firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 12:43:01 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GIv68uRk9AZdzD6gUL-5f4gDbaZoIeXMVnOOP_0581n3ajyCmkmrkQ==
Age: 421
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17162
Expires: Sat, 03 Sep 2022 17:36:05 GMT
Date: Sat, 03 Sep 2022 12:50:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5RCnh2bTu7-lH82eHYOsI-HbRPk_E9FjjeqxH2PTy0uAx3WD5IMxTA==
age: 41686
X-Firefox-Spdy: h2
sadoom-ar.xyz/
199.188.200.154301 Moved Permanently 707 B IP 199.188.200.154:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 03 Sep 2022 12:50:02 GMT
server: LiteSpeed
location: https://sadoom-ar.xyz/
x-turbo-charged-by: LiteSpeed
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 03 Sep 2022 12:38:16 GMT
Expires: Sat, 03 Sep 2022 13:38:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dAJXDEfLgOLXqklvdUfown99cwisiaAPajPTfH2rjsSjbIUnpCxqWA==
Age: 707
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5024
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 12:50:03 GMT
Last-Modified: Sat, 03 Sep 2022 11:26:19 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5466d0d51517c964148c37a133eff4a9
3d22dadc280866bde0e7892f49e52df58078e1ac
0b8b07b4bf1c7ea89f69b3c9622b44bbcefbd070917c1321a8cbe3a55f48e314
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 12:50:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 20:50:50 GMT
Expires: Thu, 08 Sep 2022 20:50:49 GMT
Etag: "3d22dadc280866bde0e7892f49e52df58078e1ac"
Cache-Control: max-age=460245,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 744e9be3dc561c12-OSL
push.services.mozilla.com/
54.148.154.169101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.154.169:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mLRxHIPQxe6u3ek2rMp2qQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qVL6SIy2UF7YaqLn5S3mv63nkjc=
sadoom-ar.xyz/
199.188.200.154200 OK 14 kB IP 199.188.200.154:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41804), with CRLF, LF line terminators
Hash 3adf7e5631422fb570fa63852c8351e6
bc820a7de60c9ae14c410d0de5d4a165fbba88ca
548c13e2ab6ab2cefa2080cf3564f28d64c75c22f99251b920b5a2c037b76e95
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
link: <https://sadoom-ar.xyz/wp-json/>; rel="https://api.w.org/"
etag: "63-1662022681;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
content-length: 13866
date: Sat, 03 Sep 2022 12:50:03 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2461
Expires: Sat, 03 Sep 2022 13:31:05 GMT
Date: Sat, 03 Sep 2022 12:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2461
Expires: Sat, 03 Sep 2022 13:31:05 GMT
Date: Sat, 03 Sep 2022 12:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2461
Expires: Sat, 03 Sep 2022 13:31:05 GMT
Date: Sat, 03 Sep 2022 12:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2461
Expires: Sat, 03 Sep 2022 13:31:05 GMT
Date: Sat, 03 Sep 2022 12:50:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: 43535b37-15c9-4a28-a7c0-f43482948382
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqlhGFX4IAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630db606-77bd935d4364050f230ba5da;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 07:02:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y_-knSwUodyBxS8I8PAoUexT6Z4o0Aq7m62v7HrRjm7vV-jP0VuCpw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 06:26:07 GMT
age: 23037
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2461
Expires: Sat, 03 Sep 2022 13:31:05 GMT
Date: Sat, 03 Sep 2022 12:50:04 GMT
Connection: keep-alive
sadoom-ar.xyz/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.1
199.188.200.154200 OK 7.7 kB URL HTTP/2 sadoom-ar.xyz/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.1
IP 199.188.200.154:0
File type ASCII text, with very long lines (38375)
Hash 5e8aa80e8c69e966aa5ddb223c5394a3
a99e0f026436b8a7f8d10da0f96e4a0977f003dc
66134865a5ca3fa8f1018bf7c1aeddd875cdd0eb41e3db1cbd50e0f1f4427571
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.1 HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 10 Sep 2022 12:50:04 GMT
content-type: text/css
last-modified: Wed, 17 Aug 2022 19:47:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7686
date: Sat, 03 Sep 2022 12:50:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 53250
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1yjBt3dqEztIRHo4yR3ZzI67J4lWUMS8R44-PpkeDJ4KNdCTPkmh-w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 04:45:35 GMT
age: 29069
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: d4695cb0-76ed-495c-b548-d7819edd6d90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwqDSGuDIAMF6kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631023ae-7ba42ae9407c626a02d10e7f;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:14:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: paxjtCjggGuEMbpwW1HmCdQOemdktodVUl-grweVuYke_NynMIHMlg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:54:34 GMT
age: 32130
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0bde418da52c5b733e4edeb10173974e
75555a00ea68f94d83233ca3dcb7ffa60ba9da5d
67bb1775a03b6b17b05181738c8196a9ed8087dc75927e649c28c084f31c0160
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8614
