lkhpbfwj.ga/
172.67.150.78200 OK 13 kB IP 172.67.150.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF line terminators
Hash 41bf8260dd5bc4db9383af96472f5371
a86918dbeb10508ee8626dc02dbe7053ad2a4615
e297a14a58fb59943d0f9117df19236e52b46bcdfc169ac5fad75eaf6f1dfc9a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: lkhpbfwj.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 02:05:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Set-Cookie: ab_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fx657TUISIj6N8temeQjjEbkAAA1fbsPa0yJ6FFYTxF0nRripWiJaHPZ6k2pzOhVCcACfHcYhpc0P4mb6ZDwHPPe%2FqOG5ql1k88eQT8PNUurJ0FPfQyx%2FNT%2FrViQnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76a46c69cef10b69-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7786cd9bd97e024b3a1d16215defaad2
786ddbb74b0b6bd9270622dbe0258d6caee407c1
9c297ccfd178eec7e472fb64a6b2e34d4c7a6dec32870f49982353e590196ba0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C297CCFD178EEC7E472FB64A6B2E34D4C7A6DEC32870F49982353E590196BA0"
Last-Modified: Mon, 14 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9549
Expires: Tue, 15 Nov 2022 04:44:52 GMT
Date: Tue, 15 Nov 2022 02:05:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 832aecaba9f06ee2d39d4d4bea65f13c
7195d6ffadfdbc6fc8e92c63ae28d4a3038a72dc
a437509314a97065de6c7b9e5e2b4b61f0234b45f5f5bf2649cbdf499577bfd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=122568
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:05:43 GMT
Etag: "637218f5-1d7"
Expires: Wed, 16 Nov 2022 12:08:31 GMT
Last-Modified: Mon, 14 Nov 2022 10:31:17 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 15 Nov 2022 01:44:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1284
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c15cef160d1514fc977ed4c4e97086c
ffe4ce3199658a1fc7a45d1607df40ef3911621d
db1a82d8a2bacc0257b87efec0c365c1b769700fa27ce928321e082505f1d72a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB1A82D8A2BACC0257B87EFEC0C365C1B769700FA27CE928321E082505F1D72A"
Last-Modified: Sun, 13 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18817
Expires: Tue, 15 Nov 2022 07:19:20 GMT
Date: Tue, 15 Nov 2022 02:05:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rojUZmY516GEfTSzm0dOPJXXY4UgVEo94NjzgowLN6aPfh+cwzsQjmyyAAD0ZaYAVQBsrTmdFEs=
x-amz-request-id: EEW3MVBDJK0Y6ZWZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 15 Nov 2022 01:14:04 GMT
age: 3099
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 15 Nov 2022 02:05:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
46.148.125.182204 No Content 0 B URL HTTP/2 js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
IP 46.148.125.182:0
ASN #35277 Llhost Inc. Srl
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 15 Nov 2022 02:05:43 GMT
set-cookie: __psu=a37ed3c2-8c5a-4741-9180-4d708c82fd5b; expires=Fri, 15 Nov 2024 02:05:43 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
lkhpbfwj.ga/images/video-1/puzzle.jpg
172.67.150.78200 OK 17 kB URL HTTP/1.1 lkhpbfwj.ga/images/video-1/puzzle.jpg
IP 172.67.150.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10436), with CRLF line terminators
Hash 07b3f8dc57a54627063d83093151c637
aa971387ecb7caaf0ba713327fd07cc2338b7b9b
9c5f11ed50e61582597fe2c4f6293c2e4ed7caabd4a445942bee579dc74bb16b
GET /images/video-1/puzzle.jpg HTTP/1.1
Host: lkhpbfwj.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 02:05:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: ab_referer=http%3A%2F%2Flkhpbfwj.ga%2F; expires=Sat, 14-Jan-2023 02:05:43 GMT; Max-Age=5184000; path=/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UlwyFB1U%2FhU8AiMU5mcQbY1BGCGuTvK9RZowWi%2BJoPEBA7sX2Dtj5vGjVHi4ZgDc7NwrPunnlPlioCy81L%2BKfqf4De1MVKk28TIFrTzhA7hrMKFkO1fuI4hfP%2B398g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76a46c6cffd40b69-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2abb3329ba216854cb2fd1e82141679c
1b0a92ff1c369905554a695aa0a600c1730025c2
