Report - t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.

Report Overview

Submitted URL
t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
IP
51.161.115.163
ASN
#16276 OVH SAS
Submitted
2022-12-02 02:01:31
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
pritha-ner.com	141698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	784 B	3.212.50.125
bnr.thedataclicks.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	773 B	1.7 kB	54.82.151.162
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.33.119.27
lnk.clickadsolutions.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	8.3 kB	35.181.10.107
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.4 kB	142.250.74.131
ocsp.r2m02.amazontrust.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.80.227
srw.bannerwidget.tech	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	136 B	50.17.84.136
t3.lowtid.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.5 kB	51.161.115.163
www.smartredirect.de	180667	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	685 B	1.1 kB	172.67.128.101
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	6.2 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.136.7
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
tc.tradetracker.net	148392	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	491 B	1.1 kB	108.128.89.49
gamezone.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	505 B	786 B	80.86.135.22
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	5.0 kB	143.204.42.158
d1aaucsx2ftut2.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	185 kB	143.204.42.4
r.srvtrck.com	45104	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.4 kB	104.19.168.96
kanvo.cogliatu.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	522 B	1.1 kB	188.114.97.1
t3.blowingwnd.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	296 B	51.161.115.163
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.33.119.27
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.2 kB	142.250.74.46
www.awin1.com	14049	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	670 B	844 B	2.21.192.211
cdn.addlnk.com	246074	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	871 B	172.67.158.251
www.na-kd.com	99353	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	582 B	1.7 kB	104.18.23.130
ron.trffclb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	1.5 kB	51.83.143.92
popmyads.com	44134	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	9.3 kB	104.21.54.194
track.gositego.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	569 B	448 B	34.91.234.242

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	trffclb.com	Sinkholed
2022-12-02	medium	trffclb.com	Sinkholed
2022-12-02	medium	trffclb.com	Sinkholed

JavaScript (10)

	URL	Size	First Seen	Last Seen
	lnk.clickadsolutions.com/?bt=trk.justquiz.com&ref=&friend=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&u=tc.tradetracker.net%252F%253Fc%253D12793%2526m%253D0%2526a%253D373405%2526r%253D63895c76b1f3ab3faf2a0373-RL-291096&log=false&type=ROTATOR_LINK&linkId=291096&clickId=63895c76b1f3ab3faf2a0373&br=false	48 B	2023-03-08	2023-04-05
Pretty URL lnk.clickadsolutions.com/?bt=trk.justquiz.com&ref=&friend=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&u=tc.tradetracker.net%252F%253Fc%253D12793%2526m%253D0%2526a%253D373405%2526r%253D63895c76b1f3ab3faf2a0373-RL-291096&log=false&type=ROTATOR_LINK&linkId=291096&clickId=63895c76b1f3ab3faf2a0373&br=false IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:51 Times Seen2 Hash 4b0a2f4dabda3d3b5356c55d46a8ad3b 48421c432e202bb4e2c4d42124cf40515ca0bcab 88b835b90d7455e201ce090833d5056c11df0b91e86c483b581121a9c361fc76 Loading...

	t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.	288 B	2023-03-07	2023-04-02
Pretty URL t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome. IP 51.161.115.163 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash 39b0d0273a1fb864d830216dd7c2e357 dc5db9208682c1f704ac3f47978f9667c1371fb5 6e15d354cc231f333118b1508b21ece489e38854d556fa95d1e0cd222a8ea570 Loading...

	bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500	732 B	2023-03-08	2023-03-08
Pretty URL bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500 IP 54.82.151.162 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-03-08 14:23:27 Times Seen1 Hash 9b73336f058a3fe3efa2e59b95bdbaaf 90b40ea8fd91171aeaf86525b3ab5ed09adf537c 9f3f8b672dd7d9b888fdfc27cda422aaeb0a9f3f02c7280a10304b9c7a2377b8 Loading...

	lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true	99 B	2023-03-08	2023-04-05
Pretty URL lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true IP 35.181.10.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:50 Times Seen2 Hash a536872d923707207a883ec41c6c690f 3e90562383a35824c8841b047f1d0c208a09304c 8fe3869a9284726d2f7f8baff0c69342a06f13f900d5a8e066f6db93054d5abd Loading...

	kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48	187 B	2023-03-08	2023-03-08
Pretty URL kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-03-08 14:23:27 Times Seen1 Hash d1978e74aec0960428aa2ab0259d552b 1cd5524db08e42ab806a39f963e578a409a24d99 0adbcd50d98caed41823c3317a51c1cd5c20a26b022c1941749bb6690aa140bd Loading...