x-amzn-requestid: a941656b-92dd-4948-a24e-1437469def78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2emWFBMIAMFq4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631277c2-5336706371034d98547bafbd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: URc2SNnmMKSqG5bFd14z2P8o6fk3LCC4l79tclax0dq5uWfuUNjvew==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:24:32 GMT
age: 51932
etag: "75555a00ea68f94d83233ca3dcb7ffa60ba9da5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5SORUPJgJ_gKKs4hSa4EzCCQA6B1dmyO1EC-gCBvFKl2R2hV0mYTeA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:39:01 GMT
age: 51063
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sadoom-ar.xyz/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.1
199.188.200.154200 OK 3.8 kB URL HTTP/2 sadoom-ar.xyz/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.1
IP 199.188.200.154:0
File type ASCII text, with very long lines (16772), with no line terminators
Hash 2517c07a1bb6dd4e2166a3fe25cdadfb
deebfe0925b8a316a55a8c72336efe5ed4e1d5fb
4e43f9788876b283e8ac00717032824672ac12d7bb8cfb62685821f978a84f00
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.1 HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 10 Sep 2022 12:50:04 GMT
content-type: application/javascript
last-modified: Wed, 17 Aug 2022 19:47:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3792
date: Sat, 03 Sep 2022 12:50:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
sadoom-ar.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
199.188.200.154200 OK 11 kB URL HTTP/2 sadoom-ar.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 199.188.200.154:0
File type ASCII text, with very long lines (43771)
Hash d45207ee05c1f0c57dfa075e61405ccd
a8d35143a2d828a739ea0fdde75f97d33621e7ec
a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 10 Sep 2022 12:50:04 GMT
content-type: text/css
last-modified: Mon, 04 Jul 2022 21:40:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10946
date: Sat, 03 Sep 2022 12:50:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
sadoom-ar.xyz/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
199.188.200.154200 OK 4.6 kB URL HTTP/2 sadoom-ar.xyz/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 199.188.200.154:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: sadoom-ar.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 10 Sep 2022 12:50:04 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Sat, 03 Sep 2022 12:50:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 032b6777fac7fb899c4fec5375ba1128
21fa4ccd3ed58691865f5773acc7aee03df13032
7b1a6b49c00fb94aa97870f5a20b0d1114aaeccf35ae9b50b2c289af619031f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B1A6B49C00FB94AA97870F5A20B0D1114AAECCF35AE9B50B2C289AF619031F8"
Last-Modified: Fri, 02 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5828
Expires: Sat, 03 Sep 2022 14:27:13 GMT
Date: Sat, 03 Sep 2022 12:50:05 GMT
Connection: keep-alive
mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 26 kB URL HTTP/2 mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16663)
Hash d04492ab713bb460dc13a8c184913d5b
58a71db0a613df8a027b707be8b17304b2f01fc2
14c894911aef911c11cfaf64ae82479d3c7bcdbad51fd43487ada1a142423b2c
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:05 GMT; Max-Age=2592000; path=/; domain=mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
mo08.biz/img/18/1.png
185.177.92.179200 OK 11 kB IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Hash a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
Analyzer Verdict Alert quad9 Sinkholed
GET /img/18/1.png HTTP/1.1
Host: mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: image/png
content-length: 10591
last-modified: Mon, 25 Nov 2019 17:34:12 GMT
etag: "5ddc1094-295f"
expires: Mon, 03 Oct 2022 12:50:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo08.biz/img/18/2.png
185.177.92.179200 OK 1.1 kB IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Hash d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
Analyzer Verdict Alert quad9 Sinkholed
GET /img/18/2.png HTTP/1.1
Host: mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: image/png
content-length: 1061
last-modified: Mon, 25 Nov 2019 17:34:21 GMT
etag: "5ddc109d-425"
expires: Mon, 03 Oct 2022 12:50:05 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 80c17acac0386e6d3a91e1955c8f7015
0adc628e9ada3cfed5fd3162bee2cc00c876ca93
d996b4637bc7de5f12c6a457eac8326711db0b1daede705f81219edb8e596118
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D996B4637BC7DE5F12C6A457EAC8326711DB0B1DAEDE705F81219EDB8E596118"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5021
Expires: Sat, 03 Sep 2022 14:13:46 GMT
Date: Sat, 03 Sep 2022 12:50:05 GMT
Connection: keep-alive
oo00.biz/sw/w1s.js
212.129.26.71200 OK 1.4 kB IP 212.129.26.71:0
Hash e1d7abfb31d91b534fe467bc1357a55b
b2ec87e57c6ac82c5e3bb5ce4bf2f6ca906c0116
820193bb899f5acd5beda1e0a2b0cc58fc80f741e776a3506348cdd2081dbb94
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 0.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 1.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 1.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
