firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GmwSuk1d-b901sGwBZ4uxxHKj-bBPFDOy-3bHYkHevb5ws5pblytPg==
Age: 227064
so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&s1=b3ddcc3e-c5e9-46c8-ba17-14e9bf9be5ec&s2=wtt0fuojvtr3018j2tkgpf3u&redirect-from=qk49ulw9cqylpcae9oho&rcode=R09&rseq=R09,R99,R98
52.57.27.162302 Found 0 B URL HTTP/1.1 so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&s1=b3ddcc3e-c5e9-46c8-ba17-14e9bf9be5ec&s2=wtt0fuojvtr3018j2tkgpf3u&redirect-from=qk49ulw9cqylpcae9oho&rcode=R09&rseq=R09,R99,R98
IP 52.57.27.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&s1=b3ddcc3e-c5e9-46c8-ba17-14e9bf9be5ec&s2=wtt0fuojvtr3018j2tkgpf3u&redirect-from=qk49ulw9cqylpcae9oho&rcode=R09&rseq=R09,R99,R98 HTTP/1.1
Host: so-glo.yoptv33.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 08 Oct 2022 06:51:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Server: nginx/1.12.2
Location: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=9c136dd4-4658-4f98-b5d6-92fa3447ddc5
Cache-Control: no-transform
X-Frame-Options: SAMEORIGIN
Vary: Cookie, Origin
Set-Cookie: uip="[\"ODCl8Zp\"\054 {\"lMZk3\": \"69RNgN8\"}]:1oh3gU:eHJhoIrBWOg4-aeuiVhwyKiq65o"; expires=Mon, 07 Nov 2022 06:51:42 GMT; Max-Age=2592000; Path=/
ydt_69a756d9a2a44370a5365f82fbdfa6e5="[\"9c136dd4-4658-4f98-b5d6-92fa3447ddc5\"]:1oh3gU:LiXFLUyrGromCXaacmYiRC0AH2o"; expires=Mon, 07 Nov 2022 08:51:42 GMT; Max-Age=2599200; Path=/; SameSite=None; Secure
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3606
Expires: Sat, 08 Oct 2022 07:51:48 GMT
Date: Sat, 08 Oct 2022 06:51:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6101
Expires: Sat, 08 Oct 2022 08:33:23 GMT
Date: Sat, 08 Oct 2022 06:51:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yHv9Kr1cehPdWyUEM40lHZ2I+GxfoSqv3tRmRm8oaR3p18B1lV2a8k9EGZu5j0XTIAeHtH4G1u4=
x-amz-request-id: ZWQESY6J9618EKVF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 06:31:31 GMT
age: 1211
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 08 Oct 2022 06:29:41 GMT
Expires: Sat, 08 Oct 2022 07:22:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wYEoUM8Ged0Vj-1Zn_Hm1gFlGJOpRkvwJtgBHanAqh8GliXmld5HTA==
Age: 1321
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5937
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 06:51:43 GMT
Last-Modified: Sat, 08 Oct 2022 05:12:46 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.223.168.227101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.168.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GCsSXB9b+Bav+biNWbk5fg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6ZsllmCSH0jIZXp3cMD/O0XDlLQ=
go.monetizer.mobi/favicon.ico
198.143.165.221200 OK 1.2 kB URL HTTP/2 go.monetizer.mobi/favicon.ico
IP 198.143.165.221:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/?utm_term=7152030664311701512&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
Cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:43 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Sun, 09 Oct 2022 06:51:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2
go.monetizer.mobi/sw.js?v=1665211903367
198.143.165.221200 OK 776 B URL HTTP/2 go.monetizer.mobi/sw.js?v=1665211903367
IP 198.143.165.221:0
Hash f72a11763f13b05c1f2379d13387dd05
002fbf7672d3f4655b89b6413d160e4185ce9900
70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11
GET /sw.js?v=1665211903367 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:43 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
51.68.81.31200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 51.68.81.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3751)
Hash 69b163af001bc0ce1d91c28dcaa6b555
e210e0caca09035fa0a4963e647f31ac503aa052
69fd19a108dbdeeee1c499d29f70e019a8626d74ed075798b2e5d81709fa521f
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 06:51:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=b2d98686b2daa707a74b7c08e7d56b44&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=b2d98686b2daa707a74b7c08e7d56b44&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=b2d98686b2daa707a74b7c08e7d56b44&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 08 Oct 2022 06:51:44 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.29489054775006696&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 08 Oct 2022 06:51:44 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300055087291146a06f4240f7fa1998826a71008-202210-flb*5467509-4538f*M7152030664311701512*sl_5467509-4538f*c33ff65b0d65a3113f1817269266aad6b2e6c7c0*797-403c551a*797
www.wewillserv.com/favicon.ico
51.68.81.31204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Sat, 08 Oct 2022 06:51:44 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 5a0c02740462f30c4a918278359debea
6af5fe4a13a3afe8a3fa3313ba73fc9b1f6fcca6
696510ba47e6e477d5e8c1cadeb3af0833d673e2c294de0150a94d0a992b5c3b
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 08 Oct 2022 06:51:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 23:53:41 GMT
Expires: Sat, 08 Oct 2022 23:53:41 GMT
ETag: "6af5fe4a13a3afe8a3fa3313ba73fc9b1f6fcca6"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300055087291146a06f4240f7fa1998826a71008-202210-flb*5467509-4538f*M7152030664311701512*sl_5467509-4538f*c33ff65b0d65a3113f1817269266aad6b2e6c7c0*797-403c551a*797
