzip
section-io-cache-id: ef43e152265b81361744bcf4186d1ce7
vary: Accept-Encoding
x-varnish: 808989 189139
age: 4409
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: d973b3caa0c2a14831c837c4f13cc589
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/images/icons/email.png
207.120.33.41200 OK 1.3 kB URL HTTP/2 bsrvtn.com/common_tpls/images/icons/email.png
IP 207.120.33.41:0
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
GET /common_tpls/images/icons/email.png HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: 9b77b711952262981190df8e340c09ba
x-varnish: 808991 837223
age: 4690
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 8fed0e632654bdab42607d775992bad3
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/images/ajax-loader.gif
207.120.33.41200 OK 3.2 kB URL HTTP/2 bsrvtn.com/common_tpls/images/ajax-loader.gif
IP 207.120.33.41:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355
GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
section-io-cache-id: 252f112863c84f4bfec5df00e212aaaf
x-varnish: 611829 1420553
age: 4523
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: ed41343f2cddf249cf8d01a3c6f299e7
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/images/icons/password.png
207.120.33.41200 OK 1.5 kB URL HTTP/2 bsrvtn.com/common_tpls/images/icons/password.png
IP 207.120.33.41:0
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74
GET /common_tpls/images/icons/password.png HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: 679067b829b68e3df6ec541cba697b77
x-varnish: 611830 1697035
age: 4659
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 04335793ad38b355f4d571186eeeea46
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/images/icons/fname.png
207.120.33.41200 OK 1.6 kB URL HTTP/2 bsrvtn.com/common_tpls/images/icons/fname.png
IP 207.120.33.41:0
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c846870756544f39604e671d4111b9d
304938c74246e228fa82d8ca40201c3db6098074
d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d
GET /common_tpls/images/icons/fname.png HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: image/png
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:52:02 GMT
etag: "5a1dcc72-671"
section-io-cache-id: 3e3b30b2f4338f76dd078e76cec55c4a
x-varnish: 808992 837266
age: 4687
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 7d1b9e5f7fa8accf1b4cff74f41479e3
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/images/icons/address.png
207.120.33.41200 OK 1.2 kB URL HTTP/2 bsrvtn.com/common_tpls/images/icons/address.png
IP 207.120.33.41:0
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash b579e9868402d708e54e1a980166c444
1c58e2890b934c0b1ab057f3ac28bedd2a082d19
67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb
GET /common_tpls/images/icons/address.png HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: image/png
content-length: 1167
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-48f"
section-io-cache-id: 33108f810b87d62233c8cf606a61450d
x-varnish: 611831 1820348
age: 4652
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 885bf8a439d198134ee161aad0d692e8
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
152.199.19.160200 OK 20 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP 152.199.19.160:0
File type ASCII text, with very long lines (65371)
Hash 7e2bb6028f0b19917a1a2d1944fc72b1
e1837fc75ee2ddd24c6e1df6b309ea212b57e681
cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5
GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 18664257
cache-control: public,max-age=31536000
content-type: text/css
date: Tue, 17 Jan 2023 06:38:41 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
152.199.19.160200 OK 9.8 kB URL HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP 152.199.19.160:0
File type ASCII text, with very long lines (32033)
Hash 432ca07a1a844dbb27f9e0ab0d468be5
7fdaf858d702f84536a515c675b4028ce2eb0cfa
12732099d21835fabf83a93eec52f7cf1847cd64a0572d18917b2e13b06d5cf0
GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://bsrvtn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 15570066