970eced76de17c9b3380d356586eb375217bd173ea7a1b07fd79b2da0e083c9e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "970ECED76DE17C9B3380D356586EB375217BD173EA7A1B07FD79B2DA0E083C9E"
Last-Modified: Mon, 14 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11096
Expires: Tue, 15 Nov 2022 05:10:39 GMT
Date: Tue, 15 Nov 2022 02:05:43 GMT
Connection: keep-alive
769372a0a8.4073284684.com/7151c3a254da6f8e9a074d6dca19e596/43957?version_name=b
45.133.44.24200 OK 1.4 kB URL HTTP/2 769372a0a8.4073284684.com/7151c3a254da6f8e9a074d6dca19e596/43957?version_name=b
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (1407), with no line terminators
Hash c8006ea0a23fc95e8eca51524a810638
0763bc42d9e819c904c1ac22ca38a78617943b23
5fcd9be135e840f27c2dca8b3b512244f548090afb8247312f951a1b99467900
Analyzer Verdict Alert quad9 Sinkholed
GET /7151c3a254da6f8e9a074d6dca19e596/43957?version_name=b HTTP/1.1
Host: 769372a0a8.4073284684.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/json
content-length: 1407
server: nginx/1.18.0
cache-control: max-age=300
expires: Tue, 15 Nov 2022 02:10:44 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 15 Nov 2022 01:44:48 GMT
cache-control: public,max-age=3600
age: 1256
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3200044057cb585f1a435c0efece61c8
8305d5b5891288aa9996b4b4ca6fce2265413194
df45704534a24928e7659a6d8cd1b5ac9ffa9b224b02b34a2d6aed5ef69fd586
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5529
Cache-Control: max-age=117206
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:05:44 GMT
Etag: "63720535-1d7"
Expires: Wed, 16 Nov 2022 10:39:10 GMT
Last-Modified: Mon, 14 Nov 2022 09:07:01 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f496b7240cd9b3a234cb057d2a7290f
e068d582227248dcb7d4883766a90483a8c6263c
5cdcc0ec79ccbe0ac9558c1fba3527325b176cb9f436120a72e185e70c464632
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CDCC0EC79CCBE0AC9558C1FBA3527325B176CB9F436120A72E185E70C464632"
Last-Modified: Sun, 13 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2415
Expires: Tue, 15 Nov 2022 02:45:59 GMT
Date: Tue, 15 Nov 2022 02:05:44 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 15 Nov 2022 02:10:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
769372a0a8.4073284684.com/f4243085d3a55e7c6498c143af3ed047.js
45.133.44.24200 OK 27 kB URL HTTP/2 769372a0a8.4073284684.com/f4243085d3a55e7c6498c143af3ed047.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 4c72cf3073850c4af90723fd8f9172fb
e2249f6ec4abb7ac4585c8ddda227e504044429d
11660fd619cd2e845f8c5446e1f56560bf55ab0a221fb111ee2db9db6c8e2873
Analyzer Verdict Alert quad9 Sinkholed
GET /f4243085d3a55e7c6498c143af3ed047.js HTTP/1.1
Host: 769372a0a8.4073284684.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 13 Oct 2022 09:19:10 GMT
etag: W/"6347d80e-16007"
content-encoding: gzip
expires: Tue, 15 Nov 2022 02:10:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 513caaf19286a3d95f60c4a117768930
0c784d1f2daa6a2db592f2871efe63432638c181
f4eac994becb1a6b1ae98c85d3ee9d76033ed9e6b960b876d85525575fafc4d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4EAC994BECB1A6B1AE98C85D3EE9D76033ED9E6B960B876D85525575FAFC4D5"
Last-Modified: Mon, 14 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12098
Expires: Tue, 15 Nov 2022 05:27:22 GMT
Date: Tue, 15 Nov 2022 02:05:44 GMT
Connection: keep-alive
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5V2ylpes3ilGzVb61fJqJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6zsukZ39UWCfSL1u2G4tUp81mjk=
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 15 Nov 2022 02:10:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ffafb23ea4.bf34686748.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI3ODc2OTI1MjcwNTM5MTA0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTUuMSIsInRhZ19pZCI6NDM5NTcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiVmlkZW8lMjAifQ==
