xdesert3dgamex.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s3=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s2=mmaa&s1=ofHsiY20iOiJNYWMiLCJzcyI6IjE2NTY3MTIzMDUiLCJycyI6IjI1OTAiLCJkcyI6IjcyMDI2NyJ9fA
188.72.236.136200 OK 6.1 kB URL HTTP/1.1 xdesert3dgamex.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s3=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s2=mmaa&s1=ofHsiY20iOiJNYWMiLCJzcyI6IjE2NTY3MTIzMDUiLCJycyI6IjI1OTAiLCJkcyI6IjcyMDI2NyJ9fA
IP 188.72.236.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6080), with no line terminators
Hash 7332d2ee88389b26dc22c5458cc47d79
775220ae00e2e5b9737029802ccc902a52c421f4
4b5ff9083cc52de116f7b570d5c816c3c6bde61cebd67ed4524f276cfc2edfa0
GET /Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s3=CRACK+Kuassa+-+Amplifikation+Caliburn+1.0.5+(VST,+VST3,+AAX,+AU)+x64&s2=mmaa&s1=ofHsiY20iOiJNYWMiLCJzcyI6IjE2NTY3MTIzMDUiLCJycyI6IjI1OTAiLCJkcyI6IjcyMDI2NyJ9fA HTTP/1.1
Host: xdesert3dgamex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 09:53:25 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=l80lNItp1QoFl6hrILo/3Fa+K43VfaZGKfhNgvIteekaJHj1u9hyp/tC+xyVDnpI8XYjPia7s2oninQF04xqLiICjU6Uo1B8a99lbUXbryrXUFIEWQvR2RO3z+d4rgbtJi8ccr+XvAA1uZ/9JGckXG5P6zG1taxIwikdFk5W7hXAcpTmVhzTm/e76gfkMFQWk4Y47EQPMfQxNP23kHnUp8q0Uq4HLPcsCuzO+Bn6ss5p5FCPnQMVcqyPdsyrJ9XlPfSwligKgKXjCmLQhdx3MOylQBHLnLlxmCmN9WDtLIvhviXYOeAHYwhHEiXcTXxg1+v3NcpnjvH49owq; Expires=Sat, 02 Sep 2023 09:53:25 GMT
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 09:41:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SibDAmmEfC8sMSW_ZCypgZhqiZFmnUgUw2Mbw6HUOtuupFVUfo7_7w==
Age: 702
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5106
Expires: Fri, 02 Sep 2022 11:18:31 GMT
Date: Fri, 02 Sep 2022 09:53:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4lfPgpSEfYkdB4KAii3qirCTsFZfYtB9aZOyBT6ZgoYn82NV7yL1Iw==
age: 31088
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xdesert3dgamex.com/favicon.ico
188.72.236.136200 OK 43 B URL HTTP/1.1 xdesert3dgamex.com/favicon.ico
IP 188.72.236.136:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: xdesert3dgamex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Cookie: bd_context=l80lNItp1QoFl6hrILo/3Fa+K43VfaZGKfhNgvIteekaJHj1u9hyp/tC+xyVDnpI8XYjPia7s2oninQF04xqLiICjU6Uo1B8a99lbUXbryrXUFIEWQvR2RO3z+d4rgbtJi8ccr+XvAA1uZ/9JGckXG5P6zG1taxIwikdFk5W7hXAcpTmVhzTm/e76gfkMFQWk4Y47EQPMfQxNP23kHnUp8q0Uq4HLPcsCuzO+Bn6ss5p5FCPnQMVcqyPdsyrJ9XlPfSwligKgKXjCmLQhdx3MOylQBHLnLlxmCmN9WDtLIvhviXYOeAHYwhHEiXcTXxg1+v3NcpnjvH49owq
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Sep 2022 09:53:26 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
174.138.110.129301 Moved Permanently 0 B URL HTTP/1.1 mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
IP 174.138.110.129:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA HTTP/1.1
Host: mybestclick.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
Content-Length: 0
Date: Fri, 02 Sep 2022 09:53:26 GMT
Server: lighttpd/1.4.54
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d8d350ccee2b15f48db26e5d985fdd18
6b0239ddacc119f5975eb5c0df1745710cefacf8
7e47260f2fa164a30f86941718b25df3dd94f5123755a17c6e72e08225eba2c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E47260F2FA164A30F86941718B25DF3DD94F5123755A17C6E72E08225EBA2C2"
Last-Modified: Thu, 01 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3838
Expires: Fri, 02 Sep 2022 10:57:24 GMT
Date: Fri, 02 Sep 2022 09:53:26 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 02 Sep 2022 09:38:16 GMT
Cache-Control: max-age=3600
Expires: Fri, 02 Sep 2022 10:11:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zKMkxhCuXDxohifISSXhTr_vmt0mveWBA1O-DoAwaTQdA4lFl94WsQ==
Age: 910
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2eb022bbcb69557dc09477b624814e87
6030f2c630a01fbc027c887d31e696f84cc60c97
d7a508e276f0ca1b58b6af39720fb7ebb26fb38df50a159eb82d1d2542610b85
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6487
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:26 GMT
Last-Modified: Fri, 02 Sep 2022 08:05:19 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
174.138.110.129302 Found 0 B URL HTTP/1.1 www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