34.90.46.36302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300055087291146a06f4240f7fa1998826a71008-202210-flb*5467509-4538f*M7152030664311701512*sl_5467509-4538f*c33ff65b0d65a3113f1817269266aad6b2e6c7c0*797-403c551a*797
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300055087291146a06f4240f7fa1998826a71008-202210-flb*5467509-4538f*M7152030664311701512*sl_5467509-4538f*c33ff65b0d65a3113f1817269266aad6b2e6c7c0*797-403c551a*797 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 08 Oct 2022 06:51:44 GMT
content-length: 0
location: https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63411e00a52ab6000143c67a&s=503
set-cookie: afclick=63411e00a52ab6000143c67a; expires=Sun, 08 Oct 2023 06:51:44 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Sat, 08 Oct 2022 09:18:56 GMT
Date: Sat, 08 Oct 2022 06:51:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Sat, 08 Oct 2022 09:18:56 GMT
Date: Sat, 08 Oct 2022 06:51:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Sat, 08 Oct 2022 09:18:56 GMT
Date: Sat, 08 Oct 2022 06:51:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392365031bf04a5e34788912f1cd897d
57b8d5510c7b7d7fe1aa5238d507e965643a9fa2
718b47a31956edadedfa54e3c12211c1f56e8426bc9a1e7aba1c31fd4517be09
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11856
x-amzn-requestid: 573e90f9-19d6-4802-ae8f-f37542c9c2bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2BeHA3IAMF4Gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d3c-015e52305f282bfb6abc28bf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:42:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WJzjDikXAjF_HFLpLrInz9IxSELQXUaIXTGwz-FQny8l8KKE30A2ww==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:53:06 GMT
age: 32318
etag: "57b8d5510c7b7d7fe1aa5238d507e965643a9fa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 071246ed5afd2f115dd9285207fa2a9b
05de223461a8b25fb222bb0abe45b283a2a25e9a
baea9d06d341b9d6bef4437869e66011275424f26ca503368a3fba2596cf49c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6355
x-amzn-requestid: e6a1f911-789f-443a-a30d-f83d4b08f1db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1DlHrhIAMFisw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb0-70791dd7223ac5b600af0240;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yV6PUsJG0nBbCAHTSmlDMRxKDirDlwOhiwmb5AHKbWeCIO4TVen3uw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:22 GMT
age: 33262
etag: "05de223461a8b25fb222bb0abe45b283a2a25e9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d67e1b7a9224fb617581c14af1e369ac
941b8fdd8736691d796738233681f12900af92c4
ed88575e76e6919ab4702bb29db5c48c5bd250ad2a89047d4d8a31cf3c77f12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9112
x-amzn-requestid: 94c5c303-a221-4b00-9d01-95607233fbc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2PxHXuoAMFZzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d97-5080b3765b6cd57c64e36e80;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:43:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: caUfhYpcvVq0JjR0INv3aPuCZDq50dJg9p7Wjlz6TcJaX7kU3OIHDA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:09 GMT
age: 32495
etag: "941b8fdd8736691d796738233681f12900af92c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3fba664205cc4f4c47441384bb9baff
7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca
5336cbc9f49699990c607bfb64265f55425f0c994d1c880d71e4faefd26057a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10302
x-amzn-requestid: 10724d90-3561-4b3a-9faa-2ecfd573b3bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EKGUVoAMF0cQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb4-76637f427b13d2c506fd5ccf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1rwq9VVxiIBmFjb6TUwaGdXIH6zqzTGEaJz3MW9fnU3VCGty50sLSA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:47:42 GMT
age: 32642
etag: "7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5c4757ceb6dce32d0f9d26d5b3df038
d8209d82f61c7a09e00756e5dd32c99bc61af4a8
6aa007279ba4cdea3f772e0601e4082d40ee947ef8cc1201ce0009fb42ca9885
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3c3ff89f-8a8c-44ae-981a-0e9adaf7d959
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dSEs8IAMFqFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-6c97b82d137c2f1951270b82;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wWlD3C6HI9oxa0VAYA6N5afAcUDTQXdO8X31eZUglfdC6jSQo_gew==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 08 Oct 2022 03:29:14 GMT
age: 12150
etag: "d8209d82f61c7a09e00756e5dd32c99bc61af4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iClOZEPMiFmpeprT8McJ2HI0dCmyxkhEdfYr0qP0YK3U_Pcd9N0Fhg==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 11:08:01 GMT
age: 71023
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 54d95a070305ec04e73177e5cd0e05f3
6435c596ae7a163ab646bddadd422136877c9d8f
15a47b3585489d55e8c061df521a255a76ea9af86cc1a5dec19d064dcb753492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15A47B3585489D55E8C061DF521A255A76EA9AF86CC1A5DEC19D064DCB753492"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2854
Expires: Sat, 08 Oct 2022 07:39:18 GMT
Date: Sat, 08 Oct 2022 06:51:44 GMT
Connection: keep-alive
go.monetizer.mobi/?utm_term=7152030664311701512&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
198.143.165.221200 OK 3.2 kB URL HTTP/2 go.monetizer.mobi/?utm_term=7152030664311701512&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
IP 198.143.165.221:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4727)