45.133.44.24200 OK 0 B URL HTTP/2 ffafb23ea4.bf34686748.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI3ODc2OTI1MjcwNTM5MTA0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTUuMSIsInRhZ19pZCI6NDM5NTcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiVmlkZW8lMjAifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI3ODc2OTI1MjcwNTM5MTA0MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTUuMSIsInRhZ19pZCI6NDM5NTcsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiVmlkZW8lMjAifQ== HTTP/1.1
Host: ffafb23ea4.bf34686748.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=43957
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=43957
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://lkhpbfwj.ga/
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 15 Nov 2022 02:05:44 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://lkhpbfwj.ga
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 39a4203bdbb9872ddbfd3b3722235e6c
d99036d5aae7db9ae2a0a261a98253a6b5c28e79
6f3e83322f7e7fabad1bbeb4b4fa84be48b377e1d2a29e58e941900333799404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F3E83322F7E7FABAD1BBEB4B4FA84BE48B377E1D2A29E58E941900333799404"
Last-Modified: Mon, 14 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Tue, 15 Nov 2022 04:01:15 GMT
Date: Tue, 15 Nov 2022 02:05:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 39a4203bdbb9872ddbfd3b3722235e6c
d99036d5aae7db9ae2a0a261a98253a6b5c28e79
6f3e83322f7e7fabad1bbeb4b4fa84be48b377e1d2a29e58e941900333799404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F3E83322F7E7FABAD1BBEB4B4FA84BE48B377E1D2A29E58E941900333799404"
Last-Modified: Mon, 14 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Tue, 15 Nov 2022 04:01:15 GMT
Date: Tue, 15 Nov 2022 02:05:44 GMT
Connection: keep-alive
nereserv.com/in/dip?site=native-push&wl=0&event_id=a08649a9-c9bc-4f75-8c1c-3bb11c274a46&subid=416473681&sid=751479908&spot_id=26103&created_at=2022-11-15&timezone=0&ver=8.2.0&is_native=1
168.119.25.22200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=0&event_id=a08649a9-c9bc-4f75-8c1c-3bb11c274a46&subid=416473681&sid=751479908&spot_id=26103&created_at=2022-11-15&timezone=0&ver=8.2.0&is_native=1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=0&event_id=a08649a9-c9bc-4f75-8c1c-3bb11c274a46&subid=416473681&sid=751479908&spot_id=26103&created_at=2022-11-15&timezone=0&ver=8.2.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:44 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=43957
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=43957
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22286
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 15 Nov 2022 02:05:44 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://lkhpbfwj.ga
Set-Cookie: id=6573904511240150953; Expires=Wed, 15 Nov 2023 02:05:44 GMT; Secure; SameSite=None
Vary: Origin
5ab760da26.bf34686748.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 5ab760da26.bf34686748.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 5ab760da26.bf34686748.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://lkhpbfwj.ga/
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:44 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15214
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:05:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15214
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:05:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15214
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:05:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd744cf1f-bbfc-4306-bf3d-5e1e6b8b1c90.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd744cf1f-bbfc-4306-bf3d-5e1e6b8b1c90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edc9d97a2396dfc326736cb9b2b3b474
2c5a98ad27133575ef4fa48a8ff379ee5ad51490
a89e1e9a13b72b0a826ed77a71ec92ac5548a996f6c17b11a4c002480a429333
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd744cf1f-bbfc-4306-bf3d-5e1e6b8b1c90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7873
