| littlecdn.com/apps/templates/_assets/videos/dating/1.mp4 |  104.22.24.116 | 206 Partial Content | 342 kB |
URL GET HTTP/2littlecdn.com/apps/templates/_assets/videos/dating/1.mp4 IP104.22.24.116:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Size342 kB (342422 bytes) Hash5841092fcc1d651999a0e75f86306f87 0d9c9071cfb1861e05b9ec3c7d3af3048eb0aa29 f385d25ffcf716b080dadd46aab2de1c5c973b62a4f44031a87e835e4921c663
GET /apps/templates/_assets/videos/dating/1.mp4 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 03 May 2024 23:53:58 GMT
content-type: video/mp4
content-length: 342422
last-modified: Fri, 03 May 2024 14:33:21 GMT
vary: Accept-Encoding
etag: "6634f5b1-53996"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 7074
content-range: bytes 0-342421/342422
server: cloudflare
cf-ray: 87e42c6c9d710b49-OSL
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=80c0ecf9d93509fad49aae55b01c9a0a |  139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=80c0ecf9d93509fad49aae55b01c9a0a IP139.45.195.8:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash4bee6e7d6c0ca43cc7fc22cf989a978e a560d51651fa2450113b32d96903cf232fbb39d8 00a9c1daac9128c4d67075a7544b6977edd4065883751ea8d99b78eae77dd3e0
GET /gid.js?userId=80c0ecf9d93509fad49aae55b01c9a0a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wesairoltix.com/
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wesairoltix.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=80c0ecf9d93509fad49aae55b01c9a0a; expires=Sat, 03 May 2025 23:53:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash4bee6e7d6c0ca43cc7fc22cf989a978e a560d51651fa2450113b32d96903cf232fbb39d8 00a9c1daac9128c4d67075a7544b6977edd4065883751ea8d99b78eae77dd3e0
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wesairoltix.com/
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Cookie: ID=80c0ecf9d93509fad49aae55b01c9a0a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wesairoltix.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=80c0ecf9d93509fad49aae55b01c9a0a; expires=Sat, 03 May 2025 23:53:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| newton.pw/nwimpr?z=6770404&b=19859121&ymid=102933786&var=6444276&var_3=810347958649237505&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dihappymdb%253A6770404%253A6444276%253A7751590%253A%7Bbrowser%7D%26mt_sub2%3D6770404%26mt_creative%3D19859121%26land_state%3Dbefore_render%26land_id%3DkGJkmKxRUugVopY%26land_generation_time%3D2024-05-03_18%3A53%3A57%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D80c0ecf9d93509fad49aae55b01c9a0a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dtracker%26land_purchase_method%3Dapk&os_version=x86.64 | 139.45.197.238 | 200 OK | 709 B |
URL GET HTTP/2newton.pw/nwimpr?z=6770404&b=19859121&ymid=102933786&var=6444276&var_3=810347958649237505&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dihappymdb%253A6770404%253A6444276%253A7751590%253A%7Bbrowser%7D%26mt_sub2%3D6770404%26mt_creative%3D19859121%26land_state%3Dbefore_render%26land_id%3DkGJkmKxRUugVopY%26land_generation_time%3D2024-05-03_18%3A53%3A57%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D80c0ecf9d93509fad49aae55b01c9a0a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dtracker%26land_purchase_method%3Dapk&os_version=x86.64 IP139.45.197.238:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectnewton.pw FingerprintE9:DE:07:49:AF:16:C8:42:71:06:C9:0C:75:6C:BB:D1:8B:5B:E4:27 ValidityFri, 05 Apr 2024 21:32:54 GMT - Thu, 04 Jul 2024 21:32:53 GMT
Hash6e5074759af1381d63958df9a51b7fa2 b78e8733a5628c5194d356ff389fb0f43ea13cc2 98471a139a15e70bbeb2dd9bbcd6abc8dd1b7c9835262d495cd52ef2c03531d6
GET /nwimpr?z=6770404&b=19859121&ymid=102933786&var=6444276&var_3=810347958649237505&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dihappymdb%253A6770404%253A6444276%253A7751590%253A%7Bbrowser%7D%26mt_sub2%3D6770404%26mt_creative%3D19859121%26land_state%3Dbefore_render%26land_id%3DkGJkmKxRUugVopY%26land_generation_time%3D2024-05-03_18%3A53%3A57%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D80c0ecf9d93509fad49aae55b01c9a0a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dtracker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: newton.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wesairoltix.com/
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:58 GMT
content-type: application/json; charset=utf-8
content-length: 709
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=04b9e664e4734effb55b738af642f765; expires=Sat, 03 May 2025 23:53:58 GMT; path=/; secure; SameSite=None
oaidts=1714780438; expires=Sat, 03 May 2025 23:53:58 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| wesairoltix.com/favicon.ico |  188.114.97.1 | 204 No Content | 0 B |