Hash 5b8e9eaa4166fe115f435c92ba2c1e7f
81983a0a54022ef6cfdf0037a5b1b6da2b740902
d9075c0747426b0cf79737f2cb9be2ae823a112ec6d4992dfb566a040afac9f1
GET /?utm_term=7152030664311701512&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=9c136dd4-4658-4f98-b5d6-92fa3447ddc5
Cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:43 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
go.monetizer.mobi/sw.js?v=1665211903367
198.143.165.221304 Not Modified 0 B URL HTTP/2 go.monetizer.mobi/sw.js?v=1665211903367
IP 198.143.165.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw.js?v=1665211903367 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 03 Oct 2022 07:40:54 GMT
If-None-Match: "633a9206-308"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 08 Oct 2022 06:51:44 GMT
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d134f9cf7e00f284201e83f4ab940713
3a8c1982e16885bd87b395d109f9cf015233857e
f572298d6ed8aaf5eed152cc09961b6540f51a317503c059e671ada5f1afb52e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F572298D6ED8AAF5EED152CC09961B6540F51A317503C059E671ADA5F1AFB52E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13647
Expires: Sat, 08 Oct 2022 10:39:12 GMT
Date: Sat, 08 Oct 2022 06:51:45 GMT
Connection: keep-alive
48.us.findthewind.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=63411e00001dec5b4145a294
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 48.us.findthewind.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=63411e00001dec5b4145a294
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=48&subid=48.503&ref=&s1=63411e00001dec5b4145a294 HTTP/1.1
Host: 48.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=647d1d1f4b1cd38f076b57bb8fbe0fc4:117eab622151426fdbd60fd0f73446a54258bfcf0e3fb39da2589364dece4b1722c6b4c8e317dd423b45832e66ef1d28276b73135a259cb3f09171aa2a205ebeb85725a25a4b99ba649ed637128f7230e09b162475c1e0206c40e6b6df5df31ced104039efedfc53365da164ac1f50728b79638f4f59910fb1cfcbdf0cff4342269b7fd499d05ec8881f82f76c335ec9b6dc7be1fdd39194053787d13144345409e8c6e1fdec31c7345690afe311e83241972c2f94d4a0205e70cca5dc60934a264ef7b6b6b2dc4a04aed1db1c1ecac43ae3748eabaec0f25de6d0bfb584fe1d5e97b87008f5f3692d7d210a253abb3c7441c44cdeb60864ddd790ddff479141b748bf8b94c40e9a93031d82a4125e45acdcb249ee117a9797e4b8637ec5dc8908587ae32ada024f76b7c03c69d67b7d0c84d7d35b741361e15e850dddb25a9b6c89d6e6754ce4d66c994ddc3b7a249573f3ea4e7be889fb140221f61b7355ae3ca1be8d651a8a36303759976942a34343cdf716558972d506fdadcf45923ed2b9aa2c6f9c565e3a0eeae5e19cea36f1dc415fab1f5ba79ac998d5fe8eaf5c7f41863f8fc20cff993ef8c63f8afd849ee10aeea8d58d52b04a0e9f5481b536d08a62f7831b383f51f2d354ad003c3b3e4ce113d803bf2873031f1feff26efcb07580c3ddd268034618c3e057b5f634a2ca4d32f639c5de7f964bad5bf3e4316fd4e93df43d0a21a1db3f3570ae11ca6373d9d7e5c08f0e4e06288686d9205d1804413c501aac18e926c3e40d2e1f6f1ffb68a0c3f3f835a0567edbe913da5caeeff0a6973c7a3e540f426041218d4ff6ebfdd68c81e29a63e38a3afe3fd1bc59212fd9073cf2729ed5c07eb09ff08786fb9d4af92d84d3c12c5c54b51c8fcce0d471547da9875398a0efd304772490c212f0b756fc485e07814b04670384abcdf2ab816df6d080849e86529c0c081c44b44e40229f7d93d21d3af644dbe62f659b47f0a04ba1a69e396ba7bab8917064a2eb3966df94616314a1ca740cde2d4c6cf0a82bf5fb87b6e1df40e113c870e3e6e69aa6fd960e63350749e771be4c284278ed36f9772a7698e07585fb342d17e6ed3083cd1a9eb40728ff927d3f1028be79256e4a55a9220559a1e6f0ce4f5808874661a64ef110d8798dceb77552874a5151ca6ec733623b6b41cb511ff6d4761d660e9285efc7335c0cc2bfa44b973b8738c056282a8b2f02e9cb21b2a59bbb0f0f91407a6383e9eed74c64a5ce5a3c44ba76aaafd3eeb77b543d75d4b2dee1999b5a93cf10537b660af03cb31de3d54ff78aa4ebe5e029f279e46826927d390992e6def11fe62ba042b56fd40880f63b894f2cd1672d683451791d74d145bfaa3836234b1a42eb0ee60060e1bdb9f5598ae53bb0d59fa8224141cf50307e&s1=63411e00001dec5b4145a294
Date: Sat, 08 Oct 2022 06:51:46 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b1c29d4927d8b578a3463e9f85248ea
ae1d0ab385758790ec65de10bd798b8054901a75
4e920a24a4a0e126e82f74771227a85d4228800bff4a97979c35162d74de0f38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E920A24A4A0E126E82F74771227A85D4228800BFF4A97979C35162D74DE0F38"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Sat, 08 Oct 2022 08:47:21 GMT
Date: Sat, 08 Oct 2022 06:51:46 GMT
Connection: keep-alive
redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=647d1d1f4b1cd38f076b57bb8fbe0fc4:117eab622151426fdbd60fd0f73446a54258bfcf0e3fb39da2589364dece4b1722c6b4c8e317dd423b45832e66ef1d28276b73135a259cb3f09171aa2a205ebeb85725a25a4b99ba649ed637128f7230e09b162475c1e0206c40e6b6df5df31ced104039efedfc53365da164ac1f50728b79638f4f59910fb1cfcbdf0cff4342269b7fd499d05ec8881f82f76c335ec9b6dc7be1fdd39194053787d13144345409e8c6e1fdec31c7345690afe311e83241972c2f94d4a0205e70cca5dc60934a264ef7b6b6b2dc4a04aed1db1c1ecac43ae3748eabaec0f25de6d0bfb584fe1d5e97b87008f5f3692d7d210a253abb3c7441c44cdeb60864ddd790ddff479141b748bf8b94c40e9a93031d82a4125e45acdcb249ee117a9797e4b8637ec5dc8908587ae32ada024f76b7c03c69d67b7d0c84d7d35b741361e15e850dddb25a9b6c89d6e6754ce4d66c994ddc3b7a249573f3ea4e7be889fb140221f61b7355ae3ca1be8d651a8a36303759976942a34343cdf716558972d506fdadcf45923ed2b9aa2c6f9c565e3a0eeae5e19cea36f1dc415fab1f5ba79ac998d5fe8eaf5c7f41863f8fc20cff993ef8c63f8afd849ee10aeea8d58d52b04a0e9f5481b536d08a62f7831b383f51f2d354ad003c3b3e4ce113d803bf2873031f1feff26efcb07580c3ddd268034618c3e057b5f634a2ca4d32f639c5de7f964bad5bf3e4316fd4e93df43d0a21a1db3f3570ae11ca6373d9d7e5c08f0e4e06288686d9205d1804413c501aac18e926c3e40d2e1f6f1ffb68a0c3f3f835a0567edbe913da5caeeff0a6973c7a3e540f426041218d4ff6ebfdd68c81e29a63e38a3afe3fd1bc59212fd9073cf2729ed5c07eb09ff08786fb9d4af92d84d3c12c5c54b51c8fcce0d471547da9875398a0efd304772490c212f0b756fc485e07814b04670384abcdf2ab816df6d080849e86529c0c081c44b44e40229f7d93d21d3af644dbe62f659b47f0a04ba1a69e396ba7bab8917064a2eb3966df94616314a1ca740cde2d4c6cf0a82bf5fb87b6e1df40e113c870e3e6e69aa6fd960e63350749e771be4c284278ed36f9772a7698e07585fb342d17e6ed3083cd1a9eb40728ff927d3f1028be79256e4a55a9220559a1e6f0ce4f5808874661a64ef110d8798dceb77552874a5151ca6ec733623b6b41cb511ff6d4761d660e9285efc7335c0cc2bfa44b973b8738c056282a8b2f02e9cb21b2a59bbb0f0f91407a6383e9eed74c64a5ce5a3c44ba76aaafd3eeb77b543d75d4b2dee1999b5a93cf10537b660af03cb31de3d54ff78aa4ebe5e029f279e46826927d390992e6def11fe62ba042b56fd40880f63b894f2cd1672d683451791d74d145bfaa3836234b1a42eb0ee60060e1bdb9f5598ae53bb0d59fa8224141cf50307e&s1=63411e00001dec5b4145a294
198.211.113.186302 Found 1.7 kB URL HTTP/1.1 redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=647d1d1f4b1cd38f076b57bb8fbe0fc4:117eab622151426fdbd60fd0f73446a54258bfcf0e3fb39da2589364dece4b1722c6b4c8e317dd423b45832e66ef1d28276b73135a259cb3f09171aa2a205ebeb85725a25a4b99ba649ed637128f7230e09b162475c1e0206c40e6b6df5df31ced104039efedfc53365da164ac1f50728b79638f4f59910fb1cfcbdf0cff4342269b7fd499d05ec8881f82f76c335ec9b6dc7be1fdd39194053787d13144345409e8c6e1fdec31c7345690afe311e83241972c2f94d4a0205e70cca5dc60934a264ef7b6b6b2dc4a04aed1db1c1ecac43ae3748eabaec0f25de6d0bfb584fe1d5e97b87008f5f3692d7d210a253abb3c7441c44cdeb60864ddd790ddff479141b748bf8b94c40e9a93031d82a4125e45acdcb249ee117a9797e4b8637ec5dc8908587ae32ada024f76b7c03c69d67b7d0c84d7d35b741361e15e850dddb25a9b6c89d6e6754ce4d66c994ddc3b7a249573f3ea4e7be889fb140221f61b7355ae3ca1be8d651a8a36303759976942a34343cdf716558972d506fdadcf45923ed2b9aa2c6f9c565e3a0eeae5e19cea36f1dc415fab1f5ba79ac998d5fe8eaf5c7f41863f8fc20cff993ef8c63f8afd849ee10aeea8d58d52b04a0e9f5481b536d08a62f7831b383f51f2d354ad003c3b3e4ce113d803bf2873031f1feff26efcb07580c3ddd268034618c3e057b5f634a2ca4d32f639c5de7f964bad5bf3e4316fd4e93df43d0a21a1db3f3570ae11ca6373d9d7e5c08f0e4e06288686d9205d1804413c501aac18e926c3e40d2e1f6f1ffb68a0c3f3f835a0567edbe913da5caeeff0a6973c7a3e540f426041218d4ff6ebfdd68c81e29a63e38a3afe3fd1bc59212fd9073cf2729ed5c07eb09ff08786fb9d4af92d84d3c12c5c54b51c8fcce0d471547da9875398a0efd304772490c212f0b756fc485e07814b04670384abcdf2ab816df6d080849e86529c0c081c44b44e40229f7d93d21d3af644dbe62f659b47f0a04ba1a69e396ba7bab8917064a2eb3966df94616314a1ca740cde2d4c6cf0a82bf5fb87b6e1df40e113c870e3e6e69aa6fd960e63350749e771be4c284278ed36f9772a7698e07585fb342d17e6ed3083cd1a9eb40728ff927d3f1028be79256e4a55a9220559a1e6f0ce4f5808874661a64ef110d8798dceb77552874a5151ca6ec733623b6b41cb511ff6d4761d660e9285efc7335c0cc2bfa44b973b8738c056282a8b2f02e9cb21b2a59bbb0f0f91407a6383e9eed74c64a5ce5a3c44ba76aaafd3eeb77b543d75d4b2dee1999b5a93cf10537b660af03cb31de3d54ff78aa4ebe5e029f279e46826927d390992e6def11fe62ba042b56fd40880f63b894f2cd1672d683451791d74d145bfaa3836234b1a42eb0ee60060e1bdb9f5598ae53bb0d59fa8224141cf50307e&s1=63411e00001dec5b4145a294
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (1650), with no line terminators
Hash 0a74db6446e1eec46878b34b6d2e7341
450eaeb9633999cf08d23725d67c9ab19bebb07b
35029b617a3f6551d45d23e7fd4bcdbe147c065cf11bca9a7caf34213c438756
GET /feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=647d1d1f4b1cd38f076b57bb8fbe0fc4:117eab622151426fdbd60fd0f73446a54258bfcf0e3fb39da2589364dece4b1722c6b4c8e317dd423b45832e66ef1d28276b73135a259cb3f09171aa2a205ebeb85725a25a4b99ba649ed637128f7230e09b162475c1e0206c40e6b6df5df31ced104039efedfc53365da164ac1f50728b79638f4f59910fb1cfcbdf0cff4342269b7fd499d05ec8881f82f76c335ec9b6dc7be1fdd39194053787d13144345409e8c6e1fdec31c7345690afe311e83241972c2f94d4a0205e70cca5dc60934a264ef7b6b6b2dc4a04aed1db1c1ecac43ae3748eabaec0f25de6d0bfb584fe1d5e97b87008f5f3692d7d210a253abb3c7441c44cdeb60864ddd790ddff479141b748bf8b94c40e9a93031d82a4125e45acdcb249ee117a9797e4b8637ec5dc8908587ae32ada024f76b7c03c69d67b7d0c84d7d35b741361e15e850dddb25a9b6c89d6e6754ce4d66c994ddc3b7a249573f3ea4e7be889fb140221f61b7355ae3ca1be8d651a8a36303759976942a34343cdf716558972d506fdadcf45923ed2b9aa2c6f9c565e3a0eeae5e19cea36f1dc415fab1f5ba79ac998d5fe8eaf5c7f41863f8fc20cff993ef8c63f8afd849ee10aeea8d58d52b04a0e9f5481b536d08a62f7831b383f51f2d354ad003c3b3e4ce113d803bf2873031f1feff26efcb07580c3ddd268034618c3e057b5f634a2ca4d32f639c5de7f964bad5bf3e4316fd4e93df43d0a21a1db3f3570ae11ca6373d9d7e5c08f0e4e06288686d9205d1804413c501aac18e926c3e40d2e1f6f1ffb68a0c3f3f835a0567edbe913da5caeeff0a6973c7a3e540f426041218d4ff6ebfdd68c81e29a63e38a3afe3fd1bc59212fd9073cf2729ed5c07eb09ff08786fb9d4af92d84d3c12c5c54b51c8fcce0d471547da9875398a0efd304772490c212f0b756fc485e07814b04670384abcdf2ab816df6d080849e86529c0c081c44b44e40229f7d93d21d3af644dbe62f659b47f0a04ba1a69e396ba7bab8917064a2eb3966df94616314a1ca740cde2d4c6cf0a82bf5fb87b6e1df40e113c870e3e6e69aa6fd960e63350749e771be4c284278ed36f9772a7698e07585fb342d17e6ed3083cd1a9eb40728ff927d3f1028be79256e4a55a9220559a1e6f0ce4f5808874661a64ef110d8798dceb77552874a5151ca6ec733623b6b41cb511ff6d4761d660e9285efc7335c0cc2bfa44b973b8738c056282a8b2f02e9cb21b2a59bbb0f0f91407a6383e9eed74c64a5ce5a3c44ba76aaafd3eeb77b543d75d4b2dee1999b5a93cf10537b660af03cb31de3d54ff78aa4ebe5e029f279e46826927d390992e6def11fe62ba042b56fd40880f63b894f2cd1672d683451791d74d145bfaa3836234b1a42eb0ee60060e1bdb9f5598ae53bb0d59fa8224141cf50307e&s1=63411e00001dec5b4145a294 HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=80b7fa524daf5567c524f324b027f6ce:9856edab0f31f9358fcd107b06cd67524064724348ab52345bb2ce0225ad93f929d63ce979300f27e8814da3f1ba76676a58c4e519cf3b179e17aa80f09104b05dc1aee544ace93e403d0941883a0e097ab0179a05ec7f0ab2ac703da5fbc25746001c147c750e9f230e8b01ec63c2151f43c3a46aac3c823b568682911175bb686a2383091655531d6d8172f08b6c6dd63d157c5506a8ee619be2c8420251b42a2f7c0fb5f6b07e0c23ed11faa0e5651d5415531bafa333e264b620c343573a5983cfaabc85f3f441fa63389d77bb102e3cdd13eaf485ac93b549e287a4e495637fdb4e64a70046211fde8032a4ae21232a31cafb6a75b5b69680e04027bc0b912da61e9e6ba0da1d89d5bcbc8029f6592cc56b2517f44e1993c8483595949e28b0f709874316046588d4453b60a647011d5127c944649313549263fdbd10e21aa46e98d8ca0de2f881c7d9027b29d4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 1650
Date: Sat, 08 Oct 2022 06:51:46 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8070dc0ab4a1c1c24c84b0e878d5891c
4fd7e59de9a98078f457b98662b8f8f8d44a8fdf
849f12862a46b04e8f4553488aaf2ee27b2f7b0cb8556a6494f64bf7d465362c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "849F12862A46B04E8F4553488AAF2EE27B2F7B0CB8556A6494F64BF7D465362C"
Last-Modified: Thu, 06 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10207
Expires: Sat, 08 Oct 2022 09:41:53 GMT
Date: Sat, 08 Oct 2022 06:51:46 GMT
Connection: keep-alive
c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=80b7fa524daf5567c524f324b027f6ce:9856edab0f31f9358fcd107b06cd67524064724348ab52345bb2ce0225ad93f929d63ce979300f27e8814da3f1ba76676a58c4e519cf3b179e17aa80f09104b05dc1aee544ace93e403d0941883a0e097ab0179a05ec7f0ab2ac703da5fbc25746001c147c750e9f230e8b01ec63c2151f43c3a46aac3c823b568682911175bb686a2383091655531d6d8172f08b6c6dd63d157c5506a8ee619be2c8420251b42a2f7c0fb5f6b07e0c23ed11faa0e5651d5415531bafa333e264b620c343573a5983cfaabc85f3f441fa63389d77bb102e3cdd13eaf485ac93b549e287a4e495637fdb4e64a70046211fde8032a4ae21232a31cafb6a75b5b69680e04027bc0b912da61e9e6ba0da1d89d5bcbc8029f6592cc56b2517f44e1993c8483595949e28b0f709874316046588d4453b60a647011d5127c944649313549263fdbd10e21aa46e98d8ca0de2f881c7d9027b29d4
192.241.144.203302 Found 264 B URL HTTP/1.1 c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=80b7fa524daf5567c524f324b027f6ce:9856edab0f31f9358fcd107b06cd67524064724348ab52345bb2ce0225ad93f929d63ce979300f27e8814da3f1ba76676a58c4e519cf3b179e17aa80f09104b05dc1aee544ace93e403d0941883a0e097ab0179a05ec7f0ab2ac703da5fbc25746001c147c750e9f230e8b01ec63c2151f43c3a46aac3c823b568682911175bb686a2383091655531d6d8172f08b6c6dd63d157c5506a8ee619be2c8420251b42a2f7c0fb5f6b07e0c23ed11faa0e5651d5415531bafa333e264b620c343573a5983cfaabc85f3f441fa63389d77bb102e3cdd13eaf485ac93b549e287a4e495637fdb4e64a70046211fde8032a4ae21232a31cafb6a75b5b69680e04027bc0b912da61e9e6ba0da1d89d5bcbc8029f6592cc56b2517f44e1993c8483595949e28b0f709874316046588d4453b60a647011d5127c944649313549263fdbd10e21aa46e98d8ca0de2f881c7d9027b29d4
IP 192.241.144.203:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash a529f83ea62d97ca4225f39c512e987a
87cf5afac36206af9a1a8219581282914083668a
99b357061ad5b866f8c50add6531cd95e1c735fcb46e7570dba80664d5b3e516
GET /feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=80b7fa524daf5567c524f324b027f6ce:9856edab0f31f9358fcd107b06cd67524064724348ab52345bb2ce0225ad93f929d63ce979300f27e8814da3f1ba76676a58c4e519cf3b179e17aa80f09104b05dc1aee544ace93e403d0941883a0e097ab0179a05ec7f0ab2ac703da5fbc25746001c147c750e9f230e8b01ec63c2151f43c3a46aac3c823b568682911175bb686a2383091655531d6d8172f08b6c6dd63d157c5506a8ee619be2c8420251b42a2f7c0fb5f6b07e0c23ed11faa0e5651d5415531bafa333e264b620c343573a5983cfaabc85f3f441fa63389d77bb102e3cdd13eaf485ac93b549e287a4e495637fdb4e64a70046211fde8032a4ae21232a31cafb6a75b5b69680e04027bc0b912da61e9e6ba0da1d89d5bcbc8029f6592cc56b2517f44e1993c8483595949e28b0f709874316046588d4453b60a647011d5127c944649313549263fdbd10e21aa46e98d8ca0de2f881c7d9027b29d4 HTTP/1.1
Host: c.mybestclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://eu.pushnow.net/postback/click?key=v2-1665211905254-4-5479-1084493-7522d84d-002e-29e7-7e76-7005f47e9269
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 264
Date: Sat, 08 Oct 2022 06:51:46 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 00b342d7d172ce91822fae9cf5e0d34e
071f5d434fb190a3cad3c9579e6104d35da14d53
dd240cefd0bec8b237ed78917dd26ba9f1bcad90cf9d3de8f0c3ada46bfa03bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD240CEFD0BEC8B237ED78917DD26BA9F1BCAD90CF9D3DE8F0C3ADA46BFA03BB"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19464
Expires: Sat, 08 Oct 2022 12:16:11 GMT
Date: Sat, 08 Oct 2022 06:51:47 GMT
Connection: keep-alive
eu.pushnow.net/postback/click?key=v2-1665211905254-4-5479-1084493-7522d84d-002e-29e7-7e76-7005f47e9269
149.6.163.14302 Found 0 B URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1665211905254-4-5479-1084493-7522d84d-002e-29e7-7e76-7005f47e9269
IP 149.6.163.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1665211905254-4-5479-1084493-7522d84d-002e-29e7-7e76-7005f47e9269 HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sat, 08 Oct 2022 06:51:47 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
platform_user_id_from_ssp=platform:f86f862ff85e673a9c9766752124fbcc
platform_user_id_from_ssp_3rd_party=platform:f86f862ff85e673a9c9766752124fbcc; SameSite=None; Secure; Max-Age=31556952
location: http://c.srvpcn.com/click?id=cd0hs0b8due7cg12hkig&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
X-Firefox-Spdy: h2
c.srvpcn.com/click?id=cd0hs0b8due7cg12hkig&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
52.22.167.208303 See Other 0 B URL HTTP/1.1 c.srvpcn.com/click?id=cd0hs0b8due7cg12hkig&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
IP 52.22.167.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?id=cd0hs0b8due7cg12hkig&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34 HTTP/1.1
Host: c.srvpcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sat, 08 Oct 2022 06:51:47 GMT
Content-Length: 0
Connection: keep-alive
Location: http://pyrrh-xbf.com/zcvisitor/ac640d92-46d5-11ed-aca0-0a8e22e6e82d/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=ea2166c0-40b1-11ed-8ee2-0a918cbcbb97
pyrrh-xbf.com/zcvisitor/ac640d92-46d5-11ed-aca0-0a8e22e6e82d/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=ea2166c0-40b1-11ed-8ee2-0a918cbcbb97
35.174.150.83302 0 B URL HTTP/1.1 pyrrh-xbf.com/zcvisitor/ac640d92-46d5-11ed-aca0-0a8e22e6e82d/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=ea2166c0-40b1-11ed-8ee2-0a918cbcbb97
IP 35.174.150.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /zcvisitor/ac640d92-46d5-11ed-aca0-0a8e22e6e82d/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=ea2166c0-40b1-11ed-8ee2-0a918cbcbb97 HTTP/1.1
Host: pyrrh-xbf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Sat, 08 Oct 2022 06:51:47 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/eve?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
Server: tgFTPxRL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17a815c75aa2b9b774a5426689a4663d
e632a888f6452010b46de82f51ada275cbe0e6b8
0585272b7cb950501801e393bed8704c58b52b49ddd84cddb923af2a270a2bbf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0585272B7CB950501801E393BED8704C58B52B49DDD84CDDB923AF2A270A2BBF"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1954
Expires: Sat, 08 Oct 2022 07:24:21 GMT
Date: Sat, 08 Oct 2022 06:51:47 GMT
Connection: keep-alive
go.money616.xyz/eve?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
18.184.197.212200 OK 1.6 kB URL HTTP/1.1 go.money616.xyz/eve?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
IP 18.184.197.212:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (363)
Hash 4f53c785609c3ed817935a611f705a69
c17a3d0e57805c5263e5ac24958c85bedd03d3b0
1f75a5fcab12092af15f59be16d80053731960994431975ef3a97228231b6cb3
GET /eve?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1570
Date: Sat, 08 Oct 2022 06:51:47 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ad883fe78504709cbc6d0a326555a56
64659de02a03916a17eef2b4bf3ebfdaa8485793
6f7da5afb804c88dfd1ed57c6c5a5dc76efd4e416f236a29f8ad15d54ae564de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 06:51:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 10:25:05 GMT
Expires: Wed, 12 Oct 2022 10:25:04 GMT
Etag: "64659de02a03916a17eef2b4bf3ebfdaa8485793"
Cache-Control: max-age=357795,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756cf338ca52b523-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ad883fe78504709cbc6d0a326555a56
64659de02a03916a17eef2b4bf3ebfdaa8485793
6f7da5afb804c88dfd1ed57c6c5a5dc76efd4e416f236a29f8ad15d54ae564de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 06:51:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 10:25:05 GMT
Expires: Wed, 12 Oct 2022 10:25:04 GMT
Etag: "64659de02a03916a17eef2b4bf3ebfdaa8485793"
Cache-Control: max-age=357795,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756cf33b8c87b523-OSL
adspredictiv.com/script/i.php?stamat=m%257C%252C%252CQjYXojEitGU3BP-GH0dEdHP3xP.a39%252C0Buv5A4o7FoKZGlczT5s-jT7VWL3j2eMEF9ABu03GHSrvPjWw4sfKguioWeP8p-AyyknPjQlWnMx2adbeRdLdRKjxC9o3O1ynfMHzBaPcz6cEBWHUg6bL-JnXpM2ZKVoCrSMY2K4piNFyJytYmQY_9PuNNvLy8cbGWZxXF49Vlaff2afM5AbCQf9Q254mKsSA-O5jmpFIOPP8v4FEXvJ-9vAfms0ptvJBmcaV91Eod1wxLnXgG9BYuk3A0EsaphIc4vQj3TWH3COKLor7U89y0Lw24egr9ngkc6JjAOS4esK_pI1drFX5mu6YWhJSXoAYjtVorMDZfuNfFI8GfpzXe63sc9llJwMUR6U28Lv_oS7Cn9QLqcfsN1sg1CBhPly8oUXqd1W_IcJW7Nez3gT4OztQDx74yRjLTkzZMYog9MLiQQCsYXYP7h4xgV0I_W6wOH7wILJVUdYR4QTdcunlfJlmcjTd0i-h8750GnVw080jkG14y8v2XLN_MxynLnC9QbINBAEuaq8SBnSpEQ_ZmzebjdbY7z1EkEp-Gvec2BEt3F0RaE27GEcGpri2rbZxH-vINkrHdUWe18Mb9PnsMt-Gte_v8M_Fwt6IiMSvMcfGacwhr-FTP6giB667oHC
35.190.38.40302 Found 503 B URL HTTP/2 adspredictiv.com/script/i.php?stamat=m%257C%252C%252CQjYXojEitGU3BP-GH0dEdHP3xP.a39%252C0Buv5A4o7FoKZGlczT5s-jT7VWL3j2eMEF9ABu03GHSrvPjWw4sfKguioWeP8p-AyyknPjQlWnMx2adbeRdLdRKjxC9o3O1ynfMHzBaPcz6cEBWHUg6bL-JnXpM2ZKVoCrSMY2K4piNFyJytYmQY_9PuNNvLy8cbGWZxXF49Vlaff2afM5AbCQf9Q254mKsSA-O5jmpFIOPP8v4FEXvJ-9vAfms0ptvJBmcaV91Eod1wxLnXgG9BYuk3A0EsaphIc4vQj3TWH3COKLor7U89y0Lw24egr9ngkc6JjAOS4esK_pI1drFX5mu6YWhJSXoAYjtVorMDZfuNfFI8GfpzXe63sc9llJwMUR6U28Lv_oS7Cn9QLqcfsN1sg1CBhPly8oUXqd1W_IcJW7Nez3gT4OztQDx74yRjLTkzZMYog9MLiQQCsYXYP7h4xgV0I_W6wOH7wILJVUdYR4QTdcunlfJlmcjTd0i-h8750GnVw080jkG14y8v2XLN_MxynLnC9QbINBAEuaq8SBnSpEQ_ZmzebjdbY7z1EkEp-Gvec2BEt3F0RaE27GEcGpri2rbZxH-vINkrHdUWe18Mb9PnsMt-Gte_v8M_Fwt6IiMSvMcfGacwhr-FTP6giB667oHC
IP 35.190.38.40:0
Hash 263f64584e8662702759b1a40936c6cc
fa895382688d3a95a565571cc884b1bdc1dcf833
6effea1f28a14bd2abdc1366f6209282fb43f5aa274e5c72c936712488cbe331