x-amzn-requestid: 4a968a3c-c6ca-4d18-83b4-6a1d42e85fee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bef9SFIMoAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f46bb-2cd01e7d191b3eda7d743866;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:09:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jjir5UM8aqq3T3akiZx_aAcsWL5GDKBnaPA_cDlM2e9Ce6oi-wGEQA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 08:21:23 GMT
age: 63862
etag: "2c5a98ad27133575ef4fa48a8ff379ee5ad51490"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdf53960-f239-44a8-b66a-ca2ce9268f98.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdf53960-f239-44a8-b66a-ca2ce9268f98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 962f43862a852bfa6766b9a2d8bfb99d
a5283e68020826f085fb4f06e3dcd36cef9eb067
7eee8aa0f5c6bce04a86fa16fb5d3e632d54792d79c550b044a40a6f070b89d4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdf53960-f239-44a8-b66a-ca2ce9268f98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 15206
x-amzn-requestid: a04dc971-de49-4dc4-8bc2-2d3244d33ace
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnEhpEJkoAMFV9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372b470-632efaa725c2b959692e9e77;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 21:34:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ucLWmapHlWoKDoeb_ff2qbZOKGJLLQuq6RoP9mpFWOCVAJ70t13yw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:45:53 GMT
age: 15592
etag: "a5283e68020826f085fb4f06e3dcd36cef9eb067"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lp5eW92D8SbFtcQLk-LRSaSKNMNFYCW7XTALdNdrJxN6ebgdH8_1Dw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:52:43 GMT
age: 15182
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c3081d3-ef42-45da-adea-67bbc90bf9a6.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c3081d3-ef42-45da-adea-67bbc90bf9a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b18dc101656c2e449e5f54ff7b7fb10b
d5ba3b6a069a74b5db3560a265728e627f6fe18d
53a73577e37651a936a5841fe06e40475e06ce6fa9e14fc0590ddc7aba421dd2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c3081d3-ef42-45da-adea-67bbc90bf9a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4394
x-amzn-requestid: fd389a5e-b816-4bd8-a073-2f52fea5bfab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnEhtFfnIAMF1rQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372b471-133a3285137912af436daffd;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 21:34:41 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6i-blK0B05DT_CvizlmYpcDTpDV8IZLOIrukIQPW6FISAuXa1T0FdQ==
via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:45:53 GMT
age: 15592
etag: "d5ba3b6a069a74b5db3560a265728e627f6fe18d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50ad5043-e51e-4766-8f6a-d0782645cc84.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50ad5043-e51e-4766-8f6a-d0782645cc84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49fc9477e5982c76b5205fe284f50848
2ca4915631ddcda64c1cb70674f4b1379e288050
496e4e4317538bd34bc6bc28f0c772b7afaf0edac6d2a8686f5e6c4f44331bb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50ad5043-e51e-4766-8f6a-d0782645cc84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11290
x-amzn-requestid: e56e4731-696e-4c63-9b48-1be184b32098
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bhPzMHOEoAMFVJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63706014-22c49f066ed90cf35d5bba3d;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 03:10:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4GdlXHpFADt-b7aq-JhGnU4derYUx0ta39dEXO3ywma3_J0L3D1fug==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 04:13:15 GMT
age: 78750
etag: "2ca4915631ddcda64c1cb70674f4b1379e288050"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
5ab760da26.bf34686748.com/in/multy
168.119.25.22200 OK 15 kB URL HTTP/2 5ab760da26.bf34686748.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (14812), with no line terminators
Hash e85baed6cee054c76b58e563b645b405
ad1b4d62fd034a434a0dc5f8e1669e14e6e44d15
e1d68b694c3da52fbd29319a6f49828a66082bf37a23ebcc215f58c3dce1beac
POST /in/multy HTTP/1.1
Host: 5ab760da26.bf34686748.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 692