	http:blank	644 B	2023-03-08	2023-03-08
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-03-08 14:23:27 Times Seen1 Hash b136ecf8ace9f5012198cd1e626665e2 d76ff7a363692533a4a82b849d05f238edc8f3e7 1e28ecaaca3b147f14e143688b7e91ee82a135a7083d5d139dd20cbd54b7f451 Loading...

	popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=	1.3 kB	2023-03-08	2023-03-08
Pretty URL popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= IP 104.21.54.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-03-08 14:23:27 Times Seen1 Hash 5e3afe16a4bf236118db3da850f6c368 910c9bd7702ad21c23a64bbf4a4d24edb828e189 9480c68caad48862297591217ba22e1cc40a2139ee6353dcd92ab97cecd46c17 Loading...

	t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.	243 B	2023-03-07	2023-04-02
Pretty URL t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome. IP 51.161.115.163 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash c5ece1e9d202b87cb431d3d96e5575b6 f6d83964155d7c1613c5708b3dd802cedd431061 f2bbcb4681e3c185c2ab19b1c09ce623d2d516dc49f32d3773e769ae0db74be4 Loading...

	kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48	1.5 kB	2023-03-08	2023-03-08
Pretty URL kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:28 Last Seen2023-03-08 14:23:28 Times Seen1 Hash 0d5626fdebae56014ff992a01690e716 fd01488f96d67469e05d1e6162e7528a4f74bce8 f78ed847cc26ccb6b5d18693956c53a976013449b95632907e6a06a356bda6b4 Loading...

	lnk.clickadsolutions.com/js/c.js	7.8 kB	2023-03-08	2023-03-13
Pretty URL lnk.clickadsolutions.com/js/c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:28 Last Seen2023-03-13 08:19:05 Times Seen1 Hash 28f147c32edde42fcfabfc9cfa93edcd 4540d4c6db74de7651a1fe723ea0aa563b4c0678 e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7 Loading...

HTTP Transactions (69)

URL IP Response Size

t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.

51.161.115.163

200 OK

529 B

URL HTTP/1.1
t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (591)
Size
529 B (529 bytes)
Hash
52ad3f9d1fffe20b086c5e6e40bd6ddb
36b6d4bf7c5ab2e2f4461c4019c96a11575ed43e
943783dae5e73e775933e3f4866926c4550b67bfca66a7625014a2bd64825cf7

HTTP Headers

GET /l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome. HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-6332cda647b1bc703135957f=63895c6fb050fe7ed630b443; expires=Mon, 05-Dec-2022 02:01:19 GMT; Max-Age=259200; path=/; domain=t3.lowtid.com; HttpOnly
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5340
Expires: Fri, 02 Dec 2022 03:30:19 GMT
Date: Fri, 02 Dec 2022 02:01:19 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5956
Cache-Control: max-age=122949
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:19 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:10:28 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17546
Expires: Fri, 02 Dec 2022 06:53:45 GMT
Date: Fri, 02 Dec 2022 02:01:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 01:19:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2489
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: OiezOmJuod4xTdOPO1MsyDh2ck0zl6KLZwMzuoC0xTPn+ki12Ruxd1HGnLEsTpy7ogTjhBKQrHM=
x-amz-request-id: 8WM231RWD7XFEGK7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 01:45:53 GMT
age: 926
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:01:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1

51.161.115.163

302 Found

0 B

URL HTTP/1.1
t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.&bv=1 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.
Cookie: bt-6332cda647b1bc703135957f=63895c6fb050fe7ed630b443
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:19 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-6332cda647b1bc703135957f=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=t3.lowtid.com; HttpOnly
Round: 11r6m6nbgk
Raund: 1zx
Location: https://kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48

t3.lowtid.com/favicon.ico

51.161.115.163

200 OK

20 B

URL HTTP/1.1
t3.lowtid.com/favicon.ico
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t3.lowtid.com/l.php?p=c:yfde_8vmn9xbrr_ru&d=6332cda647b1bc703135957f&s=48&pid=6361369c9b3490361b20e012&data1=us.linux.us-cable.chrome.

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
a54dc0d34214aaba21674629a67d54f1
2e4a383b7cfd9d5335dff1d8b924c7ad79cbbd18
44f8aaaaa27ca724d60d4fa66392765f1632851eb1864ca5cd5248532e35d54a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "44F8AAAAA27CA724D60D4FA66392765F1632851EB1864CA5CD5248532E35D54A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Fri, 02 Dec 2022 03:01:48 GMT
Date: Fri, 02 Dec 2022 02:01:20 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
a54dc0d34214aaba21674629a67d54f1
2e4a383b7cfd9d5335dff1d8b924c7ad79cbbd18
44f8aaaaa27ca724d60d4fa66392765f1632851eb1864ca5cd5248532e35d54a