2.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 2.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
2.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 2.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
3.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 3.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
3.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 3.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 1.4 kB IP 212.129.26.71:0
Hash e1d7abfb31d91b534fe467bc1357a55b
b2ec87e57c6ac82c5e3bb5ce4bf2f6ca906c0116
820193bb899f5acd5beda1e0a2b0cc58fc80f741e776a3506348cdd2081dbb94
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
4.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 4.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
5.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 5.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 1.4 kB IP 212.129.26.71:0
Hash 610ba737aa98ccb45349fb2ec7039393
314e308671a0dcd747b4fa22d6ce956a13066aee
1a1cb6173e264a9a1bbb1ff757160d0b2c5f025a5acd9982823e213407959f30
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:06 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
6.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 6.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
5.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 26 kB URL HTTP/2 5.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16663)
Hash 2e3678530e942d6f830ca8065b98fe1a
e3c2f975fcf8f6fbacfe69d677b4975cae37daf5
cd9dcac472f93ee2ef32a3e5f78d35c6b92bf235219d2e3b0a0154a98e40c36e
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 5.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:06 GMT; Max-Age=2592000; path=/; domain=5.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
7.mo08.biz/w66899721.js
185.177.92.179200 OK 49 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 7.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
7.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 7.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
8.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 26 kB URL HTTP/2 8.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16663)
Hash 8376619a968e47d7359d2df7a95fee39
cc7f7dc2a147036c18d7523464a6449742e405c5
0f14ca93fd0098575dd13e193939a2d8405b0a8fe7a307fd7e913b8adb3f196e
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 8.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7.mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:07 GMT; Max-Age=2592000; path=/; domain=8.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
3.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 54 kB URL HTTP/2 3.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16663)
Hash b7b61cce3f8dad9a6bfd4b8f76dac056
a83d65bf64b62104600e4716cce500aaeb2e17d3
4eb5f0bdc0e47862d2e6abf6c192a62530c69d1af5bc8dd46036701f7325a87a
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 3.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:06 GMT; Max-Age=2592000; path=/; domain=3.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 1.4 kB IP 212.129.26.71:0
Hash e1d7abfb31d91b534fe467bc1357a55b
b2ec87e57c6ac82c5e3bb5ce4bf2f6ca906c0116
820193bb899f5acd5beda1e0a2b0cc58fc80f741e776a3506348cdd2081dbb94
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:06 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
9.mo08.biz/favicon.ico
185.177.92.179204 No Content 0 B IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 9.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48817b36aab0084c72c9dbc03d95dd0d
74d2369745fb2514243ca0b6811cda5298316fda
3658a74dddfe5a87a4d1e6003d7b5c2926d94a323d4d4c5ad7d176bf1c56181b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3658A74DDDFE5A87A4D1E6003D7B5C2926D94A323D4D4C5AD7D176BF1C56181B"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21595
Expires: Sat, 03 Sep 2022 18:50:03 GMT
Date: Sat, 03 Sep 2022 12:50:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 313d2a02fb0efb28971c4b54634573d0
f6a05bd38e9b300c76d5c245ae3e5734878afe63
710d809511243a09756d4183e92326443fa71f6c02bc36aa8e94dea7101c2474
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "710D809511243A09756D4183E92326443FA71F6C02BC36AA8E94DEA7101C2474"
Last-Modified: Fri, 02 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20404
Expires: Sat, 03 Sep 2022 18:30:12 GMT
Date: Sat, 03 Sep 2022 12:50:08 GMT
Connection: keep-alive
news-ginetu.cc/revopush.js?v=4
149.7.16.231200 OK 8.9 kB URL HTTP/2 news-ginetu.cc/revopush.js?v=4
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (8922), with no line terminators
Hash 51014cabdb246e54c6fe1c7864225e81
04390aa362cc51c8f3aa848e5f1a11b3f9ba2751
32da65acc9ea9ff95f364751b4855731358710ebeb6b25d863a1c5d02dc73bd1
GET /revopush.js?v=4 HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: application/javascript
content-length: 8922
last-modified: Mon, 29 Aug 2022 09:05:32 GMT
etag: "630c815c-22da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
149.7.16.231200 OK 12 kB URL HTTP/2 news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
Hash 04298333e23ab3e0e3e0469ef9c0f449
88348c2e5963c9ed1b9a53e45cc21654d2d25d99
b95b50a43a43ff48147ae253a16c570ce9d10b86fcbef495a46ca28d4e3ba067