GET /script/i.php?stamat=m%257C%252C%252CQjYXojEitGU3BP-GH0dEdHP3xP.a39%252C0Buv5A4o7FoKZGlczT5s-jT7VWL3j2eMEF9ABu03GHSrvPjWw4sfKguioWeP8p-AyyknPjQlWnMx2adbeRdLdRKjxC9o3O1ynfMHzBaPcz6cEBWHUg6bL-JnXpM2ZKVoCrSMY2K4piNFyJytYmQY_9PuNNvLy8cbGWZxXF49Vlaff2afM5AbCQf9Q254mKsSA-O5jmpFIOPP8v4FEXvJ-9vAfms0ptvJBmcaV91Eod1wxLnXgG9BYuk3A0EsaphIc4vQj3TWH3COKLor7U89y0Lw24egr9ngkc6JjAOS4esK_pI1drFX5mu6YWhJSXoAYjtVorMDZfuNfFI8GfpzXe63sc9llJwMUR6U28Lv_oS7Cn9QLqcfsN1sg1CBhPly8oUXqd1W_IcJW7Nez3gT4OztQDx74yRjLTkzZMYog9MLiQQCsYXYP7h4xgV0I_W6wOH7wILJVUdYR4QTdcunlfJlmcjTd0i-h8750GnVw080jkG14y8v2XLN_MxynLnC9QbINBAEuaq8SBnSpEQ_ZmzebjdbY7z1EkEp-Gvec2BEt3F0RaE27GEcGpri2rbZxH-vINkrHdUWe18Mb9PnsMt-Gte_v8M_Fwt6IiMSvMcfGacwhr-FTP6giB667oHC HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
referrer-policy: no-referrer
location: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 06:51:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
free3dgame.xyz/files/1.png
146.190.28.107200 OK 91 kB URL HTTP/2 free3dgame.xyz/files/1.png
IP 146.190.28.107:0
File type PNG image data, 268 x 341, 8-bit/color RGBA, non-interlaced\012- data
Hash b1ca79a348b74c1f02654dcdc06fbd7a
015f9320975c34adbacd595681605c79797c0880
19ddba2395038bfe50d196bd2313219bcace3ebf24837e50c700d1f8f5e63a87
Analyzer Verdict Alert quad9 Sinkholed
GET /files/1.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: image/png
content-length: 91434
last-modified: Tue, 24 May 2022 10:25:50 GMT
etag: "628cb2ae-1652a"
expires: Mon, 07 Nov 2022 06:51:48 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
146.190.28.107200 OK 295 kB URL HTTP/2 free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
IP 146.190.28.107:0
Size 295 kB (295330 bytes)
Hash 379b7a09f6bb0ea287ed7e0603283320
f12df195845627bdc6acd45b545211df95272569
55f600c9c5fbc0d85dfc83a548d33f113c90e6d5e7cd26958e1d09a1c9234eaf
Analyzer Verdict Alert quad9 Sinkholed
GET /?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619 HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: text/html
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
free3dgame.xyz/files/main.css
146.190.28.107200 OK 2.3 kB URL HTTP/2 free3dgame.xyz/files/main.css
IP 146.190.28.107:0
Hash 29cd603e6372c077b2b8ccb4453cf5e0
ca00a5de62bf1505fdc386a3f3c693222a6c73b8
07966661956f28e5f5051f6d32d0283cc4e49722de910b92e3570801d07c9734
Analyzer Verdict Alert quad9 Sinkholed
GET /files/main.css HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: text/css
last-modified: Wed, 25 May 2022 07:54:53 GMT
vary: Accept-Encoding
etag: W/"628de0cd-11de"
expires: Sat, 08 Oct 2022 18:51:48 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
free3dgame.xyz/files/desc.jpg
146.190.28.107200 OK 517 kB URL HTTP/2 free3dgame.xyz/files/desc.jpg
IP 146.190.28.107:0
File type JPEG image data, progressive, precision 8, 3360x1882, components 3\012- data
Size 517 kB (517070 bytes)
Hash abd6f700139d33406e689ae523063675
6fa1dd814d4c2d6a770e644c5aa0a0d7facdeba0
99f3f7d43320f66092019658c89c57d8a0bb5b748b9841384c4324acab71cc52
Analyzer Verdict Alert quad9 Sinkholed
GET /files/desc.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: image/jpeg
content-length: 517070
last-modified: Tue, 24 May 2022 11:29:05 GMT
etag: "628cc181-7e3ce"
expires: Mon, 07 Nov 2022 06:51:48 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/bg-box.png
146.190.28.107200 OK 37 kB URL HTTP/2 free3dgame.xyz/files/bg-box.png
IP 146.190.28.107:0
File type PNG image data, 823 x 424, 8-bit/color RGBA, non-interlaced\012- data
Hash d9aab159517209305f0ae6ae43af0c2e
77763dcbe0c4223da8eba455022c7d41d21fe434
158ebf4b5f0045d2235408626133e56e8acef48a5b2cc4d69fd005d951954a63
Analyzer Verdict Alert quad9 Sinkholed
GET /files/bg-box.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/files/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:49 GMT
content-type: image/png
content-length: 37399
last-modified: Tue, 24 May 2022 10:25:14 GMT
etag: "628cb28a-9217"
expires: Mon, 07 Nov 2022 06:51:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/jquery.min.js
146.190.28.107200 OK 35 kB URL HTTP/2 free3dgame.xyz/files/jquery.min.js
IP 146.190.28.107:0
Hash 94678199418973da447e61c1fa905700
2bf29de4a75f02a917e64c400d7d85d51a5dbdc2
408b33d6300a59bd748bca9e3b28e9b73441b237098606b152beb8a17b198da0
Analyzer Verdict Alert quad9 Sinkholed
GET /files/jquery.min.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Sat, 08 Oct 2022 18:51:48 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 06:51:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
216.58.207.195200 OK 32 kB URL HTTP/2 fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 31516, version 1.0\012- data
Hash 9e4726d312080161871f0472659ecf14
e0231f21da02732e9ef19c2280ea5a7aa25f04de
68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
GET /s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://free3dgame.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Oct 2022 02:23:54 GMT
expires: Sun, 08 Oct 2023 02:23:54 GMT
cache-control: public, max-age=31536000
age: 16075
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
free3dgame.xyz/files/apple-touch-icon.png
146.190.28.107200 OK 9.4 kB URL HTTP/2 free3dgame.xyz/files/apple-touch-icon.png
IP 146.190.28.107:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 049ac8181fb1c147054e1ec9ae763d70
565397e7f0a82d7c31abccddbd9a310fddb3591d
6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95