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "44F8AAAAA27CA724D60D4FA66392765F1632851EB1864CA5CD5248532E35D54A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Fri, 02 Dec 2022 03:01:48 GMT
Date: Fri, 02 Dec 2022 02:01:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 01:11:15 GMT
cache-control: public,max-age=3600
age: 3005
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6008
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Last-Modified: Fri, 02 Dec 2022 00:21:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f9ac02077e4bf7d799b9c92663758622
87a1e4f7872080b1c6fa3a1fe766df6df7f5c514
d44bf04703f99d679867d84dcf581dbd3fefe513505321fb63ee64297ad733a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100429
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Etag: "638841bd-117"
Expires: Sat, 03 Dec 2022 05:55:09 GMT
Last-Modified: Thu, 01 Dec 2022 05:55:09 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f9ac02077e4bf7d799b9c92663758622
87a1e4f7872080b1c6fa3a1fe766df6df7f5c514
d44bf04703f99d679867d84dcf581dbd3fefe513505321fb63ee64297ad733a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100429
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:20 GMT
Etag: "638841bd-117"
Expires: Sat, 03 Dec 2022 05:55:09 GMT
Last-Modified: Thu, 01 Dec 2022 05:55:09 GMT
Server: nginx
Content-Length: 279

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mO6GvGw3nrWHP9dvJkyM0w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1ZgQ7en+aJ8juqsd7dX2QRGFIOc=

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
76787a7b3723e29f9d6575f90b1085b1
e13f33f22ef5675203e9f144600dcef8dc07fd77
aaae4262471d53fd6befcf00d41d5ed6cca3df7ebc039ac5e2ed6678e8c675e3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 03:34:03 GMT
Expires: Wed, 07 Dec 2022 03:34:02 GMT
Etag: "e13f33f22ef5675203e9f144600dcef8dc07fd77"
Cache-Control: max-age=436960,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77307961da9bb4e8-OSL

track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48

34.91.234.242

302 Found

0 B

URL HTTP/2
track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48
IP
34.91.234.242:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sl?id=6372315a14cb732daa6b203e&pid=930&sub1=puba16cb661acb949f19133eb913b51f624&sub2=54cb05ae_48 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:01:21 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63895c7105d7890001740188; expires=Sat, 02 Dec 2023 02:01:21 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b892573f8c5f81c25b05f55fb899c00
5ce61277ff253f2d580e5ffce4e8b35e5f1f399d
3c59d4c99c2e9fe712036e8d04c65b16eb465aa43b74622ae126234d28ea3a00

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C59D4C99C2E9FE712036E8D04C65B16EB465AA43B74622AE126234D28EA3A00"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Fri, 02 Dec 2022 02:55:32 GMT
Date: Fri, 02 Dec 2022 02:01:21 GMT
Connection: keep-alive

t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48

51.161.115.163

302 Found

0 B

URL HTTP/1.1
t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=63895c7105d7890001740188&s=930_54cb05ae_48 HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: xi
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
66ae0b4b78341156a1aa336452c080dc
ebe20f19403a9124fd378eeab82d943b890fd53b
729d7c2013164d474d00f20cda869d86da1c9de6e31832308fec1eda4fe940ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19919
Expires: Fri, 02 Dec 2022 07:33:20 GMT
Date: Fri, 02 Dec 2022 02:01:21 GMT
Connection: keep-alive

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48

51.83.143.92

200 OK

501 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (549)
Size
501 B (501 bytes)
Hash
2bef3da50f35e2159bd1eceddb98ba9e
a75bdc677b046a681f18a55b049d601cd2f2c958
978c399326f3de25dbc4b2b77f5e11aaf4ede85e1f2c39501538edb7a6f7a034

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63895c715b81e062f06499f9; expires=Mon, 05-Dec-2022 02:01:21 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip

ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1

51.83.143.92

302 Found

0 B

URL HTTP/1.1
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
Cookie: bt-603611c5b7eaf46891533240=63895c715b81e062f06499f9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 02:01:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 11kgq037yu
Raund: 2si
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2540
Expires: Fri, 02 Dec 2022 02:43:42 GMT
Date: Fri, 02 Dec 2022 02:01:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4840 bytes)
Hash
60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 15151
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:15:42 GMT
age: 67540
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8863 bytes)
Hash
156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:19:21 GMT
age: 67321
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 15995
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5675 bytes)
Hash
89502a302863c914b4de5e8c6a7f6846
898d50ac6e372609656fccee27de3d036bc0281c
9bc1f83d570d70b7e17e5de7a1546885851431ea989d915852ae7130387c422f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0842726-801f-4648-a54d-c0cb2cf5348a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5675
x-amzn-requestid: a47e049a-6f76-4af4-8064-fd7722bcfb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepGYEIAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-09e13afe27c4dc5b44e828be;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U_3ah2pFrsQl9IVVqm9EVI99FnF79b9zOUFVBGX966JAjkDg6UF--A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 15206
etag: "898d50ac6e372609656fccee27de3d036bc0281c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13461 bytes)
Hash
16a112f00456d38c4c9e051ccf40e105
8fe32fffe672f0e91ce773af0e4be960f55bad08
43517bbcd17ec6d05d09a4c0d183610acdc7e2fa4767cb786cb8b936d5f44402