GET /lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4= HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9.mo08.biz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8; expires=Sat, 03-Sep-2022 13:50:08 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
news-ginetu.cc/lands/16/logo.png
149.7.16.231200 OK 1.1 kB URL HTTP/2 news-ginetu.cc/lands/16/logo.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Hash d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
GET /lands/16/logo.png HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/png
content-length: 1061
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-425"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ginetu.cc/sw.js
149.7.16.231200 OK 4.0 kB IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (3964), with no line terminators
Hash 7c60cc903a18857a61023bde734a757b
d53632ffe44847e798eeb6fcaacc3b3584e4a23d
dff87b88fb2ffccdadc8d3c04ffe475d848247456fa7c5b95328ccc14e7a48ea
GET /sw.js HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: application/javascript
content-length: 3964
last-modified: Tue, 30 Aug 2022 09:40:36 GMT
etag: "630ddb14-f7c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ginetu.cc/lands/16/bot.png
149.7.16.231200 OK 11 kB URL HTTP/2 news-ginetu.cc/lands/16/bot.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Hash ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f
GET /lands/16/bot.png HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/png
content-length: 11043
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-2b23"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ginetu.cc/lands/1/v_F.ico
149.7.16.231200 OK 1.2 kB URL HTTP/2 news-ginetu.cc/lands/1/v_F.ico
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /lands/1/v_F.ico HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 20 Sep 2019 09:01:10 GMT
etag: "5d849556-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/revopush.js?v=4
149.7.16.231200 OK 8.9 kB URL HTTP/2 1.news-ginetu.cc/revopush.js?v=4
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (8922), with no line terminators
Hash 51014cabdb246e54c6fe1c7864225e81
04390aa362cc51c8f3aa848e5f1a11b3f9ba2751
32da65acc9ea9ff95f364751b4855731358710ebeb6b25d863a1c5d02dc73bd1
GET /revopush.js?v=4 HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: application/javascript
content-length: 8922
last-modified: Mon, 29 Aug 2022 09:05:32 GMT
etag: "630c815c-22da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/lands/16/man.png
149.7.16.231200 OK 11 kB URL HTTP/2 1.news-ginetu.cc/lands/16/man.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Hash a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
GET /lands/16/man.png HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/png
content-length: 10591
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-295f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/lands/16/logo.png
149.7.16.231200 OK 1.1 kB URL HTTP/2 1.news-ginetu.cc/lands/16/logo.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 94 x 19, 8-bit colormap, non-interlaced\012- data
Hash d708fbf0358752a082f5a394b74adda8
231c1527b4b039eb3af7d7e9eb5587ed87f6ea81
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
GET /lands/16/logo.png HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/png
content-length: 1061
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-425"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/sw.js
149.7.16.231200 OK 4.0 kB IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (3964), with no line terminators
Hash 7c60cc903a18857a61023bde734a757b
d53632ffe44847e798eeb6fcaacc3b3584e4a23d
dff87b88fb2ffccdadc8d3c04ffe475d848247456fa7c5b95328ccc14e7a48ea
GET /sw.js HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: application/javascript
content-length: 3964
last-modified: Tue, 30 Aug 2022 09:40:36 GMT
etag: "630ddb14-f7c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/lands/16/bot.png
149.7.16.231200 OK 11 kB URL HTTP/2 1.news-ginetu.cc/lands/16/bot.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Hash ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f
GET /lands/16/bot.png HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/png
content-length: 11043
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-2b23"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/lands/1/v_F.ico
149.7.16.231200 OK 1.2 kB URL HTTP/2 1.news-ginetu.cc/lands/1/v_F.ico
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /lands/1/v_F.ico HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 20 Sep 2019 09:01:10 GMT
etag: "5d849556-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ginetu.cc/revopush.js?v=4
149.7.16.231200 OK 8.9 kB URL HTTP/2 2.news-ginetu.cc/revopush.js?v=4
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (8922), with no line terminators
Hash 51014cabdb246e54c6fe1c7864225e81
04390aa362cc51c8f3aa848e5f1a11b3f9ba2751
32da65acc9ea9ff95f364751b4855731358710ebeb6b25d863a1c5d02dc73bd1
GET /revopush.js?v=4 HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: application/javascript
content-length: 8922
last-modified: Mon, 29 Aug 2022 09:05:32 GMT
etag: "630c815c-22da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ginetu.cc/lands/16/man.png