cache-control: public,max-age=31536000
content-type: application/javascript
date: Tue, 17 Jan 2023 06:38:41 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Moz: prefetch
Connection: keep-alive
Referer: http://c.adsco.re/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:41 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=10
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Max-Age: 2592000
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ad16e7ed88b503-OSL
alt-svc: h2=":443"; ma=60
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Moz: prefetch
Connection: keep-alive
Referer: http://c.adsco.re/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 06:38:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
wasaround.com/assets/js/page--src--pages--index-vue.e25004dc.js
172.67.174.83200 OK 8.3 kB URL HTTP/2 wasaround.com/assets/js/page--src--pages--index-vue.e25004dc.js
IP 172.67.174.83:0
File type Unicode text, UTF-8 text, with very long lines (27832)
Hash 59616804aa6cb7b6c21ae1dd36a33a4e
6d3648d329d7bf1d84085ee0640d68517922d3bb
3393a0226dab48bb94316fa3c91965d0953718ec2dddf1600d6287c963c1314b
GET /assets/js/page--src--pages--index-vue.e25004dc.js HTTP/1.1
Host: wasaround.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:37 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 15:21:30 GMT
etag: W/"62a9f8fa-fca"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7153
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ki044K3h9N126TGpsqHr6e5Dn3ALRlEz8syBh6toCV41QvGevyeAWViuUaaIy1pJhX9mSSupKdK0aByns5GvJN0irCXy1EmzBW9EHXZ4jAeSmXmH2F83IEB9o6HVbNDz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16c99aeeb4fd-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
104.18.23.52200 OK 4.2 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP 104.18.23.52:0
File type ASCII text, with very long lines (26366)
Hash 7fd743485fa194e25e2a207bff6c258a
97c999d752b95ee1ed6271a29aa58109dc17281e
dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:42 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 78ad16e79b970b45-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
104.18.23.52200 OK 54 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP 104.18.23.52:0
File type ASCII text, with very long lines (65397)
Hash dc9270247a97f75913a5d8934c24de03
ed9b0fa01b552571f99d529ed355b2ba91cfc48d
847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:42 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 78ad16e79b940b45-OSL
X-Firefox-Spdy: h2
bsrvtn.com/acct/trk/?rtid=31348304929
207.120.33.41200 OK 10 B URL HTTP/2 bsrvtn.com/acct/trk/?rtid=31348304929
IP 207.120.33.41:0
File type JSON data\012- , ASCII text, with no line terminators
Hash dc0f01fffdaf321f88bb09834b6f586f
f20e9b9668b3827ddefac09fa93f0ef40a69dff7
7b7f065e8be677aa8faee71e729879d4901e7f10ae37683a64056a6efd473cf7
OPTIONS /acct/trk/?rtid=31348304929 HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:42 GMT
content-type: text/json;charset=UTF-8
content-length: 10
set-cookie: PHPSESSID=7131b730d783fb4cc580cb49c71be3b4; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 288355
age: 0
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Miss
section-io-id: 77d1093e52e7058dbfe04daf9cea1443
X-Firefox-Spdy: h2
releases.flowplayer.org/7.2.6/flowplayer.min.js
143.204.55.18200 OK 0 B URL HTTP/2 releases.flowplayer.org/7.2.6/flowplayer.min.js
IP 143.204.55.18:0
GET /7.2.6/flowplayer.min.js HTTP/1.1
Host: releases.flowplayer.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 167872
last-modified: Tue, 17 Apr 2018 11:12:23 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 16 Jan 2023 08:40:35 GMT
etag: "753e989f05e4af4dc76909ea9b464f05"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7nk2xJxwYgdOWGpdJ1-Vtypl7rdxgFHy4wR5ASFp_W0ioym5rRisYw==
age: 79080
vary: Origin
X-Firefox-Spdy: h2
bedrapiona.com/5/4862348/?oo=1&js_build=iclick-v1.470.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/4862348/?oo=1&js_build=iclick-v1.470.0
IP 139.45.197.234:0