IP 174.138.110.129:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA HTTP/1.1
Host: www.mybestclick.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: PHP/5.6.40
Set-Cookie: prosearch_6179=23180000e10600001207000096d21163acf81163; expires=Sun, 02-Oct-2022 09:53:26 GMT; Max-Age=2592000; path=/; domain=.mybestclick.mobi
Refresh: 1 ; url=https://grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163
Content-type: text/html; charset=UTF-8
Content-Length: 0
Date: Fri, 02 Sep 2022 09:53:26 GMT
Server: lighttpd/1.4.54
www.mybestclick.mobi/favicon.ico
174.138.110.129200 OK 3.8 kB URL HTTP/1.1 www.mybestclick.mobi/favicon.ico
IP 174.138.110.129:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 94ef1ad99964f1819256ed1ff2eea701
6d8bdf8410a6b178449687f2d04172783874f814
5c00d954319944b33d6e8ef3e7c2fe3dcf5af5cc8cab098322a9fc12da813eb5
GET /favicon.ico HTTP/1.1
Host: www.mybestclick.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AJXSEWPgiAAAg1ICAE5PFgAMACym61UA
Cookie: prosearch_6179=23180000e10600001207000096d21163acf81163
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Accept-Ranges: bytes
ETag: "3886009543"
Last-Modified: Thu, 19 Feb 2015 16:20:20 GMT
Content-Length: 3829
Date: Fri, 02 Sep 2022 09:53:26 GMT
Server: lighttpd/1.4.54
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 45f9HUXesMubystcfhQVPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: b4gzTNBRNiTkTK26iDVWfMj0Mbo=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07e400c265cdb052f8d06ed612155e32
9b2bffb56abeeee3c1a7a08009a018f3d03d0432
12bc5fbbaf66dbb3d778db71b1158c6cf2c1a92f7e4dc95afd45efbd48c9639e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12BC5FBBAF66DBB3D778DB71B1158C6CF2C1A92F7E4DC95AFD45EFBD48C9639E"
Last-Modified: Wed, 31 Aug 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3761
Expires: Fri, 02 Sep 2022 10:56:09 GMT
Date: Fri, 02 Sep 2022 09:53:28 GMT
Connection: keep-alive
grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163
139.45.197.236302 Found 0 B URL HTTP/2 grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163 HTTP/1.1
Host: grehtrsan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Sep 2022 09:53:28 GMT
content-length: 0
location: https://tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e10600001207000096d21163acf81163%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 68840d8e76b2da0529b18e6898c9f0a6
link: <https://tagstaticx.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=bcbfa4657aba4be084c179728926f430; expires=Sat, 02 Sep 2023 09:53:28 GMT
oaidts=1662112408; expires=Sat, 02 Sep 2023 09:53:28 GMT
phpckd5066548=true; expires=Sat, 03 Sep 2022 09:53:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12347
Expires: Fri, 02 Sep 2022 13:19:15 GMT
Date: Fri, 02 Sep 2022 09:53:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12347
Expires: Fri, 02 Sep 2022 13:19:15 GMT
Date: Fri, 02 Sep 2022 09:53:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12347
Expires: Fri, 02 Sep 2022 13:19:15 GMT
Date: Fri, 02 Sep 2022 09:53:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 13:35:58 GMT
age: 73050
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d8dbbab-ec34-41df-989d-0ce5bf4afcef.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d8dbbab-ec34-41df-989d-0ce5bf4afcef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e52650d274a413fd0853e5b04af980b3
83eb3c6116a797c56cc4c655a475bcb8b53625fd
9f22b314e92c0ca2f60b1c3623d7c952ffa8b2a262d315deef69027f3607a3c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d8dbbab-ec34-41df-989d-0ce5bf4afcef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9374
x-amzn-requestid: 48f34c33-6378-440c-ae5b-1d517329281a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMDKHV8IAMFhEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631126e0-4effc8d62d5a3cf3260b3113;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:40:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: abgJbMNS8A5-9Yjzq1mymtp_7b0kfvjvDDjVoxHdlIOUfy-I_G98Pw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:00:42 GMT
age: 42766
etag: "83eb3c6116a797c56cc4c655a475bcb8b53625fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e05660322f0368dd2bf8067d7e4554d
ec65cb47d86488f734c945a210d5f636a40fea2c
98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAMCgNpYR80vXSDyHFOFcbT8VukBemR2AGoGNaCfYaszKshu-gv6zg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:54:15 GMT
age: 43153
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ba50b2fd1814c5ffc95aef40c69ce8c
cbb4546228115cccc122b16209e70171bef5c1f2
de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:48:18 GMT
age: 39910
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
age: 44162
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e10600001207000096d21163acf81163%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
172.67.170.35200 OK 10 kB URL HTTP/2 tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e10600001207000096d21163acf81163%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
IP 172.67.170.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (448)
Hash 7dd27caa2c6bd34d6e98b420a0ba1bb6
25431b8a5f7432bdf8c989953398610d86014e39
09842ae6659ecdbaf19c596445da186918ae720ac22ddfdcb39c56c1a8cd169c
GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e10600001207000096d21163acf81163%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576 HTTP/1.1
Host: tagstaticx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 09:53:28 GMT
content-type: text/html
last-modified: Thu, 04 Aug 2022 15:17:25 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FYkkrRC3olDWygR80781JHZKUW1SBpIfY%2BNfdsnxZnAkrOB3qJa9btvMom0LMwl4xWgVQpNrGFaWpuTP1PUSOfuzXCcLumxYhZSY0gU3WWlKfCm6nprfvRYGROBa52%2FEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74455bd6e8bdb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cac347d3e4f331f2976802890daa3fed
56f4c0f9d3c630061eba844041761653697ef52d
ef432ae07e1f1fb3e501e4207dc289f4dfb35849076fc7781fdf1fde3dacd8fe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 21:40:13 GMT
Expires: Thu, 08 Sep 2022 21:40:12 GMT
Etag: "56f4c0f9d3c630061eba844041761653697ef52d"
Cache-Control: max-age=560203,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bd998abb4fa-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cac347d3e4f331f2976802890daa3fed
56f4c0f9d3c630061eba844041761653697ef52d
ef432ae07e1f1fb3e501e4207dc289f4dfb35849076fc7781fdf1fde3dacd8fe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 21:40:13 GMT
Expires: Thu, 08 Sep 2022 21:40:12 GMT
Etag: "56f4c0f9d3c630061eba844041761653697ef52d"
Cache-Control: max-age=560203,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bd99be8b500-OSL
tagdatax.com/version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 57 B URL HTTP/1.1 tagdatax.com/version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash dc36a7493ee2d9546f1ccf5ffd8ff9ab
d39599ff88afc412a8c8ff6dfe880e0a0fe92c2d
1e46947fb2c190ad026b11c2b7da0b6ce998f60857f178c2ff118bd9d5999e2f
GET /version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/javascript
Content-Length: 57
Connection: keep-alive
Cache-Control: private, max-age=63072000
tagdatax.com/ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253101 Switching Protocols 0 B URL HTTP/1.1 tagdatax.com/ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tagstaticx.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tsm99nYrBlTm3deC3wu5Yg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:28 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: linoZPWmNjjuXCTrWENDFKZlZHE=
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cac347d3e4f331f2976802890daa3fed
56f4c0f9d3c630061eba844041761653697ef52d
ef432ae07e1f1fb3e501e4207dc289f4dfb35849076fc7781fdf1fde3dacd8fe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 21:40:13 GMT
Expires: Thu, 08 Sep 2022 21:40:12 GMT
Etag: "56f4c0f9d3c630061eba844041761653697ef52d"
Cache-Control: max-age=560203,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bd99c71b51e-OSL
tagdatax.com/ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 361
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash cac347d3e4f331f2976802890daa3fed
56f4c0f9d3c630061eba844041761653697ef52d
ef432ae07e1f1fb3e501e4207dc289f4dfb35849076fc7781fdf1fde3dacd8fe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 21:40:13 GMT
Expires: Thu, 08 Sep 2022 21:40:12 GMT
Etag: "56f4c0f9d3c630061eba844041761653697ef52d"
Cache-Control: max-age=560203,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bd999b60b02-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 41ea586f0e66dcd46f50ab3938543b12
d7a3d6a40066652fc85cdaab9e613246b6af4aab
60b133ec87e89ec28689b760f6ce265eee0e935dca93f42543885a05f8b19a79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 18:25:21 GMT
Expires: Thu, 08 Sep 2022 18:25:20 GMT
Etag: "d7a3d6a40066652fc85cdaab9e613246b6af4aab"
Cache-Control: max-age=548511,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bd96a01b506-OSL
tagdatax.com/pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 28 B URL HTTP/1.1 tagdatax.com/pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 160988f32f3a9fc12fd2958350f5a758
ea0e78c6b9e28345b0c69748ed7b4a6dca96c711
3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18
GET /pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: image/jpeg
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag
Etag: 424d5a2f-4ce0-4e53-809e-7ed4b189cf81
Cache-Control: private, must-revalidate, proxy-revalidate
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 4b7597c4a218b57e67f4d11487cfb364
0d755c7928e12cae6f370b0e9a7be42d9cfa70cc
693239798d8719ba267fbafc7e280278088594acaa1d1633ed0c2ed865f7dbcc
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://tagstaticx.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1c6d6000ffea426d9433f8d0e8234d1f; expires=Sat, 02 Sep 2023 09:53:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tagdatax.com/etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 382
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67921e2bd7c620bdd4db5ed1e73d3146
1deaa030ab490c63f94bde4c7ada5e2f849fb506
7fcee2496cdc63c9779941621d9e61acd006910947ccb6c7e98f383b0bf4574c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 003e8a2cb35bb65683fccbf8bf7a9797
b26fbc7607825162686c7e164d51956addeb1a6c
a71ec1144878270f76c09c51967a1d24b7d82dd700e83216be1e814a74796403
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67921e2bd7c620bdd4db5ed1e73d3146
1deaa030ab490c63f94bde4c7ada5e2f849fb506
7fcee2496cdc63c9779941621d9e61acd006910947ccb6c7e98f383b0bf4574c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67921e2bd7c620bdd4db5ed1e73d3146
1deaa030ab490c63f94bde4c7ada5e2f849fb506
7fcee2496cdc63c9779941621d9e61acd006910947ccb6c7e98f383b0bf4574c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67921e2bd7c620bdd4db5ed1e73d3146
1deaa030ab490c63f94bde4c7ada5e2f849fb506
7fcee2496cdc63c9779941621d9e61acd006910947ccb6c7e98f383b0bf4574c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png
142.250.74.164200 OK 3.9 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png
IP 142.250.74.164:0
File type PNG image data, 180 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash c198051c3b22e6fa2e26712e855da980
6cac1226aff75d94809534c373f43a28253879da
a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
GET /images/branding/googlelogo/2x/googlelogo_color_90x40dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3934
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png
142.250.74.164200 OK 5.1 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png
IP 142.250.74.164:0
File type PNG image data, 240 x 88, 8-bit/color RGBA, non-interlaced\012- data
Hash 8d2b7f3d00f50b8aebb7d1c002c64ca1
b3d5a78c18020868d322a0ac54c9d8e45a59a3b3
29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
GET /images/branding/googlelogo/2x/googlelogo_color_120x44dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5087
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
142.250.74.164200 OK 6.0 kB URL HTTP/2 www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
IP 142.250.74.164:0
File type PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash 8f9327db2597fa57d2f42b4a6c5a9855
1737d3dfb411c07b86ed8bd30f5987a4dc397cc1
5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5969
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
IP 142.250.74.164:0
File type PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 80fa4bcab0351fdccb69c66fb55dcd00
26f471f6ebe3b11557506f6ae96156e0a3852e5b
262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
GET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 13504
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png
142.250.74.164200 OK 7.0 kB URL HTTP/2 www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png
IP 142.250.74.164:0
File type PNG image data, 320 x 112, 8-bit/color RGBA, non-interlaced\012- data
Hash d6b993cd3a71d84e8dd51dc9bf01f537
41f57a52be2447b7b4ee458887e860a702150396
9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
GET /images/branding/googlelogo/2x/googlelogo_color_160x56dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7048
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130200 OK 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Fri, 02 Sep 2022 09:53:28 GMT
expires: Fri, 02 Sep 2022 09:53:28 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3262283398087910291
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dc076b754adaddcb000f3f987b6c5df2
01e9b40591692b8b2a6a94729e9481c7e600d248
9dbf2e71e1cbad91a71154b729e8ef496eda7544828a8bfd4f64e6dd70c4f64d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 003e8a2cb35bb65683fccbf8bf7a9797
b26fbc7607825162686c7e164d51956addeb1a6c
a71ec1144878270f76c09c51967a1d24b7d82dd700e83216be1e814a74796403
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tagdatax.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
139.45.195.253200 OK 2 B URL HTTP/1.1 tagdatax.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 139.45.195.253:0
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: tagdatax.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 1980
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Sep 2022 09:53:29 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
grehtrsan.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/2 grehtrsan.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: grehtrsan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
Cookie: OAID=bcbfa4657aba4be084c179728926f430; oaidts=1662112408; phpckd5066548=true; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 02 Sep 2022 09:53:29 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 41ea586f0e66dcd46f50ab3938543b12
d7a3d6a40066652fc85cdaab9e613246b6af4aab
60b133ec87e89ec28689b760f6ce265eee0e935dca93f42543885a05f8b19a79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:29 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 18:25:21 GMT
Expires: Thu, 08 Sep 2022 18:25:20 GMT
Etag: "d7a3d6a40066652fc85cdaab9e613246b6af4aab"
Cache-Control: max-age=548510,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455bddbf15b4fa-OSL
grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
139.45.197.236200 OK 3.0 kB URL HTTP/2 grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
IP 139.45.197.236:0
Hash b7943a9d92f0defed0f0c1ae458dc6c6
30341b40cacca639c98ebb826e9d8b946e258558
3ba72b0fff0d0138fa41d3e6d78d8e4843665587021c738e680f917739ed306f
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5066548&var=1803&ymid=3_23180000e10600001207000096d21163acf81163&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576 HTTP/1.1
Host: grehtrsan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: OAID=bcbfa4657aba4be084c179728926f430; oaidts=1662112408; phpckd5066548=true
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:29 GMT
content-type: text/html; charset=utf8
x-trace-id: dfe0a09b568be082fa4161badee0de9e
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=bcbfa4657aba4be084c179728926f430; expires=Sat, 02 Sep 2023 09:53:29 GMT; path=/; secure; SameSite=None
oaidts=1662112408; expires=Sat, 02 Sep 2023 09:53:29 GMT; path=/; secure; SameSite=None
allcnt=1; expires=Sat, 02 Sep 2023 09:53:29 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a65d18328d3147fa0e530f10076ff066
e11f9e48b4e96a3c88eb9bcbee87c4cb042ea827
3915ba9c5c44be21b0045e3b08e1b903ea12e784a879a811ceec7f1a36d4aa2c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3915BA9C5C44BE21B0045E3B08E1B903EA12E784A879A811CEEC7F1A36D4AA2C"
Last-Modified: Wed, 31 Aug 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2430
Expires: Fri, 02 Sep 2022 10:33:59 GMT
Date: Fri, 02 Sep 2022 09:53:29 GMT
Connection: keep-alive
lassampy.com/?z=5066550&syncedCookie=true&rhd=false
139.45.197.237302 Found 0 B URL HTTP/2 lassampy.com/?z=5066550&syncedCookie=true&rhd=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5066550&syncedCookie=true&rhd=false HTTP/1.1
Host: lassampy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 614
Origin: https://grehtrsan.com
Connection: keep-alive
Referer: https://grehtrsan.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Sep 2022 09:53:29 GMT
content-length: 0
location: https://mytopwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=2099e97b103a4c308d395e45757940ec&pshr=0&rd=0&s=589504773464797337&ssk=bc181599fd2ebae1d8238325da23ede3&svar=1662112409&tb=5202628&tbad=5234825&vi=0&vo=0&z=5066550&rdk=rk3
x-trace-id: e531f18f9bced9535c3b3839ae32418a
link: <https://mytopwords.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://grehtrsan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=2099e97b103a4c308d395e45757940ec; expires=Sat, 02 Sep 2023 09:53:29 GMT; path=/; secure; SameSite=None
oaidts=1662112409; expires=Sat, 02 Sep 2023 09:53:29 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 99ea252cfa2eed19191170984b723ad1
65a360e06cd68ee1c19675bee09123637c1462f9
6012d314d0973dd308425b009df0b41090ab3a9f3ffc630a894da4676dadc905
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6012D314D0973DD308425B009DF0B41090AB3A9F3FFC630A894DA4676DADC905"
Last-Modified: Thu, 01 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20427
Expires: Fri, 02 Sep 2022 15:33:56 GMT
Date: Fri, 02 Sep 2022 09:53:29 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 99ea252cfa2eed19191170984b723ad1
65a360e06cd68ee1c19675bee09123637c1462f9
6012d314d0973dd308425b009df0b41090ab3a9f3ffc630a894da4676dadc905
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6012D314D0973DD308425B009DF0B41090AB3A9F3FFC630A894DA4676DADC905"
Last-Modified: Thu, 01 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20427
Expires: Fri, 02 Sep 2022 15:33:56 GMT
Date: Fri, 02 Sep 2022 09:53:29 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2063e6a13f92efcea670cfbdf9a5e325
8020fab693720cddbcee1ac66a27b61619be3c61
7e0afe68ee0c44acd4d10e36e0624b53a0bd3aa2e1a8b1623102bffa2060db6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2870
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 09:53:29 GMT
Last-Modified: Fri, 02 Sep 2022 09:05:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 716de0b78f4e2b69ae6a61501336355b
01a3954f475e49f2107e05e983ec3387270c9923
e7500bcb1c07da0d6eb2e67882e132bd49b15fcf7d5c402d505fceae7c7beff6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7500BCB1C07DA0D6EB2E67882E132BD49B15FCF7D5C402D505FCEAE7C7BEFF6"
Last-Modified: Wed, 31 Aug 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9722
Expires: Fri, 02 Sep 2022 12:35:31 GMT
Date: Fri, 02 Sep 2022 09:53:29 GMT
Connection: keep-alive
yonhelioliskor.com/pfe/current/micro.tag.min.js?z=5202932&ymid=589504773464797337&var=5066550&sw=/sw-check-permissions/5202932
139.45.197.251200 OK 40 kB URL HTTP/2 yonhelioliskor.com/pfe/current/micro.tag.min.js?z=5202932&ymid=589504773464797337&var=5066550&sw=/sw-check-permissions/5202932
IP 139.45.197.251:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8274c8ab40a63725eaea36328e73623f
9988424ec5626624fd309844039cb2c030aad400
ddead33b9b08257be8efa25e28183f6bc8edd2360fe55ec7c9388ef5eb048b20
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5202932&ymid=589504773464797337&var=5066550&sw=/sw-check-permissions/5202932 HTTP/1.1
Host: yonhelioliskor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mytopwords.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:30 GMT
content-type: application/javascript
last-modified: Mon, 22 Aug 2022 12:18:11 GMT
etag: W/"63037403-1a25a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
yonhelioliskor.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 yonhelioliskor.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=prerequest HTTP/1.1
Host: yonhelioliskor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mytopwords.com
Connection: keep-alive
Referer: https://mytopwords.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:30 GMT
content-length: 0
x-trace-id: 0560cfe74d4727dea54b37da59ae9f37
access-control-allow-origin: https://mytopwords.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
yonhelioliskor.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=settings
139.45.197.251200 OK 728 B URL HTTP/2 yonhelioliskor.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (727)
Hash ff507abfad9dd3ff164ef52305070d4b
7b8f9b1199a42eaea3c6a834453cebab9ab40c0e
6b454ea3c7cd42be47b5959b252d53bdc3bea303c382595884ae5668412133ab
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?&pub=0&zone_id=5202932&is_mobile=false&domain=mytopwords.com&var=5066550&ymid=589504773464797337&var_3=&dsig=&action=settings HTTP/1.1
Host: yonhelioliskor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mytopwords.com/
Origin: https://mytopwords.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:30 GMT
content-type: application/json; charset=utf-8
content-length: 728
x-trace-id: ede31847815c48408e49cc95f03b0a85
access-control-allow-origin: https://mytopwords.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 41ea586f0e66dcd46f50ab3938543b12
d7a3d6a40066652fc85cdaab9e613246b6af4aab
60b133ec87e89ec28689b760f6ce265eee0e935dca93f42543885a05f8b19a79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 09:53:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 18:25:21 GMT
Expires: Thu, 08 Sep 2022 18:25:20 GMT
Etag: "d7a3d6a40066652fc85cdaab9e613246b6af4aab"
Cache-Control: max-age=548509,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74455be42d67b500-OSL
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=589504773464797337&var=5066550
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=589504773464797337&var=5066550
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 74709a409104d4ba8340b463a9417405
03b94eccfd231f99ea61a9096eb9694b8de16364
287257935392cf5d01f82b05b917fcf62824310664187608641a24672d5d04f2
GET /gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=589504773464797337&var=5066550 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mytopwords.com/
Origin: https://mytopwords.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 09:53:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mytopwords.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1a33dd12c4c749d08188eb478b5bf3f9; expires=Sat, 02 Sep 2023 09:53:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mytopwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=2099e97b103a4c308d395e45757940ec&pshr=0&rd=0&s=589504773464797337&ssk=bc181599fd2ebae1d8238325da23ede3&svar=1662112409&tb=5202628&tbad=5234825&vi=0&vo=0&z=5066550&rdk=rk3
172.67.196.252200 OK 0 B URL HTTP/2 mytopwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=2099e97b103a4c308d395e45757940ec&pshr=0&rd=0&s=589504773464797337&ssk=bc181599fd2ebae1d8238325da23ede3&svar=1662112409&tb=5202628&tbad=5234825&vi=0&vo=0&z=5066550&rdk=rk3
IP 172.67.196.252:0
GET /?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=2099e97b103a4c308d395e45757940ec&pshr=0&rd=0&s=589504773464797337&ssk=bc181599fd2ebae1d8238325da23ede3&svar=1662112409&tb=5202628&tbad=5234825&vi=0&vo=0&z=5066550&rdk=rk3 HTTP/1.1
Host: mytopwords.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 09:53:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=LYUQvEQ5YbTbNGPpJgzqG9dSrzHoTLhDE-Ay8bqGGnc; expires=Fri, 02-Sep-2022 10:53:29 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VkrSkij%2BRw3ISzktaTJtIr8AVActzoTvI1S6XxypA7C8mRjO2Bk%2FmpqxeuNNKjN2TgtLsotFpmAClDUBud7EOaDXQhX6caevND2nJjk7IXdmGfbuhtU7UjD0cA0tzOPvoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74455be0cdc5b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2
104.22.25.116200 OK 0 B URL HTTP/2 littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2
IP 104.22.25.116:0
GET /apps/templates/subscriptions/universal/css/style.css?v=2 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mytopwords.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 09:53:29 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 12:33:42 GMT
vary: Accept-Encoding
etag: W/"63076c26-1bb3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 2731
server: cloudflare
cf-ray: 74455be22ed8b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2