t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
51.161.115.163200 OK 529 B URL HTTP/1.1 t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
IP 51.161.115.163:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (591)
Hash 52ad3f9d1fffe20b086c5e6e40bd6ddb
36b6d4bf7c5ab2e2f4461c4019c96a11575ed43e
943783dae5e73e775933e3f4866926c4550b67bfca66a7625014a2bd64825cf7
GET /l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome. HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-6332cda647b1bc703135957f=63895c6fb050fe7ed630b443; expires=Mon, 05-Dec-2022 02:01:19 GMT; Max-Age=259200; path=/; domain=t3.lowtid.com; HttpOnly
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5340
Expires: Fri, 02 Dec 2022 03:30:19 GMT
Date: Fri, 02 Dec 2022 02:01:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5956
Cache-Control: max-age=122949
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:19 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:10:28 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17546
Expires: Fri, 02 Dec 2022 06:53:45 GMT
Date: Fri, 02 Dec 2022 02:01:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 01:19:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2489
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OiezOmJuod4xTdOPO1MsyDh2ck0zl6KLZwMzuoC0xTPn+ki12Ruxd1HGnLEsTpy7ogTjhBKQrHM=
x-amz-request-id: 8WM231RWD7XFEGK7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 01:45:53 GMT
age: 926
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:01:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
Cookie: bt-6332cda647b1bc703135957f=63895c6fb050fe7ed630b443
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:19 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-6332cda647b1bc703135957f=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=t3.lowtid.com; HttpOnly
Round: 11r6m6nbgk
Raund: 1zx
Location: https://kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48
t3.lowtid.com/favicon.ico
51.161.115.163200 OK 20 B URL HTTP/1.1 t3.lowtid.com/favicon.ico
IP 51.161.115.163:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /favicon.ico HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a54dc0d34214aaba21674629a67d54f1
2e4a383b7cfd9d5335dff1d8b924c7ad79cbbd18
44f8aaaaa27ca724d60d4fa66392765f1632851eb1864ca5cd5248532e35d54a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "44F8AAAAA27CA724D60D4FA66392765F1632851EB1864CA5CD5248532E35D54A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Fri, 02 Dec 2022 03:01:48 GMT
Date: Fri, 02 Dec 2022 02:01:20 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a54dc0d34214aaba21674629a67d54f1
2e4a383b7cfd9d5335dff1d8b924c7ad79cbbd18
44f8aaaaa27ca724d60d4fa66392765f1632851eb1864ca5cd5248532e35d54a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "44F8AAAAA27CA724D60D4FA66392765F1632851EB1864CA5CD5248532E35D54A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Fri, 02 Dec 2022 03:01:48 GMT
Date: Fri, 02 Dec 2022 02:01:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 01:11:15 GMT
cache-control: public,max-age=3600
age: 3005
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6008
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Last-Modified: Fri, 02 Dec 2022 00:21:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9ac02077e4bf7d799b9c92663758622
87a1e4f7872080b1c6fa3a1fe766df6df7f5c514
d44bf04703f99d679867d84dcf581dbd3fefe513505321fb63ee64297ad733a8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100429
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Etag: "638841bd-117"
Expires: Sat, 03 Dec 2022 05:55:09 GMT
Last-Modified: Thu, 01 Dec 2022 05:55:09 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f9ac02077e4bf7d799b9c92663758622
87a1e4f7872080b1c6fa3a1fe766df6df7f5c514
d44bf04703f99d679867d84dcf581dbd3fefe513505321fb63ee64297ad733a8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100429
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Etag: "638841bd-117"
Expires: Sat, 03 Dec 2022 05:55:09 GMT
Last-Modified: Thu, 01 Dec 2022 05:55:09 GMT
Server: nginx
Content-Length: 279