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:45 GMT
content-type: application/json
content-length: 14859
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
5ab760da26.bf34686748.com/in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=13369&price=0.00025461&is_cpm=0&cpm=0&ecpm=0.0009367514771718638&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-11-15&is_native=2&auction_queue=0&burl=3JJPUP2jgJLvC5uJakT814y9KdEU5ExqNNti618jC8vguy4hN22tqQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0003574436990197539&placement_type_id=&skin_test=0&verify_hash=49399ebd8898f66eb042b804d40b3efa&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.00025461&user_fp=0&v2_track=0&url=4C-hUqyxdrGOjPC7hWbv8prh_hb4ot0qZdg0YPJqprGdqYuFAZ0U_EjGNzlXIXM9xNA-evuQoiP8irlSt5oTcOQxQKS-pekwSfyeiYuImphhkcnOXAkIu7Q7N3HK_Dy94CqwcIzRf7a1q5ZuvafcL2dQb0y55qYSleXIJe_Vrv5YpA2TLw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.000187774875&pr=&user_keywords=&auc_type=1&aid=586&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide_SHQ-b_r-body&mlf=1&cpa=45c5d48d-dde7-4df9-926b-a87bf7fa9093
168.119.25.22302 Found 0 B URL HTTP/2 5ab760da26.bf34686748.com/in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=13369&price=0.00025461&is_cpm=0&cpm=0&ecpm=0.0009367514771718638&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-11-15&is_native=2&auction_queue=0&burl=3JJPUP2jgJLvC5uJakT814y9KdEU5ExqNNti618jC8vguy4hN22tqQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0003574436990197539&placement_type_id=&skin_test=0&verify_hash=49399ebd8898f66eb042b804d40b3efa&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.00025461&user_fp=0&v2_track=0&url=4C-hUqyxdrGOjPC7hWbv8prh_hb4ot0qZdg0YPJqprGdqYuFAZ0U_EjGNzlXIXM9xNA-evuQoiP8irlSt5oTcOQxQKS-pekwSfyeiYuImphhkcnOXAkIu7Q7N3HK_Dy94CqwcIzRf7a1q5ZuvafcL2dQb0y55qYSleXIJe_Vrv5YpA2TLw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.000187774875&pr=&user_keywords=&auc_type=1&aid=586&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide_SHQ-b_r-body&mlf=1&cpa=45c5d48d-dde7-4df9-926b-a87bf7fa9093
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=13369&price=0.00025461&is_cpm=0&cpm=0&ecpm=0.0009367514771718638&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2022-11-15&is_native=2&auction_queue=0&burl=3JJPUP2jgJLvC5uJakT814y9KdEU5ExqNNti618jC8vguy4hN22tqQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0003574436990197539&placement_type_id=&skin_test=0&verify_hash=49399ebd8898f66eb042b804d40b3efa&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.00025461&user_fp=0&v2_track=0&url=4C-hUqyxdrGOjPC7hWbv8prh_hb4ot0qZdg0YPJqprGdqYuFAZ0U_EjGNzlXIXM9xNA-evuQoiP8irlSt5oTcOQxQKS-pekwSfyeiYuImphhkcnOXAkIu7Q7N3HK_Dy94CqwcIzRf7a1q5ZuvafcL2dQb0y55qYSleXIJe_Vrv5YpA2TLw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.000187774875&pr=&user_keywords=&auc_type=1&aid=586&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide_SHQ-b_r-body&mlf=1&cpa=45c5d48d-dde7-4df9-926b-a87bf7fa9093 HTTP/1.1
Host: 5ab760da26.bf34686748.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:45 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dd31c5-7b83-42d7-b534-fb8391ac7086.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dd31c5-7b83-42d7-b534-fb8391ac7086.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e02b1cef4506be68e4a6fb309a88698c
7da0425161b8c34ccf9837a56bf77d498cdb65ad
c886c7d128895c62a8ecde5202f4383d22555298d78ef91d63b5d3ebedf448a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dd31c5-7b83-42d7-b534-fb8391ac7086.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 15 Nov 2022 02:05:45 GMT
content-type: image/jpeg
content-length: 10594
x-amzn-requestid: 4a127b1e-1914-45b3-9b55-b3b051e432d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: beepYFytoAMFnkw=
x-content-type-options: nosniff
etag: "7da0425161b8c34ccf9837a56bf77d498cdb65ad"
x-amzn-trace-id: Root=1-636f44a2-79fc1c425cdda8df43f51140;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:00:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NWg7k9tIcEFzICbVp-m8pMsICmwe6HM39-4fRsXzjZWaMGtNKcMZCQ==