GET /5/4862348/?oo=1&js_build=iclick-v1.470.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: application/json
x-trace-id: e47a44dedebb64f2b33c1a2a29a1c4b1
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://nowlive.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=52b437f460064f0982defff96e780d70; expires=Wed, 17 Jan 2024 06:38:35 GMT; path=/; secure; SameSite=None
oaidts=1673937515; expires=Wed, 17 Jan 2024 06:38:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
172.66.43.170301 Moved Permanently 0 B URL HTTP/2 affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
IP 172.66.43.170:0
GET /clk/C16E731082C611EDAE940DF8A2DD9FBB HTTP/1.1
Host: affmore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Tue, 17 Jan 2023 06:38:35 GMT
location: https://backoffice.affmore.com/clk/C16E731082C611EDAE940DF8A2DD9FBB
cache-control: max-age=3600
expires: Tue, 17 Jan 2023 07:38:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8huGVeQnT3BD%2FswBp%2Fy3FsM%2F4oXKa6U0o3DIOTBoZA6wnL78cKLEhHVjq0eHKp4qcRIfxxWMaeTT%2BIL9giiXxGp6Jtv6NmuL1VbyJ9M3HoYEEGKQonaVuBvITBR8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16c2ddcab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/js/validate_form_v2.js?jsv=31
207.120.33.41200 OK 0 B URL HTTP/2 bsrvtn.com/common_tpls/js/validate_form_v2.js?jsv=31
IP 207.120.33.41:0
GET /common_tpls/js/validate_form_v2.js?jsv=31 HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 10 Jan 2023 21:04:24 GMT
etag: W/"63bdd2d8-62bd"
section-io-cache-id: 158bb9eabea4d47702ace0a58203bea8
x-varnish: 808990 872267
age: 4691
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 7c3c0ef97e799469bcb614df7f1371f8
X-Firefox-Spdy: h2
landerflows.com/src/click12/css/base2.css
207.120.33.5200 OK 0 B URL HTTP/2 landerflows.com/src/click12/css/base2.css
IP 207.120.33.5:0
GET /src/click12/css/base2.css HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 02 Mar 2021 21:27:11 GMT
etag: W/"603eadaf-239f"
section-io-cache-id: cbdd6079df7c31e7c3efe5b3cfbafcee
x-varnish: 873021 1100932
age: 4658
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 7449e6beb5a9392802bdb20d72f21147
X-Firefox-Spdy: h2
t.dtscout.com/i/?l=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&j=
141.101.120.11200 OK 0 B URL HTTP/2 t.dtscout.com/i/?l=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&j=
IP 141.101.120.11:0
GET /i/?l=http%3A%2F%2Fnowlive.me%2F2%2F103.html%3Fid%3D103&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: application/javascript
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Tue, 17-Jan-2023 08:01:55 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Tue, 17-Jan-2023 10:38:35 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1673937515; Domain=dtscout.com; Expires=Thu, 27-Apr-2023 06:38:35 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.54
expires: Tue, 17 Jan 2023 06:38:34 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVSQ%2BsbV2U6oTMSX29cd2fNN1S7nGOWjY0W1baz3gYGzhQ0I%2FlnW%2FZ%2BSfwhhsPK5q%2Fa7SCUMgHb2WfG3G%2BNri380BsElpnci4dPUajqQwU%2BxMVsdzIHZRwrA%2BSy7W%2F0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad16bd696c0a28-ARN
content-encoding: br
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?r=2475779&sub1=4059380
35.190.38.40200 OK 0 B URL HTTP/2 adspredictiv.com/jump/next.php?r=2475779&sub1=4059380
IP 35.190.38.40:0
GET /jump/next.php?r=2475779&sub1=4059380 HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://granorizes.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
188.166.0.235302 Found 0 B URL HTTP/2 unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
IP 188.166.0.235:0
ASN #14061 DIGITALOCEAN-ASN
GET /click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103 HTTP/1.1
Host: unafeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html; charset=UTF-8
location: https://unafeed.com/nlp/index.php?url_bnm_redirect=https://wasaround.com
set-cookie: uclick=e2rnsyntbl; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
uclickhash=e2rnsyntbl-e2rnsyntbl-h9ej-0-5mgm-h9twvr-2tyd0-8df28a; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