URL GET HTTP/3wesairoltix.com/favicon.ico IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 03 May 2024 23:53:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BFrsAHkGehO9A8G6rUoGuZGoXDB3Ha%2BQ6Hs%2FJSbRKqneM1FhxDkNdwcjMABIYp3EMUhSS%2BvRCVUUbok8dYTMTnSZG%2Fs1FwGGQa%2FFDa79%2BubYwhe7qrZkaMgHfd7EMY%2FwNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e42c6fbb75b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| wesairoltix.com/zone?&pub=0&zone_id=6727959&is_mobile=false&domain=wesairoltix.com&var=6770404&ymid=6444276&var_3=810410383321867196&var_4=102933786&dsig=&tg=1&sw=3.1.504&trace_id=b35185f4-d277-40be-9206-f339c78e6c4a&action=prerequest | 188.114.97.1 | 200 OK | 0 B |
URL POST HTTP/3wesairoltix.com/zone?&pub=0&zone_id=6727959&is_mobile=false&domain=wesairoltix.com&var=6770404&ymid=6444276&var_3=810410383321867196&var_4=102933786&dsig=&tg=1&sw=3.1.504&trace_id=b35185f4-d277-40be-9206-f339c78e6c4a&action=prerequest IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=6727959&is_mobile=false&domain=wesairoltix.com&var=6770404&ymid=6444276&var_3=810410383321867196&var_4=102933786&dsig=&tg=1&sw=3.1.504&trace_id=b35185f4-d277-40be-9206-f339c78e6c4a&action=prerequest HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:53:59 GMT
content-length: 0
x-trace-id: b842130b7ec494f47402c33d9b3dbc97
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=smK9920HiLv7ChtqGA%2FSVu%2FTD5RMfFlSj9iEiUjfn7icQHYKXzy3y5VUK%2Bliysa5P%2FwEKtzptWNW%2F1L8qMy%2BLZAR9MtYjIUkkHrYO0Ik4Ey1tlFA1WrRSq2apI7%2BrCU%2BYu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c709beeb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| wesairoltix.com/pfe/current/micro.tag.min.js?uhd=1&z=6727959&ymid=6444276&var=6770404&sw=/sw-check-permissions/6727959&var_4=102933786&os_version=x86.64&var_3=810410383321867196 | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3wesairoltix.com/pfe/current/micro.tag.min.js?uhd=1&z=6727959&ymid=6444276&var=6770404&sw=/sw-check-permissions/6727959&var_4=102933786&os_version=x86.64&var_3=810410383321867196 IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
GET /pfe/current/micro.tag.min.js?uhd=1&z=6727959&ymid=6444276&var=6770404&sw=/sw-check-permissions/6727959&var_4=102933786&os_version=x86.64&var_3=810410383321867196 HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:53:59 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=86400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blUy6UaZfEs1pV8zdxO1a2Ku11n41YqakCzWWb6lKHDArzrH52S0KlcqjPc5Yca%2BK%2FWo2ntmo3pZfDX7wnjwasyQs1CD%2FXkxnFv2JQFxXpegskRpp7C1EREcKMZ0AQfuKqg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c6fcb7cb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 468
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 96f22cc6eab317f5bf4d8389c4ad333c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 469
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 98fb4a087b917559ae02e2ceeb9272df
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wesairoltix.com/
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:59 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash9f1c0d75cd0f86e028739fcffc26f4e8 fca77be366588b285ed7851de100a696d80d2f44 3d006bd6f640a241f5372e98b3a3fd8a581a276613175fdac618b3336e1b4b95
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wesairoltix.com/
Content-Type: application/json
Content-Length: 1479
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:53:59 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wesairoltix.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| wesairoltix.com/sw-check-permissions/6727959?var=6770404&var_3=810410383321867196&var_4=102933786&ymid=6444276&uhd=1&zoneId=6727959 | 188.114.97.1 | 200 OK | 4.2 kB |
URL GET HTTP/3wesairoltix.com/sw-check-permissions/6727959?var=6770404&var_3=810410383321867196&var_4=102933786&ymid=6444276&uhd=1&zoneId=6727959 IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
Hash3eacbcea1eb8339f0762b993faa66e44 05a6222c31ee3f79d2aa8b392052e6bf43f0e01b 1282f286c9885f95e9495d22138bf5a1d31e0c8633bc21b432e5bd36a204372c
GET /sw-check-permissions/6727959?var=6770404&var_3=810410383321867196&var_4=102933786&ymid=6444276&uhd=1&zoneId=6727959 HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 03 May 2024 23:53:59 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZU1wlqqVwLXci7YEV01VXlnl8KQtSzDXDNhG8zctRqpSyhnKOlXPa1wp3ZOElXxnzFXCo51jKluke6IffifOutgxhVYbPENeTM4Xc%2FgFZGCAcYHD7WzAsktTHfzP%2B1fUNKE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c709bedb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | | 5.8 kB |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typegzip compressed data, max speed, from Unix Hashaa33725c2d0a3d1c2f9c878d64914807 6e83d13ec860384a977738b04ff0891a01ab519a fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 May 2024 23:54:16 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=0y2qNLJlFH1gBA-VeqNkEskK_uTVj3F0zaqyuIYW-Mcbho2ygTr2jX5MfGW8Dmdt-YzR7EoLbCQ4e2kVUKzaEjSogbMAJ0vcx_Ug8fT27ucWshSI1h_8kP_EqRA7UY1O