age: 190790
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
5ab760da26.bf34686748.com/in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=14006&price=0.012202350683510303&is_cpm=0&cpm=0&ecpm=0.006117520754097742&crid=&crtid=b1970bb4d37e75231584db23b5320d4d&tcid=0&out_id=0&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1668564344&created_at=2022-11-15&is_native=1&auction_queue=0&burl=8YUMgexIyy7PsdgkXd2HIAbIKDB1YfT3uL0HyRgEg62QcC6MCr23Zw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.876223346090759e-05&placement_type_id=&skin_test=0&verify_hash=2ee4cff54daa414c69ae447309059182&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.012202350683510303&user_fp=0&v2_track=0&url=eYyouZLEBF48mqAYp5bjjfov3c12X09L_1_negTUsy9SnTBhypG4di1JOB9E6GMw6FEsXeXJXwasjVHwdzjmq9S-xoavNbZr_hBBP9sqgRdJyJ0ERiiPwUc81Choh71ppW1kgMeczs1IyRhn7uRBvQ_x6qoROFxwHp5TIO6gESsD9Sm-ImrHP2nv17HV7plLYJsD0Y_7GaGqSGplsPCv9_XUgWq3V9hzbiqwYb7dKf7IqBsg7kvZCY7SsJbUr6A-cztRG7fJ34INK2lCpAXZFmFLiAASRTh28dnY289EoE_r5TGEKJG33Z2a8XZ8lx3DOBDphJcpTP7-0W2ZacMLi45WoPDLbUUlHMM8KeAtPpQSa1Pxm2o6UA1Y-UAdKHzduGgQQcYIvbtPTrdlYoHvQ7nA-jp5BBfPo9m9-yMa7re07hF0IJcjO6Cw5esZcr9E6deocLBShntxWHK4e_Qy7HY1s43JHKkGnmJOdSciwo4aX6UiVeHoyl6XxfBw4SVe76wkHduV1SqY2Zoq_norxk6lbJJ0osvbkXOpPNxbdKVa5eXVG8Y4aJ_ry2f5QeZ2fRKIyXinj9lzPR_vvQnD9UT9JaXlHFYeSQjfRKWyS728uQJTNim_cA_-GBBua0A61fn8x3s5wCBB6KK9Q2HZI1jHCU34uu1ClzrYMsUhBz_ycJt4gc6j761MYGAks3F_ZQfBXDhBltTTJlHOnedfXV3iy4EmrFN-QV-K2WpFZvTya23oCZ5uIwzq1wYvFQopBRJt5DPec9QSefDT7C-YaHKmjyqpVpvOVyR938LlmiULBQhSXun81FbJHT3rjCmZfS6zS2x3t4x7dqfvoeZACrT3aIuSgWpwjZzr00XSCfnHXSt-88qu56nsPpWGTeuhMX99tipjVEsW-bEaX53Yz_KKZwo5Mb5mWMYf6CCX6SIwLfG2fTx8JK9ieZYkxGTd5HLo0idhVGB0B4WHtora2mNDtWr5jzIOvyGbH6u59r_jz0Lu-YwPQCX30DtaYIVi3qCr5I5K6042WOv43MFdhZLaj8kQJLo5WKmKXcQBaLqNl6Zqaoc8LzG-0qQe9kg-5Q&image_url=https%3A%2F%2Fs.viichxt.com%2Fn%2F1557%2Fpniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja%3D%3D%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F2812%252F812%252Frect_6325b5018fc20t1663415553r5769.jpg&skin_id=2&vertical_id=0&real_bid=0.007459296972829848&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&format=default-slide_SHQ-b_r-body&cpa=2051d400-248f-472e-b27c-0aa46439f64f
168.119.25.22302 Found 0 B URL HTTP/2 5ab760da26.bf34686748.com/in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=14006&price=0.012202350683510303&is_cpm=0&cpm=0&ecpm=0.006117520754097742&crid=&crtid=b1970bb4d37e75231584db23b5320d4d&tcid=0&out_id=0&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1668564344&created_at=2022-11-15&is_native=1&auction_queue=0&burl=8YUMgexIyy7PsdgkXd2HIAbIKDB1YfT3uL0HyRgEg62QcC6MCr23Zw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.876223346090759e-05&placement_type_id=&skin_test=0&verify_hash=2ee4cff54daa414c69ae447309059182&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.012202350683510303&user_fp=0&v2_track=0&url=eYyouZLEBF48mqAYp5bjjfov3c12X09L_1_negTUsy9SnTBhypG4di1JOB9E6GMw6FEsXeXJXwasjVHwdzjmq9S-xoavNbZr_hBBP9sqgRdJyJ0ERiiPwUc81Choh71ppW1kgMeczs1IyRhn7uRBvQ_x6qoROFxwHp5TIO6gESsD9Sm-ImrHP2nv17HV7plLYJsD0Y_7GaGqSGplsPCv9_XUgWq3V9hzbiqwYb7dKf7IqBsg7kvZCY7SsJbUr6A-cztRG7fJ34INK2lCpAXZFmFLiAASRTh28dnY289EoE_r5TGEKJG33Z2a8XZ8lx3DOBDphJcpTP7-0W2ZacMLi45WoPDLbUUlHMM8KeAtPpQSa1Pxm2o6UA1Y-UAdKHzduGgQQcYIvbtPTrdlYoHvQ7nA-jp5BBfPo9m9-yMa7re07hF0IJcjO6Cw5esZcr9E6deocLBShntxWHK4e_Qy7HY1s43JHKkGnmJOdSciwo4aX6UiVeHoyl6XxfBw4SVe76wkHduV1SqY2Zoq_norxk6lbJJ0osvbkXOpPNxbdKVa5eXVG8Y4aJ_ry2f5QeZ2fRKIyXinj9lzPR_vvQnD9UT9JaXlHFYeSQjfRKWyS728uQJTNim_cA_-GBBua0A61fn8x3s5wCBB6KK9Q2HZI1jHCU34uu1ClzrYMsUhBz_ycJt4gc6j761MYGAks3F_ZQfBXDhBltTTJlHOnedfXV3iy4EmrFN-QV-K2WpFZvTya23oCZ5uIwzq1wYvFQopBRJt5DPec9QSefDT7C-YaHKmjyqpVpvOVyR938LlmiULBQhSXun81FbJHT3rjCmZfS6zS2x3t4x7dqfvoeZACrT3aIuSgWpwjZzr00XSCfnHXSt-88qu56nsPpWGTeuhMX99tipjVEsW-bEaX53Yz_KKZwo5Mb5mWMYf6CCX6SIwLfG2fTx8JK9ieZYkxGTd5HLo0idhVGB0B4WHtora2mNDtWr5jzIOvyGbH6u59r_jz0Lu-YwPQCX30DtaYIVi3qCr5I5K6042WOv43MFdhZLaj8kQJLo5WKmKXcQBaLqNl6Zqaoc8LzG-0qQe9kg-5Q&image_url=https%3A%2F%2Fs.viichxt.com%2Fn%2F1557%2Fpniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja%3D%3D%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F2812%252F812%252Frect_6325b5018fc20t1663415553r5769.jpg&skin_id=2&vertical_id=0&real_bid=0.007459296972829848&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&format=default-slide_SHQ-b_r-body&cpa=2051d400-248f-472e-b27c-0aa46439f64f