bsrvtn.com/common_tpls/js/form_support.js?v=1101202201
207.120.33.41200 OK 0 B URL HTTP/2 bsrvtn.com/common_tpls/js/form_support.js?v=1101202201
IP 207.120.33.41:0
GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: bsrvtn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bsrvtn.com/
Cookie: PHPSESSID=5ae61922366656d3ec03b9b948a78504
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:41 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: 426a0f6a191ac290acbb7db7ffc40ab1
x-varnish: 611828 1697100
age: 4644
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: dda2d97fa88515fd4ed6fd2fcea51c38
X-Firefox-Spdy: h2
cdn.tynt.com/tc.js
172.64.151.83200 OK 0 B IP 172.64.151.83:0
GET /tc.js HTTP/1.1
Host: cdn.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 20:39:09 GMT
vary: Accept-Encoding
etag: W/"63bdcced-4571"
content-encoding: gzip
cf-cache-status: HIT
age: 35791
expires: Fri, 20 Jan 2023 06:38:36 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 78ad16c37b20b505-OSL
X-Firefox-Spdy: h2
semygruja.com/bg3/V.0KPf3vp/vEbDmiVEJGZNDm0g0/NejGEH5-NyDdcxxtLxTtQp2pMvT/kz0aNTzJIp
88.85.94.246200 OK 0 B URL HTTP/2 semygruja.com/bg3/V.0KPf3vp/vEbDmiVEJGZNDm0g0/NejGEH5-NyDdcxxtLxTtQp2pMvT/kz0aNTzJIp
IP 88.85.94.246:0
GET /bg3/V.0KPf3vp/vEbDmiVEJGZNDm0g0/NejGEH5-NyDdcxxtLxTtQp2pMvT/kz0aNTzJIp HTTP/1.1
Host: semygruja.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Tue, 17 Jan 2023 06:38:36 GMT
x-frame-options: DENY
referrer-policy: no-referrer
set-cookie: kadCCap=184246:1:1673859446;171526:1:1673628579;220335:1:1670435916;218693:1:1669515516;221398:1:1673858145;215297:1:1671843330;223255:1:1670393482;199455:1:1668245056;218665:1:1673777741;212269:1:1667199062;220790:1:1668460505;219484:1:1667715065;221352:1:1670163762;132751:1:1673918519;222555:1:1671433227;219047:1:1667194435;101716:1:1672946010;194136:1:1673252766;79610:1:1673775102;222513:1:1671568408;223454:1:1673698373;219652:1:1669330335;222582:1:1673752223;222775:1:1671023864; max-age=1705473516; path=/
kadACap=444748:1:1669841678;446013:1:1668228435;450649:1:1673919260;453850:1:1671627132;419293:1:1671780919;424441:1:1673840980;410256:1:1673930000;424443:1:1673201378;442019:1:1673927198;410252:1:1673830005;445788:1:1669918420;407100:1:1668246232;446716:1:1673792717;445735:1:1669286676;406293:1:1673859446;462327:1:1673736144;451147:1:1673144472;446531:1:1669270846;453839:1:1672548072;451139:1:1673769293;419301:1:1673205268;444785:1:1671894608;424445:1:1673567393;458041:1:1670526590;458498:1:1672536671;410254:1:1671377581;398832:1:1672025828;346329:1:1670226206;419321:1:1673788305;419295:1:1673143817;460522:1:1673770212;346327:1:1673936434;441369:1:1671297690;419303:1:1673768004;446720:1:1673740763;454815:1:1673736038;446714:1:1671329420;453831:1:1673739571;383700:1:1673778447;458045:1:1670528140;419299:1:1670986713;404163:1:1673226439;419297:1:1670740668;446498:1:1671420411;445081:1:1671894608;419291:1:1673753909;445506:1:1669286676;449523:1:1670210030;419323:1:1672975053;451724:1:1669565807;389299:1:1673726804;446718:1:1673822115;456883:1:1671781891;320498:1:1673937516;190964:1:1673775102;401659:1:1673234153;445499:1:1670164226;272913:1:1673716337;417177:1:1673816095; max-age=1705473516; path=/
kadCSCap=221398:1:1673858145;132751:1:1673918519;184246:1:1673859446; path=/
kadASCap=442019:1:1673927198;320498:1:1673937516;410256:1:1673930000;346327:1:1673936434;406293:1:1673859446;450649:1:1673919260; path=/
kadRPixJ=bnVsbA==; max-age=1705473516; path=/
kadUnP3=CAMQkMqYngYaDQjzwZkBEAEYsvyYngYaDQioiJcCEAIYk4WVngYaDQjdzZkCEAEYkMqYngYaDQiJ25kCEAIY4ZiUngYaDQjP+ZkCEAEY7ISZngYiCggDEAMYkMqYngYqDAiMvRIQARiy/JieBioMCKSTKBACGJOFlZ4GKgwI4rwoEAEYkMqYngYqDAilvigQAhjhmJSeBioMCOnBKBABGOyEmZ4G; max-age=1705473516; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
rapidrtr.com/cr.php?cid=236&ACT=68155&TRK=43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74.
50.112.176.215302 Found 0 B URL HTTP/2 rapidrtr.com/cr.php?cid=236&ACT=68155&TRK=43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74.
IP 50.112.176.215:0
GET /cr.php?cid=236&ACT=68155&TRK=43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74. HTTP/1.1
Host: rapidrtr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 17 Jan 2023 06:38:37 GMT
content-type: text/html; charset=UTF-8
location: https://landqck.com/ep.php/prmagms:72266/68155:43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089
set-cookie: AWSALB=+EV6Gkq6Bly8bzTbFW3H6+JpJm6HyE5i/DthotlsJmbfo++XmeJ0U8068g/l9Mi841dr4eZEUy0xBEzCi1G9vL4DYkcYpYylyYarKoy0tLDRE++jMrQBONvIMLRQ; Expires=Tue, 24 Jan 2023 06:38:37 GMT; Path=/
AWSALBCORS=+EV6Gkq6Bly8bzTbFW3H6+JpJm6HyE5i/DthotlsJmbfo++XmeJ0U8068g/l9Mi841dr4eZEUy0xBEzCi1G9vL4DYkcYpYylyYarKoy0tLDRE++jMrQBONvIMLRQ; Expires=Tue, 24 Jan 2023 06:38:37 GMT; Path=/; SameSite=None; Secure
hskp=FSlp011623917%2C; expires=Tue, 31-Jan-2023 06:38:37 GMT; Max-Age=1209600
skip=-1673937517%2C786; expires=Tue, 17-Jan-2023 06:48:37 GMT; Max-Age=600
236_786_0=1673937517; expires=Wed, 18-Jan-2023 06:38:37 GMT; Max-Age=86400
server: Apache
X-Firefox-Spdy: h2
landerflows.com/src/click12/js/iframeResizer.min.js
207.120.33.5200 OK 0 B URL HTTP/2 landerflows.com/src/click12/js/iframeResizer.min.js
IP 207.120.33.5:0
GET /src/click12/js/iframeResizer.min.js HTTP/1.1
Host: landerflows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:39 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 07 Jan 2021 16:10:13 GMT
etag: W/"5ff73265-2e17"
section-io-cache-id: 462cf7869d390a303fc96d90be4f54de
x-varnish: 611811 1420352
age: 4655
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 49da7deb3d0af4d080e47d4cf5b552bc
X-Firefox-Spdy: h2
geoip.entrsecre.com/
163.171.128.172200 OK 0 B IP 163.171.128.172:0
ASN #54994 QUANTILNETWORKS
GET / HTTP/1.1
Host: geoip.entrsecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:40 GMT
content-type: application/javascript
server: PWS/8.3.1.0.8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
via: 1.1 PSmglsjLAX2hu177:8 (W), 1.1 PSdgflkfFRA1je97:15 (W)
x-px: ms PSdgflkfFRA1je97FRA,ms PSmglsjLAX2hu177LAX(origin)
x-ws-request-id: 63c64270_PSdgflkfFRA1je97_42431-7122
set-cookie: HMF_CI=8c80e34f9e721d750f23e02e7138036bcc336ae1cb87413d07228b562f9861648a6f6eb2d12928909509551f4b530ff13268f5e7c1ada4ad4b46a6e852dad29a03; Expires=Thu, 16-Feb-23 06:38:40 GMT; Path=/
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Bebas+Neue&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Bebas+Neue&display=swap
IP 142.250.74.106:0
GET /css?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wasaround.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 17 Jan 2023 06:38:37 GMT
date: Tue, 17 Jan 2023 06:38:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
iclickcdn.com/tag.min.js
104.26.12.118200 OK 0 B IP 104.26.12.118:0
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: ba1dc0340e03c1adf739cb424fc87d08
cache-control: max-age=86400
last-modified: Fri, 13 Jan 2023 11:14:04 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 17 Jan 2023 06:58:16 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 85219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRjy%2Fn%2FULSEN0SL6%2BBafXpyy2QIvbqzY%2BepjEsgIL8ZyFv26UMhmELml9%2Bs47iQWb1stBK%2FSgUaGmRVrZwlF6nBdycc3xATb3PXEs1DL5y6h5xAOJn9RuNzmLBQzOyg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ad16bcfe9eb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.antiadblocksystems.com/hydra.min.js
185.76.9.15200 OK 0 B URL HTTP/2 www.antiadblocksystems.com/hydra.min.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /hydra.min.js HTTP/1.1
Host: www.antiadblocksystems.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nowlive.me
Connection: keep-alive
Referer: http://nowlive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Wed, 18 Jan 2023 20:03:02 GMT
access-control-allow-origin: *
link: <https://antiadblocksystems.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1674072183