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mO6GvGw3nrWHP9dvJkyM0w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1ZgQ7en+aJ8juqsd7dX2QRGFIOc=
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 76787a7b3723e29f9d6575f90b1085b1
e13f33f22ef5675203e9f144600dcef8dc07fd77
aaae4262471d53fd6befcf00d41d5ed6cca3df7ebc039ac5e2ed6678e8c675e3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 03:34:03 GMT
Expires: Wed, 07 Dec 2022 03:34:02 GMT
Etag: "e13f33f22ef5675203e9f144600dcef8dc07fd77"
Cache-Control: max-age=436960,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77307961da9bb4e8-OSL
track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48
34.91.234.242302 Found 0 B URL HTTP/2 track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48
IP 34.91.234.242:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:01:21 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63895c7105d7890001740188; expires=Sat, 02 Dec 2023 02:01:21 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b892573f8c5f81c25b05f55fb899c00
5ce61277ff253f2d580e5ffce4e8b35e5f1f399d
3c59d4c99c2e9fe712036e8d04c65b16eb465aa43b74622ae126234d28ea3a00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C59D4C99C2E9FE712036E8D04C65B16EB465AA43B74622AE126234D28EA3A00"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Fri, 02 Dec 2022 02:55:32 GMT
Date: Fri, 02 Dec 2022 02:01:21 GMT
Connection: keep-alive
t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48 HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: xi
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 66ae0b4b78341156a1aa336452c080dc
ebe20f19403a9124fd378eeab82d943b890fd53b
729d7c2013164d474d00f20cda869d86da1c9de6e31832308fec1eda4fe940ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19919
Expires: Fri, 02 Dec 2022 07:33:20 GMT
Date: Fri, 02 Dec 2022 02:01:21 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
51.83.143.92200 OK 501 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (549)
Hash 2bef3da50f35e2159bd1eceddb98ba9e
a75bdc677b046a681f18a55b049d601cd2f2c958
978c399326f3de25dbc4b2b77f5e11aaf4ede85e1f2c39501538edb7a6f7a034
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63895c715b81e062f06499f9; expires=Mon, 05-Dec-2022 02:01:21 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
Cookie: bt-603611c5b7eaf46891533240=63895c715b81e062f06499f9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 11kgq037yu
Raund: 2si
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 15151
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:15:42 GMT
age: 67540
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:19:21 GMT
age: 67321
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 15995
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89502a302863c914b4de5e8c6a7f6846
898d50ac6e372609656fccee27de3d036bc0281c
9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 15206
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16a112f00456d38c4c9e051ccf40e105
8fe32fffe672f0e91ce773af0e4be960f55bad08
43517bbcd17ec6d05d09a4c0d183610acdc7e2fa4767cb786cb8b936d5f44402
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13461
x-amzn-requestid: 8c0121a6-cf29-4cd0-bd42-d9f67af62b84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsyGhGoAMF1-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7eb-593f28367320530e2dcafbfb;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: npt-A-TEzjd-QRTVhv5FMJhwlYujCRCF7tyYbathxjCdCFFEwh_vEQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:59:42 GMT
age: 75700
etag: "8fe32fffe672f0e91ce773af0e4be960f55bad08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 3d4239cc9674f9c789247a694f7a2145
48206257551c462295635b365521a1f643aedc05
14fd9168d68897a4169f75b6c956520992d1edf184bef073b5ed0f0d9c045cb1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5540
Cache-Control: max-age=109925
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:22 GMT
Etag: "63885133-116"
Expires: Sat, 03 Dec 2022 08:33:27 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:07 GMT
Server: ECS (amb/6B77)
X-Cache: HIT
Content-Length: 278
ron.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 3d4239cc9674f9c789247a694f7a2145
48206257551c462295635b365521a1f643aedc05
14fd9168d68897a4169f75b6c956520992d1edf184bef073b5ed0f0d9c045cb1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6257
Cache-Control: max-age=110642
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:22 GMT
Etag: "63885133-116"
Expires: Sat, 03 Dec 2022 08:45:24 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:07 GMT
Server: ECS (amb/6B99)
X-Cache: HIT
Content-Length: 278
pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
3.212.50.125302 0 B URL HTTP/1.1 pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
IP 3.212.50.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP/1.1
Host: pritha-ner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Fri, 02 Dec 2022 02:01:22 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500
Server: qevzxQph
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 7fd04b18b6a7aa13c60a18be8690d354
9e93f6f854f8e879236650b3db6c3357e609a4bb
c5d51a660eb6b3c487626ae53e91f6a8d9485c8cab97bd31ac68127729713553
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=107373
Date: Fri, 02 Dec 2022 02:01:23 GMT
Etag: "6388489d-1d7"
Expires: Sat, 03 Dec 2022 07:50:56 GMT
Last-Modified: Thu, 01 Dec 2022 06:24:29 GMT
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iZtBtK4P14b_3uORoV1Yw5UEpQHsCmyNzARIWPk-IUtOGhKlPAAbtA==
Age: 5187
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500
54.82.151.162200 OK 1.6 kB URL HTTP/2 bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500
IP 54.82.151.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (782)
Hash d07af833348bbe98151c039a4ab9acc1
7af12ebe8a6951f97fc3f1cad2e5d743dfe19052
75658e44935b5c7f7e90ad1274a9149e3b588d67b9cbcf8adde5274f974a1ed9
GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Fri, 02 Dec 2022 02:01:23 GMT
content-type: text/html
content-length: 1560
X-Firefox-Spdy: h2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
143.204.42.4200 OK 184 kB URL HTTP/2 d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP 143.204.42.4:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size 184 kB (184529 bytes)
Hash ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5
GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 00:38:15 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aAHveT95KlU53snfH2vwJLeDV_JDFKt0C99sJd9Q4Dam7MDyIsJ7kg==
age: 6502
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash d06c2e72f541ae9febef6cad5ec48667
211308b2ad217e40bc49e6f74454b788273c9e3d
069c430ea7d0aff680c3814ee42280647cbb3e8ba78bed0d56e0d96de1efeccc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125325
Date: Fri, 02 Dec 2022 02:01:23 GMT
Etag: "63888acf-1d7"
Expires: Sat, 03 Dec 2022 12:50:08 GMT
Last-Modified: Thu, 01 Dec 2022 11:06:55 GMT
Server: ECS (dcb/7EC9)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QhoYjXKOxb0tFlJ5KdPgc0PqDnqhj3NU-j0Yr3Nb6q5gMvJzKbTHog==
Age: 6193
popmyads.com/gget
104.21.54.194302 Found 7.8 kB IP 104.21.54.194:0
Hash 28f147c32edde42fcfabfc9cfa93edcd
4540d4c6db74de7651a1fe723ea0aa563b4c0678
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7
POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 517
Origin: https://popmyads.com
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:22 GMT
content-type: text/html; charset=UTF-8
location: http://pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Fri, 02-Dec-2022 02:01:24 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7oSRXCsjbXcOVPVX2mpd52CAHMlxKbNunL3QVJgC0Z%2BKAcIMw9pTHp5NOLz3jwUaQs4SNMV0GTsda%2FH7QRMi8QD6mxnwGwF%2FJp7EqlLjfVQp8JtEzq5KgW%2F0JbXGDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730796a6a4f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false
35.181.10.107200 OK 1.6 kB URL HTTP/2 lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false
IP 35.181.10.107:0
Hash 6ab3bd02ee48652df9d1ebb69a6b75d4
a6acc8e1fac41f4fff0a3d5e2e539af543c00c1c
e5b4af3f11655c4b7a680c4ddf002055ee969ba1234d70257874298f6994dd18
GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true
35.181.10.107200 OK 1.3 kB URL HTTP/2 lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true
IP 35.181.10.107:0
Hash 10a66d2138843c8a50fc77fee24992c4
8e0dc6ab40fbc0d923781918dc928b9b3c85e635
be7a883845c1b3f75965a1e87beb0b8c7a1a775127cf0e674d230d3a10662b96
GET /?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer
content-language: en-US
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 04:51:23 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 76204
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725
142.250.74.46200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725
IP 142.250.74.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 04:51:23 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 76204
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r.srvtrck.com/v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357
104.19.168.96302 Found 0 B URL HTTP/2 r.srvtrck.com/v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357
IP 104.19.168.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:27 GMT
content-length: 0
p3p: CP="CAO PSA OUR"
set-cookie: ykuid=4e9e9d2526264379b61caf8485c25149; Domain=.srvtrck.com; Expires=Sat, 02-Dec-2023 02:01:27 GMT; Path=/
location: /v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77307988d8c8b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r.srvtrck.com/v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07
104.19.168.96302 Found 0 B URL HTTP/2 r.srvtrck.com/v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07
IP 104.19.168.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:27 GMT
content-length: 0
location: https://www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77307989a918b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash e752c76d5290e2dd63c470c193f5196d
7171cfecb5f2f90d855ea541009f41a386093e45
c54d6cd9af5632af5c968c779eb457e03101ba6f5ccc4f4ecb99b2d796c74afd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159170
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63892578-1d7"
Expires: Sat, 03 Dec 2022 22:14:17 GMT
Last-Modified: Thu, 01 Dec 2022 22:06:48 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FuGqaeooMgyTI0Cm-VqUIRRCPAa-Jbq8W1n8ARSeLYyiQnVZdkfLyw==
Age: 449
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
35.181.10.107200 OK 4.3 kB URL HTTP/2 lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
IP 35.181.10.107:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (981)
Hash fd61d92a4a8e7583eebf7dfe00934041
0dc500d76bbe0a96958510a0a74b23294920eeba
2b89342e3617ee3c31382f6e01c91860582d5e33fde8f0a797349b95c9a53244
GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:26 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
cas=3451:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 8a1cddd0b262882d094805be6e356c7d
7fc40d0b2f9ccffe1424a4373a6a9de3f622d69d
5d985e55de14c6854a352b678a1c3c646a6439f49c13352488ec142294e73af7
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158774
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63890c2c-1d7"
Expires: Sat, 03 Dec 2022 22:07:41 GMT
Last-Modified: Thu, 01 Dec 2022 20:18:52 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q-wMJYciNlUAXBxRDfUBmAhcNfopLEjR4HbPVMmzV7mhxXSQVe4quA==
Age: 6529
www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66
2.21.192.211302 Moved Temporarily 0 B URL HTTP/1.1 www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66
IP 2.21.192.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66 HTTP/1.1
Host: www.awin1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466
Allow: GET
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Fri, 02 Dec 2022 02:01:27 GMT
Connection: keep-alive
Set-Cookie: aw12384=143466|0|0|1669946487|v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66|aw|0;domain=.awin1.com;path=/;expires=Friday, 09-Dec-2022 02:01:27 UTC;Secure;SameSite=None
bId=HLEX_63895c77c98833.82316697;domain=.awin1.com;path=/;expires=Saturday, 02-Dec-2023 02:01:27 UTC;Secure;SameSite=None
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash aec570ce810ce538a24dace485d3a05b
b0d9b5c4cdf3bf39396246032a1e31ade2d6cafa
c2b19c7927bf6a17e049a578362bae3fa8069b72c0968b0ff786b3a24c8f6466
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63882149-1d7"
Last-Modified: Fri, 02 Dec 2022 00:34:21 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kIm-UlcTZCl6S6YSb2l8nT76mUbB8k0j8MuJq2V57a66eAYWesJk3w==
Age: 5226
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Last-Modified: Fri, 02 Dec 2022 00:40:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 98aef37db000400d36e26aec2ecfd3b7
f374bea8d47dbca1876a319ce7a3894c48afa060
dc3c9196cea080950979da23f5f8b0ee0576db22f3626c22ec522a3261991067
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2002
Cache-Control: max-age=164660
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "638934d9-117"
Expires: Sat, 03 Dec 2022 23:45:47 GMT
Last-Modified: Thu, 01 Dec 2022 23:12:25 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279
tc.tradetracker.net/?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096
108.128.89.49301 Moved Permanently 279 B URL HTTP/2 tc.tradetracker.net/?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096
IP 108.128.89.49:0
Hash 2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1
GET /?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096 HTTP/1.1
Host: tc.tradetracker.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html; charset=UTF-8
location: https://www.superkul.no/?ad=&utm_source=TradeTracker&utm_medium=Banner&utm_content=&utm_campaign=TradeTracker_Afilliate
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=D20DPCS6joLwq2cmKhnaik9XQWpsOUNPY2Q5M0w4ZGNIREtRNlZ5YitScUNhaWc0NW9FZkR3TGEyS0kraWVDTGpaVkZSc3k3dEl1OTArMHdyZDN4OWhlK0RKT0dpMnYvczdDb2V3PT0%3D; expires=Sat, 02-Dec-2023 02:01:27 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None
__tdat12793=MTY2OTk0NjQ4Nzo6MDo6MzczNDA1Ojo2Mzg5NWM3NmIxZjNhYjNmYWYyYTAzNzMtUkwtMjkxMDk2OjpmOjpkYzM0NjVhY2QxM2I2NzM4ODRlNzk1ZWM3MDRmYzg2Yw%3D%3D; expires=Fri, 09-Dec-2022 02:01:27 GMT; Max-Age=604800; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4932
Cache-Control: max-age=160400
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 22:34:47 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5870
Cache-Control: max-age=161337
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:28 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 22:50:25 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/s/gts1d4/Q6Og6Kwsucs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Q6Og6Kwsucs
IP 142.250.74.131:0
Hash aff905c37e91d7e31213f889d00699ca
d96ae3da7166863566ab262fc59d90d37d415fd8
511a179d7e3d3a9aed04dfbfb540d5d31b5ed20776a3862d53cbf6232fe10811
POST /s/gts1d4/Q6Og6Kwsucs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash e14bb1df2f9526d470d456a9e92a0a4a
f3eb2ae09fa005f235e1b5c691f80c6bce7a6969
075cec18a706a3177b3707b4b475eec3ebf93e9bc60f88356da8ff46b74f0800
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130681
Date: Fri, 02 Dec 2022 02:01:28 GMT
Etag: "6388af63-1d7"
Expires: Sat, 03 Dec 2022 14:19:29 GMT
Last-Modified: Thu, 01 Dec 2022 13:42:59 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: g0bxyL-VbPYG5C_254Hp81-amidJPrtyFcEifPuky4p11laE5-XXFg==
Age: 2190
kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48
188.114.97.1200 OK 0 B URL HTTP/2 kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48
IP 188.114.97.1:0
GET /rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48 HTTP/1.1
Host: kanvo.cogliatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://t3.lowtid.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:20 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=RFAP38VZ7afnNkRkNrhL/BCCwgdX+AraFcXVQvOQLz92C7oyGMuiZturJ07vRJo5Jk5axEedr8LNeRlZhYRSGGRkX4sy6dKaBFPj2NITQsZ3Rtft4EzPG+Br3U4Q; Expires=Fri, 09 Dec 2022 02:01:20 GMT; Path=/
AWSALBCORS=RFAP38VZ7afnNkRkNrhL/BCCwgdX+AraFcXVQvOQLz92C7oyGMuiZturJ07vRJo5Jk5axEedr8LNeRlZhYRSGGRkX4sy6dKaBFPj2NITQsZ3Rtft4EzPG+Br3U4Q; Expires=Fri, 09 Dec 2022 02:01:20 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2RSX3iq76Xpgfvq5Z7J%2Fb6XX7eoR9NHFGz9uM62H%2FjJwDDZ%2FILixtczRRoTRqj%2F82XKpaDA6O%2BcunKBtZp3Bx6iktUtxv3gLFgdLMWpU4PZyt9%2BOqhINz%2Fp%2B0e0uKL0eXfSYws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730795d1c81b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.158.251200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.158.251:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:20 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 3182
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYwRMN3f6vq9ZcXKkXPCcPcnv0EPWYk%2B2a40fmC8cQeZL6YKVR5fFKAztg3MgV3nE3%2Bp%2BJ7k53eFHlbpmHIdwOWWp1WoR%2F7b4qjz1i9K7lHsC%2BQKIoBw%2BoL3yD4XrmZlzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773079602c070afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2FWAj4Q9hPJdNA4WpZBrMqdyFJy1I%2FtWVFYBKZGPJ%2F2c4Hdy5qdtT89RmenrsQbnN1%2FRxUtzjbD3Vn2ePTr4IuXDXOwBiC58E53NkVRg5JiwMz%2FARFL%2BLKk31zZ33pI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730796919d10afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
srw.bannerwidget.tech/
50.17.84.136200 OK 0 B IP 50.17.84.136:0
POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094
172.67.128.101302 Found 0 B URL HTTP/2 www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094
IP 172.67.128.101:0
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:28 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 02 Dec 2022 02:01:28 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lldNg9FwRY5jOyRJ0uMsMqjK0uGpWLo9NHnjpYqQakPvIJSWKyYhokUj1ojJPoQS8%2Bpb3mve%2B%2FE4J2Cs4wOby9qWfBynX2K5gLnUN5F1YT4BaGJRh1LF217ofkLnt9waSAGj4c%2F1Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730798dede40afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466
104.18.23.130200 OK 0 B URL HTTP/2 www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466
IP 104.18.23.130:0
GET /en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466 HTTP/1.1
Host: www.na-kd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:28 GMT
content-type: text/html; charset=utf-8
access-control-allow-headers: Access-Control-Allow-Origin, Origin, X-Requested-With, Content-Type, Accept, Authorization, ApiKey,x-includeappshelldata, x-client-version, x-resolvedynamicdata
access-control-allow-origin: *
access-control-expose-headers: Request-Context, x-server-version, x-actual-url, x-currentlanguage, x-languageurlprefixes
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: -1
pragma: no-cache
vary: Accept-Encoding
strict-transport-security: max-age=3600; includeSubDomains
x-actual-url: %2fen%3fawc%3d12384_1669946487_80fe808eff785212e30361ff3355cb41%26utm_source%3dawin_uk%26utm_medium%3daffiliate%26utm_campaign%3dYIELDKIT%2bGmbH%2b-%2bContent%2bsites%26utm_term%3d143466
x-server-version: 83.1825.8355
arr-disable-session-affinity: true
request-context: appId=cid-v1:f1f7ce9c-4689-4fbd-8927-c68fe885c5ae
x-frame-options: SAMEORIGIN
set-cookie: Culture=en-US; expires=Wed, 02-Dec-2037 02:01:27 GMT; path=/; secure; SameSite=None
.ASPXANONYMOUS=KFhk4WAfMuoPQZETraRXwNa0QWkakJK3P8NoUPZeKAWXMTlK9I2b8gWdUZcVUQIrpoR6J7ycIrrcxuF1L_NzlOKhQGS-uTLl7ccgkgH6dJE4FdYXNtYAImKtpEKNvjOIj0ll2w2; expires=Thu, 09-Feb-2023 12:41:27 GMT; path=/; secure; HttpOnly; SameSite=None
EPi:StateMarker=true; path=/
CountryCode=NOR; expires=Wed, 02-Dec-2037 02:01:27 GMT; path=/; secure; SameSite=None
OptimizelyUserKey=c9f44a28-7064-4fdd-acb4-ef497ab8b6d4; expires=Sat, 02-Dec-2023 02:01:27 GMT; path=/; SameSite=Lax
__XSRF2=HZd90yarkBDNWG3F3OtaVLLy4umhRN1fHKR8cgeswv0=; path=/; secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7730798d8e79b523-OSL
X-Firefox-Spdy: h2
gamezone.no/?utm_source=referral&utm_medium=4242
80.86.135.22200 OK 0 B URL HTTP/2 gamezone.no/?utm_source=referral&utm_medium=4242
IP 80.86.135.22:0
ASN #21119 Braathe Gruppen AS
GET /?utm_source=referral&utm_medium=4242 HTTP/1.1
Host: gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-frame-options: DENY, DENY
x-aspnet-version: 4.0.30319
set-cookie: .ASPXANONYMOUS=3RI71IM82QEkAAAANTBlODU4YWMtMGRkMC00NTM2LTliYjctOGRmMzc0OWM1M2Ji3XsKgxjVlKXzfowxs1qz0idw_fs1; expires=Thu, 09-Feb-2023 12:41:28 GMT; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=v5gqbx4y5lfnomej5yza2j5c; path=/; HttpOnly; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 02:01:28 GMT; path=/; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 02:01:28 GMT; path=/; SameSite=Lax
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
date: Fri, 02 Dec 2022 02:01:28 GMT
content-length: 20169
X-Firefox-Spdy: h2