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=3639791862160717112&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=751479908&cid=14006&price=0.012202350683510303&is_cpm=0&cpm=0&ecpm=0.006117520754097742&crid=&crtid=b1970bb4d37e75231584db23b5320d4d&tcid=0&out_id=0&ver=8.2.0&ver_c=&refdom=lkhpbfwj.ga&hostname=auc-inpage-hz-3-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1668564344&created_at=2022-11-15&is_native=1&auction_queue=0&burl=8YUMgexIyy7PsdgkXd2HIAbIKDB1YfT3uL0HyRgEg62QcC6MCr23Zw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.876223346090759e-05&placement_type_id=&skin_test=0&verify_hash=2ee4cff54daa414c69ae447309059182&score=75.04242469223816&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flkhpbfwj.ga%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=b&original_bid=0.012202350683510303&user_fp=0&v2_track=0&url=eYyouZLEBF48mqAYp5bjjfov3c12X09L_1_negTUsy9SnTBhypG4di1JOB9E6GMw6FEsXeXJXwasjVHwdzjmq9S-xoavNbZr_hBBP9sqgRdJyJ0ERiiPwUc81Choh71ppW1kgMeczs1IyRhn7uRBvQ_x6qoROFxwHp5TIO6gESsD9Sm-ImrHP2nv17HV7plLYJsD0Y_7GaGqSGplsPCv9_XUgWq3V9hzbiqwYb7dKf7IqBsg7kvZCY7SsJbUr6A-cztRG7fJ34INK2lCpAXZFmFLiAASRTh28dnY289EoE_r5TGEKJG33Z2a8XZ8lx3DOBDphJcpTP7-0W2ZacMLi45WoPDLbUUlHMM8KeAtPpQSa1Pxm2o6UA1Y-UAdKHzduGgQQcYIvbtPTrdlYoHvQ7nA-jp5BBfPo9m9-yMa7re07hF0IJcjO6Cw5esZcr9E6deocLBShntxWHK4e_Qy7HY1s43JHKkGnmJOdSciwo4aX6UiVeHoyl6XxfBw4SVe76wkHduV1SqY2Zoq_norxk6lbJJ0osvbkXOpPNxbdKVa5eXVG8Y4aJ_ry2f5QeZ2fRKIyXinj9lzPR_vvQnD9UT9JaXlHFYeSQjfRKWyS728uQJTNim_cA_-GBBua0A61fn8x3s5wCBB6KK9Q2HZI1jHCU34uu1ClzrYMsUhBz_ycJt4gc6j761MYGAks3F_ZQfBXDhBltTTJlHOnedfXV3iy4EmrFN-QV-K2WpFZvTya23oCZ5uIwzq1wYvFQopBRJt5DPec9QSefDT7C-YaHKmjyqpVpvOVyR938LlmiULBQhSXun81FbJHT3rjCmZfS6zS2x3t4x7dqfvoeZACrT3aIuSgWpwjZzr00XSCfnHXSt-88qu56nsPpWGTeuhMX99tipjVEsW-bEaX53Yz_KKZwo5Mb5mWMYf6CCX6SIwLfG2fTx8JK9ieZYkxGTd5HLo0idhVGB0B4WHtora2mNDtWr5jzIOvyGbH6u59r_jz0Lu-YwPQCX30DtaYIVi3qCr5I5K6042WOv43MFdhZLaj8kQJLo5WKmKXcQBaLqNl6Zqaoc8LzG-0qQe9kg-5Q&image_url=https%3A%2F%2Fs.viichxt.com%2Fn%2F1557%2Fpniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja%3D%3D%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F2812%252F812%252Frect_6325b5018fc20t1663415553r5769.jpg&skin_id=2&vertical_id=0&real_bid=0.007459296972829848&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&format=default-slide_SHQ-b_r-body&cpa=2051d400-248f-472e-b27c-0aa46439f64f HTTP/1.1
Host: 5ab760da26.bf34686748.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:45 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s.viichxt.com/n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 18ab53beea6b92721498385aa7147f6f
6787689cc98cef0e3433b844b11eff1c47104fcd
10fe48d3ba35717b3e96d8f07758e4f943331c737a9be081a62dc0f2439acc49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "10FE48D3BA35717B3E96D8F07758E4F943331C737A9BE081A62DC0F2439ACC49"
Last-Modified: Mon, 14 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3891
Expires: Tue, 15 Nov 2022 03:10:37 GMT
Date: Tue, 15 Nov 2022 02:05:46 GMT
Connection: keep-alive
s.viichxt.com/n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg
31.220.27.135302 Found 0 B URL HTTP/2 s.viichxt.com/n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg HTTP/1.1
Host: s.viichxt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Tue, 15 Nov 2022 02:05:46 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/492x328/image/tesr/2812/812/rect_6325b5018fc20t1663415553r5769.jpg
X-Firefox-Spdy: h2
s.viichxt.com/n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg
31.220.27.135302 Found 0 B URL HTTP/2 s.viichxt.com/n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg
IP 31.220.27.135:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1557/pniesyteab6v4blppn7veyclmbsa27kzajsx242wm5fgganecletqxt6fvldiqbsmyevw3qhnz3hswlbjjglrls5jh6z3bnptoxypk5nhf4w2csgd7pg2caqgtvylqgn4ohkp55fkeikznpt2jxufvu3uo5vkabk3a4rsyp6qoues6k2jfkfeohj6cv2o4add4uxqvcshbewtqtjz5fgbwdzl3bdtghvgxte5ye6otaflqrurfup5a5ijgwfc37dqmajy2e4cgxhnbcrwwmn4b5bna4kwts422aub7cta74wqmpojyrlculsrrjyvfgdtjk26swtrxjpyuoqjbumav2mdyzbj4kwemcuhpure2vhj4ksph7faoy4hj3omtntvozlmv4qhjwwamswj7v7rsmjnnb5iggrhtl5vlc6ch3znj7qykklu2i6jnqva6cuklehnijqhoousymipjlleown4l65osgbmjmeqy3hlmua2bdd35egf4d3fl5dwsgzgfpposfnxtdvler3qocy2v57jc6n5x7skc5e22btyzf5qy6iprk7epfrr3442sp3mwp3hhvwskskwmhojoz2xmvwk6edyqc6a5txw7cynfegz4r5ja======?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F2812%2F812%2Frect_6325b5018fc20t1663415553r5769.jpg HTTP/1.1
Host: s.viichxt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.0
date: Tue, 15 Nov 2022 02:05:46 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/492x328/image/tesr/2812/812/rect_6325b5018fc20t1663415553r5769.jpg
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
78.47.199.210200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 78.47.199.210:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 15 Nov 2022 02:05:46 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b2a1b19d7a780ff6334caa85743b7779
1fe250c2538e23628ae0016c1a1d17b90d5a3b1b
03927bf3f4aa58bb4cefbd65f5358aa31b88940cb7dfc75027281bcecc16ab65
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03927BF3F4AA58BB4CEFBD65F5358AA31B88940CB7DFC75027281BCECC16AB65"
Last-Modified: Sun, 13 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15720
Expires: Tue, 15 Nov 2022 06:27:46 GMT
Date: Tue, 15 Nov 2022 02:05:46 GMT
Connection: keep-alive
i.cdnkimg.com/auto/492x328/image/tesr/2812/812/rect_6325b5018fc20t1663415553r5769.jpg
45.133.44.36200 OK 78 kB URL HTTP/2 i.cdnkimg.com/auto/492x328/image/tesr/2812/812/rect_6325b5018fc20t1663415553r5769.jpg
IP 45.133.44.36:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 492x328, components 3\012- data
Hash 2e0f0da7006ef95c115527e4da7e5cbb
0cd8c420beab682a62a17beff7163f4a3afb4f6f
ab9a865fb89ce6846918a4483ebfae7db6b2664e9d274ae6d9f67b0ffc4dfbe8
GET /auto/492x328/image/tesr/2812/812/rect_6325b5018fc20t1663415553r5769.jpg HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:46 GMT
content-type: image/jpeg
content-length: 78410
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Tue, 29 Nov 2022 02:05:46 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
769372a0a8.4073284684.com/6986c402f61ed227e3e13935105cf716.js
45.133.44.24200 OK 0 B URL HTTP/2 769372a0a8.4073284684.com/6986c402f61ed227e3e13935105cf716.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /6986c402f61ed227e3e13935105cf716.js HTTP/1.1
Host: 769372a0a8.4073284684.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lkhpbfwj.ga
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:43 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 01 Nov 2022 13:27:00 GMT
etag: W/"63611ea4-171bc"
content-encoding: gzip
expires: Tue, 15 Nov 2022 02:10:43 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 10 Nov 2022 12:58:52 GMT
etag: W/"636cf58c-f20c"
content-encoding: gzip
expires: Tue, 15 Nov 2022 02:10:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
769372a0a8.4073284684.com/b055b37fa732268b40a7dca4a5540d62.js
45.133.44.24200 OK 0 B URL HTTP/2 769372a0a8.4073284684.com/b055b37fa732268b40a7dca4a5540d62.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /b055b37fa732268b40a7dca4a5540d62.js HTTP/1.1
Host: 769372a0a8.4073284684.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lkhpbfwj.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 15 Nov 2022 02:05:44 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 09 Nov 2022 13:36:29 GMT
etag: W/"636bacdd-473a5"
content-encoding: gzip
expires: Tue, 15 Nov 2022 02:10:44 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2