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2cfbf1-2aef-40a6-97e1-99a756e32924.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13461
x-amzn-requestid: 8c0121a6-cf29-4cd0-bd42-d9f67af62b84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsyGhGoAMF1-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7eb-593f28367320530e2dcafbfb;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: npt-A-TEzjd-QRTVhv5FMJhwlYujCRCF7tyYbathxjCdCFFEwh_vEQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:59:42 GMT
age: 75700
etag: "8fe32fffe672f0e91ce773af0e4be960f55bad08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
3d4239cc9674f9c789247a694f7a2145
48206257551c462295635b365521a1f643aedc05
14fd9168d68897a4169f75b6c956520992d1edf184bef073b5ed0f0d9c045cb1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5540
Cache-Control: max-age=109925
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:22 GMT
Etag: "63885133-116"
Expires: Sat, 03 Dec 2022 08:33:27 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:07 GMT
Server: ECS (amb/6B77)
X-Cache: HIT
Content-Length: 278

ron.trffclb.com/favicon.ico

51.83.143.92

200 OK

20 B

URL HTTP/1.1
ron.trffclb.com/favicon.ico
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_54cb05ae_48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 02:01:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
3d4239cc9674f9c789247a694f7a2145
48206257551c462295635b365521a1f643aedc05
14fd9168d68897a4169f75b6c956520992d1edf184bef073b5ed0f0d9c045cb1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6257
Cache-Control: max-age=110642
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:22 GMT
Etag: "63885133-116"
Expires: Sat, 03 Dec 2022 08:45:24 GMT
Last-Modified: Thu, 01 Dec 2022 07:01:07 GMT
Server: ECS (amb/6B99)
X-Cache: HIT
Content-Length: 278

pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30

3.212.50.125

302

0 B

URL HTTP/1.1
pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP/1.1
Host: pritha-ner.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Date: Fri, 02 Dec 2022 02:01:22 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500
Server: qevzxQph

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7fd04b18b6a7aa13c60a18be8690d354
9e93f6f854f8e879236650b3db6c3357e609a4bb
c5d51a660eb6b3c487626ae53e91f6a8d9485c8cab97bd31ac68127729713553

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=107373
Date: Fri, 02 Dec 2022 02:01:23 GMT
Etag: "6388489d-1d7"
Expires: Sat, 03 Dec 2022 07:50:56 GMT
Last-Modified: Thu, 01 Dec 2022 06:24:29 GMT
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iZtBtK4P14b_3uORoV1Yw5UEpQHsCmyNzARIWPk-IUtOGhKlPAAbtA==
Age: 5187

bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500

54.82.151.162

200 OK

1.6 kB

URL HTTP/2
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500
IP
54.82.151.162:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (782)
Size
1.6 kB (1560 bytes)
Hash
d07af833348bbe98151c039a4ab9acc1
7af12ebe8a6951f97fc3f1cad2e5d743dfe19052
75658e44935b5c7f7e90ad1274a9149e3b588d67b9cbcf8adde5274f974a1ed9

HTTP Headers

GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-seg-4l0ult0cv&source=chartreuse-ox&keyword=&match=&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000500 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: awselb/2.0
date: Fri, 02 Dec 2022 02:01:23 GMT
content-type: text/html
content-length: 1560
X-Firefox-Spdy: h2

d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg

143.204.42.4

200 OK

184 kB

URL HTTP/2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP
143.204.42.4:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size
184 kB (184529 bytes)
Hash
ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5

HTTP Headers

GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 00:38:15 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aAHveT95KlU53snfH2vwJLeDV_JDFKt0C99sJd9Q4Dam7MDyIsJ7kg==
age: 6502
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d06c2e72f541ae9febef6cad5ec48667
211308b2ad217e40bc49e6f74454b788273c9e3d
069c430ea7d0aff680c3814ee42280647cbb3e8ba78bed0d56e0d96de1efeccc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125325
Date: Fri, 02 Dec 2022 02:01:23 GMT
Etag: "63888acf-1d7"
Expires: Sat, 03 Dec 2022 12:50:08 GMT
Last-Modified: Thu, 01 Dec 2022 11:06:55 GMT
Server: ECS (dcb/7EC9)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QhoYjXKOxb0tFlJ5KdPgc0PqDnqhj3NU-j0Yr3Nb6q5gMvJzKbTHog==
Age: 6193

popmyads.com/gget

104.21.54.194

302 Found

7.8 kB

URL HTTP/2
popmyads.com/gget
IP
104.21.54.194:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
7.8 kB (7804 bytes)
Hash
28f147c32edde42fcfabfc9cfa93edcd
4540d4c6db74de7651a1fe723ea0aa563b4c0678
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7