server: CDN77-Turbo
x-77-nzt: AblMCQ1joNzvdCwHAA
x-77-nzt-ray: c0a4cc28557e24026b42c6638af5d002
x-cache: HIT
x-age: 470132
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
t.dtscout.com/pv/?_a=v&_h=nowlive.me&_ss=1xdhdudkt0&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=5cet&_cb=_dtspv.c
141.101.120.11200 OK 0 B URL HTTP/2 t.dtscout.com/pv/?_a=v&_h=nowlive.me&_ss=1xdhdudkt0&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=5cet&_cb=_dtspv.c
IP 141.101.120.11:0
GET /pv/?_a=v&_h=nowlive.me&_ss=1xdhdudkt0&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=5cet&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nowlive.me/
Cookie: m=1; oa=1; df=1673937515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:35 GMT
content-type: application/javascript
x-t: 0.134
x-c: 0
expires: Tue, 17 Jan 2023 06:38:34 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IlZXe3m7D4nF6mR2sctwjifkYoxmEgnLB%2B2lvlC9tQL2hHupRoOK6Oebm5qTBD7pHnCb9VQAa%2BaFmKncFmmzEi3ll6AMUWDMg%2B7TW5uL82BCTnInmKQB1CfBvJ7UV7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad16beda860a28-ARN
content-encoding: br
X-Firefox-Spdy: h2
unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
188.166.0.235302 Found 0 B URL HTTP/2 unafeed.com/click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103
IP 188.166.0.235:0
ASN #14061 DIGITALOCEAN-ASN
GET /click.php?key=il3xkcxv6cdxy0zktiki&zone=0404_pp103 HTTP/1.1
Host: unafeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.dailyd.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.16.1
date: Tue, 17 Jan 2023 06:38:36 GMT
content-type: text/html; charset=UTF-8
location: https://unafeed.com/nlp/index.php?url_bnm_redirect=https://wasaround.com
set-cookie: uclick=e2rnsynt8n; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
uclickhash=e2rnsynt8n-e2rnsynt8n-h9ej-0-5mgm-h9twvr-2tyd0-de1a8f; expires=Wed, 18-Jan-2023 06:38:36 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
wasaround.com/
172.67.174.83200 OK 0 B IP 172.67.174.83:0
GET / HTTP/1.1
Host: wasaround.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 17 Jan 2023 06:38:37 GMT
content-type: text/html
last-modified: Wed, 15 Jun 2022 15:21:40 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5tijRZ6ngGUbaQLAkW%2F09hayipZH7qJ%2BE5uDNJJ75wfk%2BO6be5kxzw36%2BLCS67aTB1FF3vPcyJJvShZAxyj8eAx6l9u3R4n060Gzpf%2F7fbVcfVlK5VhI8HGiry5Xb%2BR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad16c97acfb4fd-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
entrsecre.com/signup/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089&ofid=1066
163.171.128.172302 Found 0 B URL HTTP/2 entrsecre.com/signup/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089&ofid=1066
IP 163.171.128.172:0
ASN #54994 QUANTILNETWORKS
GET /signup/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089&ofid=1066 HTTP/1.1
Host: entrsecre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://landerflows.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 17 Jan 2023 06:38:40 GMT
content-type: text/html; charset=UTF-8
server: PWS/8.3.1.0.8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://bsrvtn.com/acct/epc68155/add/?epcVIP=48.1066.g51&site=xcg&tbc=ffce00&email=&act=epc68155.47403-1146845.43922.37_43922_6592_698d757847b41b88b5f6b7c86d006b74..FSlp011623917.5089&ofid=1066&epcCID=F4NaD6raV0tbP2H1Darfa0I085y47djaE&rtid=31348304929
via: 1.1 PSmglsjLAX2hu177:8 (W), 1.1 PSdgflkfFRA1vg90:11 (W)
x-px: ms PSdgflkfFRA1vg90FRA,ms PSmglsjLAX2hu177LAX(origin)
x-ws-request-id: 63c64270_PSdgflkfFRA1je97_42431-7119
set-cookie: PHPSESSID=65e3736b2e7148f680214ed99692124c; path=/; secure; SameSite=None
HMF_CI=285fa1bf4a312410ede2062a789d5ef07ce1e7f1f64984f07bf215bacb6f1139c4ac605a2dbb85c1ff5950335f947dc3bf507645afa98c0b307b9253493e117399; Expires=Thu, 16-Feb-23 06:38:40 GMT; Path=/
X-Firefox-Spdy: h2