149.7.16.231200 OK 11 kB URL HTTP/2 2.news-ginetu.cc/lands/16/man.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 179 x 278, 8-bit colormap, non-interlaced\012- data
Hash a6fa8154cc36da494df7b5103329c15a
3a2310088bcec14f7c0187f8409a5af5395665e8
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
GET /lands/16/man.png HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: image/png
content-length: 10591
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-295f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ginetu.cc/traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16
149.7.16.231200 OK 1.1 kB URL HTTP/2 1.news-ginetu.cc/traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
Hash 2ae43fc646ebce08947a56f40927fa1a
e039195340a34695c50712c091f8e9bbdf0b7ad4
85a97095a73d997a3547a6a0438d345054f822051cf187daca2eaa26f7da2aac
GET /traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16 HTTP/1.1
Host: 1.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
2.news-ginetu.cc/sw.js
149.7.16.231200 OK 4.0 kB IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (3964), with no line terminators
Hash 7c60cc903a18857a61023bde734a757b
d53632ffe44847e798eeb6fcaacc3b3584e4a23d
dff87b88fb2ffccdadc8d3c04ffe475d848247456fa7c5b95328ccc14e7a48ea
GET /sw.js HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: application/javascript
content-length: 3964
last-modified: Tue, 30 Aug 2022 09:40:36 GMT
etag: "630ddb14-f7c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ginetu.cc/lands/16/bot.png
149.7.16.231200 OK 11 kB URL HTTP/2 2.news-ginetu.cc/lands/16/bot.png
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type PNG image data, 260 x 260, 8-bit colormap, non-interlaced\012- data
Hash ca1f4de0ad1d4fad72d299a6411e6959
c9f6d409f09264a34ee8bac4265233c56c280d1a
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f
GET /lands/16/bot.png HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: image/png
content-length: 11043
last-modified: Mon, 16 Sep 2019 12:08:48 GMT
etag: "5d7f7b50-2b23"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ginetu.cc/lands/1/v_F.ico
149.7.16.231200 OK 1.2 kB URL HTTP/2 2.news-ginetu.cc/lands/1/v_F.ico
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /lands/1/v_F.ico HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 20 Sep 2019 09:01:10 GMT
etag: "5d849556-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c93b15685c7abac61908ab953df2a0f
74cdc487d0af19ca645db5cb0ceee42fc6ada972
2124b3abbc90956616d69fef2ecebed149727c147860e752cad06dcd02d4e109
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2124B3ABBC90956616D69FEF2ECEBED149727C147860E752CAD06DCD02D4E109"
Last-Modified: Fri, 02 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21553
Expires: Sat, 03 Sep 2022 18:49:23 GMT
Date: Sat, 03 Sep 2022 12:50:10 GMT
Connection: keep-alive
2.news-ginetu.cc/traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16
149.7.16.231200 OK 1.3 kB URL HTTP/2 2.news-ginetu.cc/traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 2c88325b262a951a7e76536dd472af0e
37218f694e49114eb3f3ac529dff7a41e163db69
fd15571d2424b5d9793b14d982135c5bb4546366750ecad3e2f4f694fe31afad
GET /traffback.php?site=1011345&sub1=&sub2=&sub3=&sub4=&land=16 HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
humiliatemoot.com/dcndikgb?shu=84dc82d61cfe93aed42bd597de5b4e43da732e8deb4643add6beb4318f8dbf37a957b8c778ac262757385271de84f10251bdee8ee7065c28b7ddbc1856a0d01191992bbd1982fa072cb3c8d78af6f3c4e89f1813&pst=1662209470&rmtc=t&uuid=&pii=&in=false&key=ac694c1e822f10fee2d177f712a5ab31&refer=https%3A%2F%2F2.news-ginetu.cc%2F
192.243.61.225302 Found 0 B URL HTTP/1.1 humiliatemoot.com/dcndikgb?shu=84dc82d61cfe93aed42bd597de5b4e43da732e8deb4643add6beb4318f8dbf37a957b8c778ac262757385271de84f10251bdee8ee7065c28b7ddbc1856a0d01191992bbd1982fa072cb3c8d78af6f3c4e89f1813&pst=1662209470&rmtc=t&uuid=&pii=&in=false&key=ac694c1e822f10fee2d177f712a5ab31&refer=https%3A%2F%2F2.news-ginetu.cc%2F
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcndikgb?shu=84dc82d61cfe93aed42bd597de5b4e43da732e8deb4643add6beb4318f8dbf37a957b8c778ac262757385271de84f10251bdee8ee7065c28b7ddbc1856a0d01191992bbd1982fa072cb3c8d78af6f3c4e89f1813&pst=1662209470&rmtc=t&uuid=&pii=&in=false&key=ac694c1e822f10fee2d177f712a5ab31&refer=https%3A%2F%2F2.news-ginetu.cc%2F HTTP/1.1
Host: humiliatemoot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://humiliatemoot.com/dcndikgb?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=15665670
Cookie: u_pl=15665670; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTY2NTY3MCwiayI6ImFjNjk0YzFlODIyZjEwZmVlMmQxNzdmNzEyYTVhYjMxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzcxNzg3LCJwaWQiOjE4MTk5MSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNSwiYWlkIjoyOCwicHQiOjQsInBrIjoiZGNuZGlrZ2IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vMi5uZXdzLWdpbmV0dS5jYy8ifX0.puw8n4vGINzdJMah4ZdFN80omihVb4HCIdI9932c90s; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 12:50:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=15665670
Set-Cookie: pdhtkv=true; expires=Sun, 04 Sep 2022 12:50:10 GMT
uncs=1; expires=Sun, 04 Sep 2022 12:50:10 GMT
pdhtkv28=true; expires=Sun, 04 Sep 2022 12:50:10 GMT