Analyzer Verdict Alert quad9 Sinkholed
GET /files/apple-touch-icon.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:49 GMT
content-type: image/png
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Mon, 07 Nov 2022 06:51:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/favicon-16x16.png
146.190.28.107200 OK 493 B URL HTTP/2 free3dgame.xyz/files/favicon-16x16.png
IP 146.190.28.107:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash a2a4b5d7c260fd7b81ea7daa0922c45c
736f12c449c0d7b8809bd0efc96a041b2dd0b377
80a2bb3256c6169c7b0784d69b3f199510a9e345bbff1f7480ac209fcd985b78
Analyzer Verdict Alert quad9 Sinkholed
GET /files/favicon-16x16.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:49 GMT
content-type: image/png
content-length: 493
last-modified: Tue, 24 May 2022 10:22:25 GMT
etag: "628cb1e1-1ed"
expires: Mon, 07 Nov 2022 06:51:49 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 06:51:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c712a8d12119cdef4376b6055f3493c
e040dc81a71c6a94dc600ecb61bf0c8f1a086e85
6a2c6384e05dae0013a2890ad63c91af7d2f04a0d706ce496f44defc7b209fa7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11618
x-amzn-requestid: 5a8e397a-41df-41a1-a71e-25cedc35b063
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R5H9aoAMFyew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-3286ff464612a56158b81f4e;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dpzW4--jwWxQ7cD4rKIZuX4pr9LQI0CivP6grcpduuNMPoKyQwSecg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:16 GMT
etag: "e040dc81a71c6a94dc600ecb61bf0c8f1a086e85"
content-type: image/jpeg
age: 33275
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
free3dgame.xyz/files/lang.js
146.190.28.107200 OK 0 B URL HTTP/2 free3dgame.xyz/files/lang.js
IP 146.190.28.107:0
Analyzer Verdict Alert quad9 Sinkholed
GET /files/lang.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=gae9e8qaiaqmhrrnc0kq&cid=166521190810000TNOTV415326358024Ve9&zone=6307578-1264786048-3156927619
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Sat, 08 Oct 2022 18:51:48 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?stamat=m%257CanYifjNiaQdHkAH0dEdHP3xP.806%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvW2VhzVwcYMM3Pr0W4tmlrxQR-LzqMgj6fwO-yHP9nhn6vwg-SYAPBx5FbKNBRkUWC6YYwCFdsUl3EXNI4UuT3MA%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.37127752778628564&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
35.190.38.40302 Found 0 B URL HTTP/2 adspredictiv.com/jump/next.php?stamat=m%257CanYifjNiaQdHkAH0dEdHP3xP.806%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvW2VhzVwcYMM3Pr0W4tmlrxQR-LzqMgj6fwO-yHP9nhn6vwg-SYAPBx5FbKNBRkUWC6YYwCFdsUl3EXNI4UuT3MA%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.37127752778628564&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
IP 35.190.38.40:0
GET /jump/next.php?stamat=m%257CanYifjNiaQdHkAH0dEdHP3xP.806%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvW2VhzVwcYMM3Pr0W4tmlrxQR-LzqMgj6fwO-yHP9nhn6vwg-SYAPBx5FbKNBRkUWC6YYwCFdsUl3EXNI4UuT3MA%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.37127752778628564&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CQjYXojEitGU3BP-GH0dEdHP3xP.a39%252C0Buv5A4o7FoKZGlczT5s-jT7VWL3j2eMEF9ABu03GHSrvPjWw4sfKguioWeP8p-AyyknPjQlWnMx2adbeRdLdRKjxC9o3O1ynfMHzBaPcz6cEBWHUg6bL-JnXpM2ZKVoCrSMY2K4piNFyJytYmQY_9PuNNvLy8cbGWZxXF49Vlaff2afM5AbCQf9Q254mKsSA-O5jmpFIOPP8v4FEXvJ-9vAfms0ptvJBmcaV91Eod1wxLnXgG9BYuk3A0EsaphIc4vQj3TWH3COKLor7U89y0Lw24egr9ngkc6JjAOS4esK_pI1drFX5mu6YWhJSXoAYjtVorMDZfuNfFI8GfpzXe63sc9llJwMUR6U28Lv_oS7Cn9QLqcfsN1sg1CBhPly8oUXqd1W_IcJW7Nez3gT4OztQDx74yRjLTkzZMYog9MLiQQCsYXYP7h4xgV0I_W6wOH7wILJVUdYR4QTdcunlfJlmcjTd0i-h8750GnVw080jkG14y8v2XLN_MxynLnC9QbINBAEuaq8SBnSpEQ_ZmzebjdbY7z1EkEp-Gvec2BEt3F0RaE27GEcGpri2rbZxH-vINkrHdUWe18Mb9PnsMt-Gte_v8M_Fwt6IiMSvMcfGacwhr-FTP6giB667oHC
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
35.190.38.40200 OK 0 B URL HTTP/2 adspredictiv.com/jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
IP 35.190.38.40:0
GET /jump/next.php?r=6307578&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 06:51:48 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
go.monetizer.mobi/proc.php?66a29d1d77d86fba539125c3eb1d36236a82fcfc
198.143.165.221200 OK 0 B URL HTTP/2 go.monetizer.mobi/proc.php?66a29d1d77d86fba539125c3eb1d36236a82fcfc
IP 198.143.165.221:0
GET /proc.php?66a29d1d77d86fba539125c3eb1d36236a82fcfc HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/?utm_term=7152030664311701512&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
Cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:43 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152030664311701512&website=797-403c551a&placement=797
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=9c136dd4-4658-4f98-b5d6-92fa3447ddc5
198.143.165.221200 OK 0 B URL HTTP/2 go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=9c136dd4-4658-4f98-b5d6-92fa3447ddc5
IP 198.143.165.221:0
GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=9c136dd4-4658-4f98-b5d6-92fa3447ddc5 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 06:51:43 GMT
content-type: text/html; charset=UTF-8
location: https://go.monetizer.mobi/?utm_term=7152030664311701512&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=c4eb2a01016af5e9dd0d3c73a592c55b; expires=Sun, 08-Oct-2023 06:51:43 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2