HTTP Headers

POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 517
Origin: https://popmyads.com
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:22 GMT
content-type: text/html; charset=UTF-8
location: http://pritha-ner.com/0646614100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Fri, 02-Dec-2022 02:01:24 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7oSRXCsjbXcOVPVX2mpd52CAHMlxKbNunL3QVJgC0Z%2BKAcIMw9pTHp5NOLz3jwUaQs4SNMV0GTsda%2FH7QRMi8QD6mxnwGwF%2FJp7EqlLjfVQp8JtEzq5KgW%2F0JbXGDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730796a6a4f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false

35.181.10.107

200 OK

1.6 kB

URL HTTP/2
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
1.6 kB (1601 bytes)
Hash
6ab3bd02ee48652df9d1ebb69a6b75d4
a6acc8e1fac41f4fff0a3d5e2e539af543c00c1c
e5b4af3f11655c4b7a680c4ddf002055ee969ba1234d70257874298f6994dd18

HTTP Headers

GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D63895c76b1f3ab3faf2a0373-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=63895c76b1f3ab3faf2a0373&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true

35.181.10.107

200 OK

1.3 kB

URL HTTP/2
lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
1.3 kB (1306 bytes)
Hash
10a66d2138843c8a50fc77fee24992c4
8e0dc6ab40fbc0d923781918dc928b9b3c85e635
be7a883845c1b3f75965a1e87beb0b8c7a1a775127cf0e674d230d3a10662b96

HTTP Headers

GET /?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253Dcbfdaa7c5ac24b759aa7cc569148b89e%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D63895c76b1f3ab3faf2a0373-RL-269357&log=false&type=ROTATOR_LINK&linkId=269357&clickId=63895c76b1f3ab3faf2a0373&br=true HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer
content-language: en-US
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598

142.250.74.46

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-264390-1&t=pageview&ds=web&aip=1&cs=TradeTracker&cm=Banner&cn=TradeTracker_Afilliate&cc=%28not+set%29&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1847688475.1676406598 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 04:51:23 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 76204
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725

142.250.74.46

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=JustQuiz&cc=291096&ck=42259&cm=Tradetracker&cn=Superkul&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.superkul.no&dp=%2F&dt=Alt+i+kostymer+og+festdekorasjoner+p%C3%A5+ett+sted%21&dr=https%3A%2F%2Fwww.justquiz.com%2Fno%2Foppdag-det-perfekte-temaet-til-festen-din&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1806795509.1715229725 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 04:51:23 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 76204
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r.srvtrck.com/v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357

104.19.168.96

302 Found

0 B

URL HTTP/2
r.srvtrck.com/v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357
IP
104.19.168.96:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v1/redirect?type=linkId&id=cbfdaa7c5ac24b759aa7cc569148b89e&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=63895c76b1f3ab3faf2a0373-RL-269357 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:27 GMT
content-length: 0
p3p: CP="CAO PSA OUR"
set-cookie: ykuid=4e9e9d2526264379b61caf8485c25149; Domain=.srvtrck.com; Expires=Sat, 02-Dec-2023 02:01:27 GMT; Path=/
location: /v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77307988d8c8b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r.srvtrck.com/v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07

104.19.168.96

302 Found

0 B

URL HTTP/2
r.srvtrck.com/v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07
IP
104.19.168.96:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2/go?t=6tcp5%3Ab%2Fbwa.6w6ne.4oa%2Ffwdlec1.0h-%3Fbid%3D52384%267da1b3064%26el9c7r6f7%3D20303000030302%3D7c6a7m9ced4-0nbwaw724F3%2553dpbt%26%3Dl%26c6r8ff%3D50916e7dbfda445e66266a8b3b35eck6ipch4t1%25bA620%250F9wa.3a5kd.1oa%269wfr7v232410014232v72fe9kai1cd65434a%3D9i040361bd1m4p3p8k6i2c6a5m4cd1bi7a6w9w5%2Ffs8t6h&e=1&ai=be8d624e7c22423ba065a308fdeff8a1&sct=0&ct=1669946487294&cu=277f697a91ed4503baa97040365bd1b4&sr=1&ykuid=4e9e9d2526264379b61caf8485c25149&sc=1&cs=7c697335e4568f92ccadfdd3c4511d07 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:27 GMT
content-length: 0
location: https://www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77307989a918b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e752c76d5290e2dd63c470c193f5196d
7171cfecb5f2f90d855ea541009f41a386093e45
c54d6cd9af5632af5c968c779eb457e03101ba6f5ccc4f4ecb99b2d796c74afd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159170
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63892578-1d7"
Expires: Sat, 03 Dec 2022 22:14:17 GMT
Last-Modified: Thu, 01 Dec 2022 22:06:48 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FuGqaeooMgyTI0Cm-VqUIRRCPAa-Jbq8W1n8ARSeLYyiQnVZdkfLyw==
Age: 449

lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024

35.181.10.107

200 OK

4.3 kB

URL HTTP/2
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (981)
Size
4.3 kB (4270 bytes)
Hash
fd61d92a4a8e7583eebf7dfe00934041
0dc500d76bbe0a96958510a0a74b23294920eeba
2b89342e3617ee3c31382f6e01c91860582d5e33fde8f0a797349b95c9a53244

HTTP Headers

GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000500&keyword=&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=chartreuse-ox&target=whiskey-seg-4l0ult0cv&trafficType=POPUP&visitorType=NON-ADULT&zid=dv3859285471e511ed9085124bff6d6e1564498d035bb44dfc98b55df1d83b76210694103a94b80db87d&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:26 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
cas=3451:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
rls=291094:1796:1796:1|269357:1796:1796:1|291096:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
com=9362:141:NO:1796:1796:1|16573:166:NO:1796:1796:1|13223:29:NO:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 02:01:26 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2

ocsp.r2m02.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8a1cddd0b262882d094805be6e356c7d
7fc40d0b2f9ccffe1424a4373a6a9de3f622d69d
5d985e55de14c6854a352b678a1c3c646a6439f49c13352488ec142294e73af7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158774
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63890c2c-1d7"
Expires: Sat, 03 Dec 2022 22:07:41 GMT
Last-Modified: Thu, 01 Dec 2022 20:18:52 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q-wMJYciNlUAXBxRDfUBmAhcNfopLEjR4HbPVMmzV7mhxXSQVe4quA==
Age: 6529

www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66

2.21.192.211

302 Moved Temporarily

0 B

URL HTTP/1.1
www.awin1.com/awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66
IP
2.21.192.211:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /awclick.php?mid=12384&id=143466&clickref2=v030400013232277f697a91ed4503baa97040365bd1b4&clickref3=30816e2d6f5a44deb6766a9b5bf58c66&p=http%3A%2F%2Fwww.na-kd.com&awcr=v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66 HTTP/1.1
Host: www.awin1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466
Allow: GET
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Fri, 02 Dec 2022 02:01:27 GMT
Connection: keep-alive
Set-Cookie: aw12384=143466|0|0|1669946487|v030400013232277f697a91ed4503baa97040365bd1b4-30816e2d6f5a44deb6766a9b5bf58c66|aw|0;domain=.awin1.com;path=/;expires=Friday, 09-Dec-2022 02:01:27 UTC;Secure;SameSite=None
bId=HLEX_63895c77c98833.82316697;domain=.awin1.com;path=/;expires=Saturday, 02-Dec-2023 02:01:27 UTC;Secure;SameSite=None
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
aec570ce810ce538a24dace485d3a05b
b0d9b5c4cdf3bf39396246032a1e31ade2d6cafa
c2b19c7927bf6a17e049a578362bae3fa8069b72c0968b0ff786b3a24c8f6466

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "63882149-1d7"
Last-Modified: Fri, 02 Dec 2022 00:34:21 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kIm-UlcTZCl6S6YSb2l8nT76mUbB8k0j8MuJq2V57a66eAYWesJk3w==
Age: 5226

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4832
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Last-Modified: Fri, 02 Dec 2022 00:40:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
98aef37db000400d36e26aec2ecfd3b7
f374bea8d47dbca1876a319ce7a3894c48afa060
dc3c9196cea080950979da23f5f8b0ee0576db22f3626c22ec522a3261991067

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2002
Cache-Control: max-age=164660
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "638934d9-117"
Expires: Sat, 03 Dec 2022 23:45:47 GMT
Last-Modified: Thu, 01 Dec 2022 23:12:25 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279

tc.tradetracker.net/?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096

108.128.89.49

301 Moved Permanently

279 B

URL HTTP/2
tc.tradetracker.net/?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096
IP
108.128.89.49:0
ASN
#16509 AMAZON-02

File type
data
Size
279 B (279 bytes)
Hash
2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1