uncs28=1; expires=Sun, 04 Sep 2022 12:50:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ca8d17be34028de0c2369d2eb2ebc2d
Strict-Transport-Security: max-age=0; includeSubdomains
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a1a9b226f6556f7ea2f3e990e618c78
72796327f9481a7516aac1fbfd73a36d69f83626
187b68b54b976b7a1a17928e172c9726b5583b650b982eb5cd2378a4ee2aa54d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7332
x-amzn-requestid: ea4ea9b2-b306-449c-814f-f1447d64ad73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsLfzHzPIAMFmrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e5931-362f0ddf533fc7905ab1acb5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 18:38:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sGOpvoSHH63xn1qpb-9sG3YzpxdhLPib3pd5xX9Pvq8-hUIP3iNpQg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 06:34:54 GMT
age: 22517
etag: "72796327f9481a7516aac1fbfd73a36d69f83626"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=15665670
23.36.79.43301 Moved Permanently 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=15665670
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=15665670 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://humiliatemoot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 03 Sep 2022 12:50:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Sep 2022 12:50:11 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; domain=.unibet.com; expires=Mon, 03-Sep-3021 12:50:11 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=45
X-Firefox-Spdy: h2
no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://humiliatemoot.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 03 Sep 2022 12:50:11 GMT
content-length: 0
location: https://no.unibet.com:443/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A33284785-37950
set-cookie: JSESSIONID=node0c40atjy6hn8jm51ra65ainy26178614.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0c40atjy6hn8jm51ra65ainy26; Path=/; Domain=.unibet.com; Expires=Mon, 02-Sep-2024 12:50:11 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Mon, 02-Sep-2024 12:50:11 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://humiliatemoot.com/"; Path=/; Domain=.unibet.com; Expires=Mon, 02-Sep-2024 12:50:11 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 03-Sep-2022 12:50:26 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
PID=33284785; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 03-Sep-2022 12:50:26 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2750545; Path=/; Domain=.unibet.com; Expires=Sun, 31-Dec-2023 22:58:59 GMT; Max-Age=41854128; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.unibet.com; Expires=Sat, 03-Sep-2022 12:50:26 GMT; Max-Age=15; Secure; SameSite=None
clientId=polopoly_desktop; Domain=no.unibet.com; Path=/; SameSite=None; Secure
referer: https://humiliatemoot.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sat, 03 Sep 2022 12:50:11 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
no.unibet.com/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A33284785-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 no.unibet.com/stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A33284785-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2750545&affiliateId=1&unibetTarget=/no/pop/multisport/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&sref=ADST&ADST=15665670&affiliateId=1&pid=33284785&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fno%2Fpop%2Fmultisport%2Findex.html%3Fmktid%3D1%3A127656177%3A33284785-37950 HTTP/1.1
Host: no.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://humiliatemoot.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 03 Sep 2022 12:50:11 GMT
content-length: 0
location: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sat, 03 Sep 2022 12:50:11 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/no.unibet.com/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
23.36.79.25200 OK 638 B IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash e06ccf495666cfe3763d5eb2621e73c2
9a9a7d4f53b2b430bb4e264bdaa77e34d114fd0f
50cc6145fd93a0b1abf7da76215512b000c2aa7752d52ca7962cd7cf636cdba6
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Sat, 03 Sep 2022 12:50:11 GMT
Connection: keep-alive
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
104.21.63.54200 OK 12 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 104.21.63.54:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 0d31d864496932ab4789a0ce838d6b80
c739595d12d91cc8925659285cfffacabe817e52
063ba859565a6c3635937b173061030c90a2216b24a842bdbfff3debee787770
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: text/css
x-amz-id-2: two71MZ5TpkTpFGIUMPhG3w461PdnkgDGgz27zq6i0Qpvw3joR7rDh9C0IttlYdL7ZaWe4KhN1g=
x-amz-request-id: CV7TMK6K5EDKVGFA
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2372029
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6nrIulyhKY5yTQM39zAUMZh3YgCJeNgnOGDEvP5KWiu7T693EYVIAozMf4j8c6zegpz8NbrTqStzZjpjcwIt2VszZ4txxHUzr8UkX%2FYimOKxuwRUodDpVFlMhykyNX7krd9pasHh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744e9c166acc0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/1-main.js
108.161.188.196200 OK 2.2 kB URL HTTP/2 welcome.unibet.com/no/pop/multisport/1-main.js
IP 108.161.188.196:0
Hash 8ac724958b64c37f0acb626bff8cb38f
af83e7fc0e58c5902225e631b0174fa7ff84fea3
df98276dfda2f7a5cbf40a567152221f9b43e017431b0f43c74b8c8db1e28b5b
GET /no/pop/multisport/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68343779E"
x-ms-request-id: 765936e1-c01e-0021-5993-bf3679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/gambling-commission.png
108.161.188.196301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/gambling-commission.png
IP 108.161.188.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /no/pop/multisport/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.74200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 10:07:37 GMT
expires: Thu, 31 Aug 2023 10:07:37 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 268954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-sports.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-sports.svg
IP 108.161.188.196:0
GET /no/pop/multisport/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B682395A83"
x-ms-request-id: 1d1d5bd6-701e-001b-4092-bf2c01000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
webadvision.online/Fwzz35
188.114.96.1200 OK 0 B URL HTTP/2 webadvision.online/Fwzz35
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Malware
GET /Fwzz35 HTTP/1.1
Host: webadvision.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sadoom-ar.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:04 GMT
content-type: application/javascript; charset=utf-8
x-powered-by: PHP/5.4.16
expires: Thu, 21 Jul 1977 07:30:00 GMT
last-modified: Sat, 03 Sep 2022 12:50:04 GMT
cache-control: max-age=0
pragma: no-cache
set-cookie: 847ba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNjYyMjA5NDA0fSxcImNhbXBhaWduc1wiOntcIjFcIjoxNjYyMjA5NDA0fSxcInRpbWVcIjoxNjYyMjA5NDA0fSJ9.FUff7L5W60y2r4AbvKknA1omO_YouwvxTkx4zjeZsfw; expires=Tue, 04-Oct-2022 12:50:04 GMT; path=/; domain=.webadvision.online
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8NOpVsH%2FtiqPnr1l5oebUU%2B0dUS9oW8W0WFfcTPv3U4bZIyiEAu58hoiuc784t4VEbiFDaecEj0DtAy5aLRYJY8djs5LA0NbYIqAPGdkNtoQV%2FtKhhkjNSrpe9Mc12kmm9fcWQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744e9beaaf4cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:06 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
149.7.16.231200 OK 0 B URL HTTP/2 2.news-ginetu.cc/lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4=
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
GET /lands/16/?site=1011345&sub1=&sub2=&sub3=&sub4= HTTP/1.1
Host: 2.news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ginetu.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:09 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8; expires=Sat, 03-Sep-2022 13:50:09 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 108.161.188.196:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: 8b49ebba-d01e-0060-2571-bf6e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 12:50:11 GMT
date: Sat, 03 Sep 2022 12:50:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:06 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:06 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
IP 108.161.188.196:0
GET /no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://humiliatemoot.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: NGkNgKvE41ztpclvs1gdSA==
last-modified: Mon, 20 Jun 2022 12:15:00 GMT
etag: W/"0x8DA52B67FA63ED8"
x-ms-request-id: 1d208d2a-701e-001b-6793-bf2c01000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/utv-logo.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/utv-logo.svg
IP 108.161.188.196:0
GET /no/pop/multisport/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 20 Jun 2022 12:15:01 GMT
etag: W/"0x8DA52B680312C74"
x-ms-request-id: 43c78a4c-301e-000a-5892-bfb6b5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
2.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 0 B URL HTTP/2 2.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 2.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:05 GMT; Max-Age=2592000; path=/; domain=2.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
news-ginetu.cc/traffback.php?site=1011345&sub1=sub1&sub2=&sub3=&sub4=&land=16
149.7.16.231200 OK 0 B URL HTTP/2 news-ginetu.cc/traffback.php?site=1011345&sub1=sub1&sub2=&sub3=&sub4=&land=16
IP 149.7.16.231:0
ASN #63023 AS-GLOBALTELEHOST
GET /traffback.php?site=1011345&sub1=sub1&sub2=&sub3=&sub4=&land=16 HTTP/1.1
Host: news-ginetu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
Cookie: clickdata=MTAxMTM0NXw6fDE2fDp8fDp8fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/1-styles.css
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/1-styles.css
IP 108.161.188.196:0
GET /no/pop/multisport/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 20 Jun 2022 12:15:00 GMT
etag: W/"0x8DA52B67FB09D8F"
x-ms-request-id: 514a3c73-101e-0022-6c92-bfd71d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/read_json.js
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/read_json.js
IP 108.161.188.196:0
GET /no/pop/multisport/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B6834CEC1B"
x-ms-request-id: e754f29d-501e-0041-4692-bf4ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:07 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/app-store-ro.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/app-store-ro.svg
IP 108.161.188.196:0
GET /no/pop/multisport/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68300D310"
x-ms-request-id: 690d602d-501e-000c-4991-bf850a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-trust.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-trust.svg
IP 108.161.188.196:0
GET /no/pop/multisport/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B68201D7DE"
x-ms-request-id: 721f0e9a-801e-0030-4091-bfaccd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
0.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 0 B URL HTTP/2 0.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 0.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:05 GMT; Max-Age=2592000; path=/; domain=0.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.mo08.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:05 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 12:50:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
news-ranone.cc/tds.php?sid=1011345&p1=sub1&fullscreen=1
149.7.16.237302 Found 0 B URL HTTP/2 news-ranone.cc/tds.php?sid=1011345&p1=sub1&fullscreen=1
IP 149.7.16.237:0
ASN #63023 AS-GLOBALTELEHOST
Analyzer Verdict Alert quad9 Sinkholed
GET /tds.php?sid=1011345&p1=sub1&fullscreen=1 HTTP/1.1
Host: news-ranone.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9.mo08.biz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 12:50:08 GMT
content-type: text/html; charset=UTF-8
location: https://news-ginetu.cc/lands/16/?site=1011345&sub1=sub1&sub2=&sub3=&sub4=
cache-control: no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/app-sports-icon.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/app-sports-icon.svg
IP 108.161.188.196:0
GET /no/pop/multisport/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B682FA1D49"
x-ms-request-id: 4ef558d2-f01e-0077-1992-bfc796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/google-play-ro.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/google-play-ro.svg
IP 108.161.188.196:0
GET /no/pop/multisport/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 20 Jun 2022 12:15:06 GMT
etag: W/"0x8DA52B68307D6EA"
x-ms-request-id: 7bdea5da-b01e-003b-1092-bf57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
9.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
185.177.92.179200 OK 0 B URL HTTP/2 9.mo08.biz/?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=ge2dmnbugy5gi3bpgqydamy&sub1=R2M8P3strDKp HTTP/1.1
Host: 9.mo08.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8.mo08.biz/
Cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 12:50:07 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6f30225a-6d42-42e5-bf1f-173079baee9c; expires=Mon, 03-Oct-2022 12:50:07 GMT; Max-Age=2592000; path=/; domain=9.mo08.biz
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/icon-expert.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/icon-expert.svg
IP 108.161.188.196:0
GET /no/pop/multisport/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 20 Jun 2022 12:15:04 GMT
etag: W/"0x8DA52B6820929CB"
x-ms-request-id: b200f1af-601e-005a-7a92-bf74e5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/com-payments.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/com-payments.svg
IP 108.161.188.196:0
GET /no/pop/multisport/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 20 Jun 2022 12:15:02 GMT
etag: W/"0x8DA52B680877D2F"
x-ms-request-id: c9a99296-a01e-0037-4e92-bfc0ae000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/no/pop/multisport/unibet-logo.svg
108.161.188.196200 OK 0 B URL HTTP/2 welcome.unibet.com/no/pop/multisport/unibet-logo.svg
IP 108.161.188.196:0
GET /no/pop/multisport/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/no/pop/multisport/index.html?mktid=1:127656177:33284785-37950&btag=127656177_9926E055A85D41C5A0B110BD0AE33775&bid=37950&campaignId=2750545&pid=33284785
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a33284785%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1662209411070)%5c%2f%22%2c%22CookieTag%22%3a%223795033284785451240919C2022931250%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228034979970%7c1%22%7d%5d; __ucbt=node0c40atjy6hn8jm51ra65ainy26; uniattr=ST.0.T; uniattr_ref="https://humiliatemoot.com/"; campaignId=2750545; framework.forceBigLandingArea=; affiliateId=1; B-TAG=127656177_9926E055A85D41C5A0B110BD0AE33775; BID=37950; PID=33284785; REFERER=https%3A%2F%2Fhumiliatemoot.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2750545%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fmultisport%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_9926E055A85D41C5A0B110BD0AE33775%26sref%3DADST%26ADST%3D15665670%26affiliateId%3D1%26pid%3D33284785%26bid%3D37950; AFFILIATE_CAMPAIGN_ID=2750545
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 12:50:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 20 Jun 2022 12:15:01 GMT
etag: W/"0x8DA52B6805B919A"
x-ms-request-id: 2a70887a-401e-005d-3e92-bf1886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2