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=123 | 104.22.24.116 | 200 OK | 5.9 kB |
URL GET HTTP/2littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=123 IP104.22.24.116:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (6320), with no line terminators Hash622865f220163c8b2ea966baffa65bf3 040d2eb2993687b73c4453d4ba741f97324a894a c2c328afb4987cc13feebceb0bff783c50559472e007e9a70baf6e0959fc3588
GET /apps/templates/questions/video-bg/css/style.css?v=123 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:53:58 GMT
content-type: text/css
last-modified: Fri, 03 May 2024 14:33:21 GMT
vary: Accept-Encoding
etag: W/"6634f5b1-1718"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4793
server: cloudflare
cf-ray: 87e42c6c9d700b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker | 188.114.97.1 | 200 OK | 56 kB |
URL User Request GET HTTP/2wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
File typeHTML document, ASCII text, with very long lines (1952) Hashdc2481af91aa19cbf96ec951d3eedd7b 1b214c08184a049d12955f5201d2be71bf377c0f e6980081e2348d475d2833595bfb214b4fc397d5ada308e88a926c1945ecceed
GET /?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 03 May 2024 23:53:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; expires=Sat, 04-May-2024 00:53:57 GMT; Max-Age=3600; path=/
OAID=80c0ecf9d93509fad49aae55b01c9a0a; expires=Mon, 04-Sep-2079 23:47:54 GMT; Max-Age=1746316437; path=/
oaidts=1714780437; expires=Mon, 04-Sep-2079 23:47:54 GMT; Max-Age=1746316437; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6vbVEusYZzj9NZRENnfh%2Ff8CEITBMopTmy3DHTm0GlRO0DPO6yo4UaYqiEd%2F65X91DFj4bPXft3N2OPAhwth5jw1yEsmC9KqvVg5TkOHPJuEPD59RQHKarkh1J9nkM9TGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c68af120afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker&mprtr=1&os_version=x86.64 | 188.114.97.1 | 200 OK | 2 B |
URL POST HTTP/3wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker&mprtr=1&os_version=x86.64 IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker&mprtr=1&os_version=x86.64 HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wesairoltix.com
DNT: 1
Connection: keep-alive
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Fri, 03 May 2024 23:53:58 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzt2dqW%2BpZJeDxuKekOk83IImEKiux8tNqMINI7IU1xEP3D40GZe3NilrT%2FAhXfSsJ%2B5teF%2F19Rm2hVFqCbVSCfabfFyBh5lI47O%2BDA1QU4Oh1rZeboFXdG3nyQ2rhnJAt8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c6e4abfb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wesairoltix.com/rotate?zz=6246424&var=6770404&ymid=6444276&uid=80c0ecf9d93509fad49aae55b01c9a0a&var_4=102933786&os_version=x86.64 | 188.114.97.1 | 200 OK | 957 B |
URL GET HTTP/3wesairoltix.com/rotate?zz=6246424&var=6770404&ymid=6444276&uid=80c0ecf9d93509fad49aae55b01c9a0a&var_4=102933786&os_version=x86.64 IP188.114.97.1:443
Requested byhttps://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker CertificateIssuerGoogle Trust Services LLC Subjectwesairoltix.com Fingerprint2E:E9:19:07:86:31:6D:71:F0:6B:42:0A:83:DB:BE:90:1A:58:F1:17 ValidityMon, 15 Apr 2024 11:35:23 GMT - Sun, 14 Jul 2024 11:35:22 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (967), with no line terminators Hashcc08c2b6463375f05f146451d457d5c7 89153b72b6e714b0c59477aecf099e7af40a52c0 bbffbcebcbfd0488b9b90527088756092ae32ea20dc27a53c2a1e603049b3e72
GET /rotate?zz=6246424&var=6770404&ymid=6444276&uid=80c0ecf9d93509fad49aae55b01c9a0a&var_4=102933786&os_version=x86.64 HTTP/1.1
Host: wesairoltix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wesairoltix.com/?var=6444276&var_3=810347958649237505&ymid=102933786&appvar=6444276&b=19859121&z=6770404&campid=7751590&l=kGJkmKxRUugVopY&partner=8&trackerType=tracker
DNT: 1
Connection: keep-alive
Cookie: reverse=071xyBY0Q_Zt7j3O5vI7olRjeXpC8aAwwg5Ql1NLiEs; OAID=80c0ecf9d93509fad49aae55b01c9a0a; oaidts=1714780437; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 03 May 2024 23:53:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: c1e1ae4e3b355ec321ef471ec81df893
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://wesairoltix.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=80c0ecf9d93509fad49aae55b01c9a0a; expires=Sat, 03 May 2025 23:53:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x7l%2Fw786KE3%2FIInn2R68YpIiw8HFRxcEGOK%2FfgUtWxw3afNA05WokjfGW2Xx4Ym2LhampBc%2BP9VM2RnlQbRGCnZWjQKDoa0LybfUK781B9Z7BKmPJn3pvvPw%2FhTNHICY5MA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42c6efb0ab4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|