HTTP Headers

GET /?c=12793&m=0&a=373405&r=63895c76b1f3ab3faf2a0373-RL-291096 HTTP/1.1
Host: tc.tradetracker.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html; charset=UTF-8
location: https://www.superkul.no/?ad=&utm_source=TradeTracker&utm_medium=Banner&utm_content=&utm_campaign=TradeTracker_Afilliate
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=D20DPCS6joLwq2cmKhnaik9XQWpsOUNPY2Q5M0w4ZGNIREtRNlZ5YitScUNhaWc0NW9FZkR3TGEyS0kraWVDTGpaVkZSc3k3dEl1OTArMHdyZDN4OWhlK0RKT0dpMnYvczdDb2V3PT0%3D; expires=Sat, 02-Dec-2023 02:01:27 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None
__tdat12793=MTY2OTk0NjQ4Nzo6MDo6MzczNDA1Ojo2Mzg5NWM3NmIxZjNhYjNmYWYyYTAzNzMtUkwtMjkxMDk2OjpmOjpkYzM0NjVhY2QxM2I2NzM4ODRlNzk1ZWM3MDRmYzg2Yw%3D%3D; expires=Fri, 09-Dec-2022 02:01:27 GMT; Max-Age=604800; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4932
Cache-Control: max-age=160400
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:27 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 22:34:47 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5870
Cache-Control: max-age=161337
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:28 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 22:50:25 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/s/gts1d4/Q6Og6Kwsucs

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/Q6Og6Kwsucs
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
aff905c37e91d7e31213f889d00699ca
d96ae3da7166863566ab262fc59d90d37d415fd8
511a179d7e3d3a9aed04dfbfb540d5d31b5ed20776a3862d53cbf6232fe10811

HTTP Headers

POST /s/gts1d4/Q6Og6Kwsucs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:01:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e14bb1df2f9526d470d456a9e92a0a4a
f3eb2ae09fa005f235e1b5c691f80c6bce7a6969
075cec18a706a3177b3707b4b475eec3ebf93e9bc60f88356da8ff46b74f0800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130681
Date: Fri, 02 Dec 2022 02:01:28 GMT
Etag: "6388af63-1d7"
Expires: Sat, 03 Dec 2022 14:19:29 GMT
Last-Modified: Thu, 01 Dec 2022 13:42:59 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: g0bxyL-VbPYG5C_254Hp81-amidJPrtyFcEifPuky4p11laE5-XXFg==
Age: 2190

kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48

188.114.97.1

200 OK

0 B

URL HTTP/2
kanvo.cogliatu.com/rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /rc/a33384834e?affclick=63895c6fb050fe7ed630b443&pubid=48 HTTP/1.1
Host: kanvo.cogliatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://t3.lowtid.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:20 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=RFAP38VZ7afnNkRkNrhL/BCCwgdX+AraFcXVQvOQLz92C7oyGMuiZturJ07vRJo5Jk5axEedr8LNeRlZhYRSGGRkX4sy6dKaBFPj2NITQsZ3Rtft4EzPG+Br3U4Q; Expires=Fri, 09 Dec 2022 02:01:20 GMT; Path=/
AWSALBCORS=RFAP38VZ7afnNkRkNrhL/BCCwgdX+AraFcXVQvOQLz92C7oyGMuiZturJ07vRJo5Jk5axEedr8LNeRlZhYRSGGRkX4sy6dKaBFPj2NITQsZ3Rtft4EzPG+Br3U4Q; Expires=Fri, 09 Dec 2022 02:01:20 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2RSX3iq76Xpgfvq5Z7J%2Fb6XX7eoR9NHFGz9uM62H%2FjJwDDZ%2FILixtczRRoTRqj%2F82XKpaDA6O%2BcunKBtZp3Bx6iktUtxv3gLFgdLMWpU4PZyt9%2BOqhINz%2Fp%2B0e0uKL0eXfSYws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730795d1c81b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.addlnk.com/redirect.css

172.67.158.251

200 OK

0 B

URL HTTP/2
cdn.addlnk.com/redirect.css
IP
172.67.158.251:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:20 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 3182
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYwRMN3f6vq9ZcXKkXPCcPcnv0EPWYk%2B2a40fmC8cQeZL6YKVR5fFKAztg3MgV3nE3%2Bp%2BJ7k53eFHlbpmHIdwOWWp1WoR%2F7b4qjz1i9K7lHsC%2BQKIoBw%2BoL3yD4XrmZlzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773079602c070afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

104.21.54.194

200 OK

0 B

URL HTTP/2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP
104.21.54.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:22 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2FWAj4Q9hPJdNA4WpZBrMqdyFJy1I%2FtWVFYBKZGPJ%2F2c4Hdy5qdtT89RmenrsQbnN1%2FRxUtzjbD3Vn2ePTr4IuXDXOwBiC58E53NkVRg5JiwMz%2FARFL%2BLKk31zZ33pI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730796919d10afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

srw.bannerwidget.tech/

50.17.84.136

200 OK

0 B

URL HTTP/2
srw.bannerwidget.tech/
IP
50.17.84.136:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:27 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094

172.67.128.101

302 Found

0 B

URL HTTP/2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094
IP
172.67.128.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 02:01:28 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_63895c76b1f3ab3faf2a0373-RL-291094
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 02 Dec 2022 02:01:28 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lldNg9FwRY5jOyRJ0uMsMqjK0uGpWLo9NHnjpYqQakPvIJSWKyYhokUj1ojJPoQS8%2Bpb3mve%2B%2FE4J2Cs4wOby9qWfBynX2K5gLnUN5F1YT4BaGJRh1LF217ofkLnt9waSAGj4c%2F1Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7730798dede40afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466

104.18.23.130

200 OK

0 B

URL HTTP/2
www.na-kd.com/en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466
IP
104.18.23.130:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /en?awc=12384_1669946487_80fe808eff785212e30361ff3355cb41&utm_source=awin_uk&utm_medium=affiliate&utm_campaign=YIELDKIT+GmbH+-+Content+sites&utm_term=143466 HTTP/1.1
Host: www.na-kd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:01:28 GMT
content-type: text/html; charset=utf-8
access-control-allow-headers: Access-Control-Allow-Origin, Origin, X-Requested-With, Content-Type, Accept, Authorization, ApiKey,x-includeappshelldata, x-client-version, x-resolvedynamicdata
access-control-allow-origin: *
access-control-expose-headers: Request-Context, x-server-version, x-actual-url, x-currentlanguage, x-languageurlprefixes
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: -1
pragma: no-cache
vary: Accept-Encoding
strict-transport-security: max-age=3600; includeSubDomains
x-actual-url: %2fen%3fawc%3d12384_1669946487_80fe808eff785212e30361ff3355cb41%26utm_source%3dawin_uk%26utm_medium%3daffiliate%26utm_campaign%3dYIELDKIT%2bGmbH%2b-%2bContent%2bsites%26utm_term%3d143466
x-server-version: 83.1825.8355
arr-disable-session-affinity: true
request-context: appId=cid-v1:f1f7ce9c-4689-4fbd-8927-c68fe885c5ae
x-frame-options: SAMEORIGIN
set-cookie: Culture=en-US; expires=Wed, 02-Dec-2037 02:01:27 GMT; path=/; secure; SameSite=None
.ASPXANONYMOUS=KFhk4WAfMuoPQZETraRXwNa0QWkakJK3P8NoUPZeKAWXMTlK9I2b8gWdUZcVUQIrpoR6J7ycIrrcxuF1L_NzlOKhQGS-uTLl7ccgkgH6dJE4FdYXNtYAImKtpEKNvjOIj0ll2w2; expires=Thu, 09-Feb-2023 12:41:27 GMT; path=/; secure; HttpOnly; SameSite=None
EPi:StateMarker=true; path=/
CountryCode=NOR; expires=Wed, 02-Dec-2037 02:01:27 GMT; path=/; secure; SameSite=None
OptimizelyUserKey=c9f44a28-7064-4fdd-acb4-ef497ab8b6d4; expires=Sat, 02-Dec-2023 02:01:27 GMT; path=/; SameSite=Lax
__XSRF2=HZd90yarkBDNWG3F3OtaVLLy4umhRN1fHKR8cgeswv0=; path=/; secure; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7730798d8e79b523-OSL
X-Firefox-Spdy: h2

gamezone.no/?utm_source=referral&utm_medium=4242

80.86.135.22

200 OK

0 B

URL HTTP/2
gamezone.no/?utm_source=referral&utm_medium=4242
IP
80.86.135.22:0
ASN
#21119 Braathe Gruppen AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?utm_source=referral&utm_medium=4242 HTTP/1.1
Host: gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-frame-options: DENY, DENY
x-aspnet-version: 4.0.30319
set-cookie: .ASPXANONYMOUS=3RI71IM82QEkAAAANTBlODU4YWMtMGRkMC00NTM2LTliYjctOGRmMzc0OWM1M2Ji3XsKgxjVlKXzfowxs1qz0idw_fs1; expires=Thu, 09-Feb-2023 12:41:28 GMT; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=v5gqbx4y5lfnomej5yza2j5c; path=/; HttpOnly; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 02:01:28 GMT; path=/; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 02:01:28 GMT; path=/; SameSite=Lax
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
date: Fri, 02 Dec 2022 02:01:28 GMT
content-length: 20169
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations