uugvuwts.gq/
104.21.4.114200 OK 13 kB IP 104.21.4.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF line terminators
Hash 6774040c63d8f8a9c9cb36dd6f7825da
fed9663147796ce736df5c1894ba0e15b0707b94
5914c17bb741b099bc4333c135c8d9f444885c62c5b50bb483c8e68eae38a10c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET / HTTP/1.1
Host: uugvuwts.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:55:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Set-Cookie: ab_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ox4z7o8VfuxIigz0hk35tL%2FL5saYtmGveTThDRRdMQKgZ6TAsbDMr0IfRo%2BhW2GsPrNO2j2wjqtT2yH8ow3S4xF4quURhzulHYCncYyMMXMqgsEPakl9I5PL8njDlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ac67ba9bd5a1c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6262
Expires: Thu, 23 Mar 2023 13:39:24 GMT
Date: Thu, 23 Mar 2023 11:55:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6991
Expires: Thu, 23 Mar 2023 13:51:33 GMT
Date: Thu, 23 Mar 2023 11:55:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 11:27:32 GMT
content-type: application/json
age: 1650
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18193
Expires: Thu, 23 Mar 2023 16:58:15 GMT
Date: Thu, 23 Mar 2023 11:55:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1l4krM8sCWxkAiI+fH3OIC1LvhByCXzQiqc7Xh60zje3JA3lngaUV5bsAX8gC2aqe8Sq/QhTAT8=
x-amz-request-id: 120PNDKK41Y6KH55
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 11:54:02 GMT
age: 60
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:55:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
46.148.125.182200 OK 82 B URL HTTP/2 js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
IP 46.148.125.182:0
ASN #35277 Llhost Inc. Srl
File type ASCII text, with no line terminators
Hash 26b99d58eb44fb5bf51098b005b728db
dbad6dd9d473fe2836e2abeaa30b5590ce233602
f41597e9109254c277334ce27b4dd5a1b823f2b988b602f3295fc2e8cdfd54a3
GET /ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:55:02 GMT
content-type: application/javascript
content-length: 82
set-cookie: __psu=3f08b933-a98e-4676-8830-1bda13678747; expires=Sun, 23 Mar 2025 11:55:02 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 11:14:33 GMT
age: 2429
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
uugvuwts.gq/images/video-1/puzzle.jpg
104.21.4.114200 OK 9.7 kB URL HTTP/1.1 uugvuwts.gq/images/video-1/puzzle.jpg
IP 104.21.4.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6441), with CRLF line terminators
Hash 3a0ae6348080d18bbe594cc290457b38
bb2827ed431c4608c7e394843c9808c0df641b20
846a12244a2cca6c8c28f84974ed0a4a93b72c2fc9e169172e995faac723c464
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /images/video-1/puzzle.jpg HTTP/1.1
Host: uugvuwts.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uugvuwts.gq/
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:55:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: ab_referer=http%3A%2F%2Fuugvuwts.gq%2F; expires=Mon, 22-May-2023 11:55:02 GMT; Max-Age=5184000; path=/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fS4MeBGcnvfPxfODoLmPcNPI7t50W1WAeFvEpwYCphDp%2Fni293kgt2nAoaC9W3Tj%2F0HMI15FI5wNAozcUcAMf0QD5UgkgP0SJjxJJbUlF%2FSVlmIQBoJJmywxuSQM3w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac67bae8ab01c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e40bb17bda7aab35dc503617f1753fe8
478a59a81a75cf5ce8fa5847a1baa254a5f281c4
5fa13ef9ba37eef20024f6a75043475f1b00781a5feec14db78fe192f24895af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5FA13EF9BA37EEF20024F6A75043475F1B00781A5FEEC14DB78FE192F24895AF"
Last-Modified: Wed, 22 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10233
Expires: Thu, 23 Mar 2023 14:45:35 GMT
Date: Thu, 23 Mar 2023 11:55:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6237
Expires: Thu, 23 Mar 2023 13:38:59 GMT
Date: Thu, 23 Mar 2023 11:55:02 GMT
Connection: keep-alive
aa69f8e019.55706cc809.com/1675ff9235b8b672802f66dbc35fe5b9/43957?version_name=d
45.133.44.24200 OK 1.6 kB URL HTTP/2 aa69f8e019.55706cc809.com/1675ff9235b8b672802f66dbc35fe5b9/43957?version_name=d
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (1634), with no line terminators
Hash 7549eca519e0034977b97ab60899d023
e8aa34763af49616a2c0a355e02e711044d83128
d2f22129c5536bea6e99ff68c65f00fc52743ea350889c0333f2ee697fb4cb97
GET /1675ff9235b8b672802f66dbc35fe5b9/43957?version_name=d HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/json
content-length: 1634
server: nginx/1.18.0
cache-control: max-age=300
expires: Thu, 23 Mar 2023 12:00:03 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 435b3556ae37169146d5b17cc8daa61f
045b105a71bb10b1415ca45a887e95fda83548fc
8e2adddda597d358f61ae1bc6200e6b4c2f9137f18097f5e69de22ca2ef3858c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E2ADDDDA597D358F61AE1BC6200E6B4C2F9137F18097F5E69DE22CA2EF3858C"
Last-Modified: Wed, 22 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8115
Expires: Thu, 23 Mar 2023 14:10:18 GMT
Date: Thu, 23 Mar 2023 11:55:03 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.64.64101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.64.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ag58KL+M7d8QrirMftgF8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ltV/b2hl9DBiAYQBSvEscjPCbCU=
aa69f8e019.55706cc809.com/7b6e28b65326825d49e24eaa1b2acc68.js
45.133.44.24200 OK 87 kB URL HTTP/2 aa69f8e019.55706cc809.com/7b6e28b65326825d49e24eaa1b2acc68.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash e8ce7e1e91b3c7423a662adeb4593937
723946fd47c720c987681371671fa847c4151c2b
f4850e14417098c623dbb0a82c7afac76bb1bdd116b90caf4c70be37c7205f79
GET /7b6e28b65326825d49e24eaa1b2acc68.js HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 21 Mar 2023 13:43:36 GMT
etag: W/"6419b488-565b8"
content-encoding: gzip
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
aa69f8e019.55706cc809.com/a47a6110daeb38bb4fdd5d5862d2cb46.js
45.133.44.24200 OK 37 kB URL HTTP/2 aa69f8e019.55706cc809.com/a47a6110daeb38bb4fdd5d5862d2cb46.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash b39f7726aec2a101f1997fdf4cae0682
9ae5f507d2c9dcf2034cdf685646acbeb6f920ac
a2243f7e056f5e78220689ae33dda890b08a7f52dbacdb631cee1101c45046e8
GET /a47a6110daeb38bb4fdd5d5862d2cb46.js HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 22 Mar 2023 14:12:21 GMT
etag: W/"641b0cc5-19bd6"
content-encoding: gzip
expires: Thu, 23 Mar 2023 12:00:02 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
19d80f4f97.523d6475f9.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDA4OTQ1MTI4Mjc4NjAxMzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjQzOTU3LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZpZGVvIn0=
45.133.44.25200 OK 0 B URL HTTP/2 19d80f4f97.523d6475f9.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDA4OTQ1MTI4Mjc4NjAxMzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjQzOTU3LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZpZGVvIn0=
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDA4OTQ1MTI4Mjc4NjAxMzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjMwLjAiLCJ0YWdfaWQiOjQzOTU3LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjMsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IlZpZGVvIn0= HTTP/1.1
Host: 19d80f4f97.523d6475f9.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=43957
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=43957
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://uugvuwts.gq/
Origin: http://uugvuwts.gq
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 11:55:03 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://uugvuwts.gq
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=43957
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=43957
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22286
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 11:55:03 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://uugvuwts.gq
Set-Cookie: id=8284778710626432775; Expires=Fri, 22 Mar 2024 11:55:03 GMT; Secure; SameSite=None
Vary: Origin
nereserv.com/in/dip?site=native-push&wl=0&event_id=db020d8a-e2be-42f3-a3f8-d47eba3d32e7&subid=416473681&sid=2654949136&spot_id=26103&created_at=2023-03-23&timezone=0&ver=7.52.1-b&is_native=1
94.130.198.6200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=0&event_id=db020d8a-e2be-42f3-a3f8-d47eba3d32e7&subid=416473681&sid=2654949136&spot_id=26103&created_at=2023-03-23&timezone=0&ver=7.52.1-b&is_native=1
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=0&event_id=db020d8a-e2be-42f3-a3f8-d47eba3d32e7&subid=416473681&sid=2654949136&spot_id=26103&created_at=2023-03-23&timezone=0&ver=7.52.1-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 Mar 2023 11:55:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc6095d086894c22aafba00858fffd7b
95a2d0e1d8e854c626a08cda2bcc4b4802eb4a3b
846123d9083b4b07fda72279393ebf23558122d6aa4a5c8988a9fac8e320d42c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "846123D9083B4B07FDA72279393EBF23558122D6AA4A5C8988A9FAC8E320D42C"
Last-Modified: Wed, 22 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12172
Expires: Thu, 23 Mar 2023 15:17:55 GMT
Date: Thu, 23 Mar 2023 11:55:03 GMT
Connection: keep-alive
notification.tubecup.net/in/subscription-offers?href=http%3A%2F%2Fuugvuwts.gq%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0&custom_p=1
159.69.161.138200 OK 0 B URL HTTP/2 notification.tubecup.net/in/subscription-offers?href=http%3A%2F%2Fuugvuwts.gq%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0&custom_p=1
IP 159.69.161.138:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/subscription-offers?href=http%3A%2F%2Fuugvuwts.gq%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0&custom_p=1 HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 23 Mar 2023 11:55:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ff04a1538a.ced4d66e2d.com/in/multy
94.130.198.6204 No Content 0 B URL HTTP/2 ff04a1538a.ced4d66e2d.com/in/multy
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: ff04a1538a.ced4d66e2d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://uugvuwts.gq/
Origin: http://uugvuwts.gq
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 23 Mar 2023 11:55:03 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ff04a1538a.ced4d66e2d.com/in/multy
94.130.198.6200 OK 22 kB URL HTTP/2 ff04a1538a.ced4d66e2d.com/in/multy
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (22326), with no line terminators
Hash 4375c28095466e89030a0ac7e4a37870
3e165cea5f912986b070b3e1b78c184cc18e5c37
5fb88184ad4eb7dce12dddb7919da59a5007ee621fc2e74248eb879d397fbe45
POST /in/multy HTTP/1.1
Host: ff04a1538a.ced4d66e2d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1225
Origin: http://uugvuwts.gq
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 Mar 2023 11:55:04 GMT
content-type: application/json
content-length: 22382
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ff04a1538a.ced4d66e2d.com/in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=2724&price=0.0007352012586593628&is_cpm=0&cpm=0&ecpm=0.02601421672510791&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=2&auction_queue=0&burl=Z36JKFqKprNpL7yvI6i4SrsZjFmubABElS8n6dUJpem_4xwLHfhZDg&pop_winurl=&ip=91.90.42.154&testab=2&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0027246384143682256&placement_type_id=0&skin_test=0&verify_hash=e18ae582099507c8e5eee06f4496e0e6&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.0007352012586593628&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=6Y_xWCNhG4iP0xuZGOKWXfwnyeGumzJApJdECqTVUyyEWala8NUTfWVmAm5ajF4Sc2cniwgu6ErQEjuj6bQsOzl3_PyYTwb__YGEyE8Rx1VK18p_auE5567yw7sKB3hHFyF-RjUCjBMtiIlq5vRpu88WNeRrWspnfk3K6vknsP5i5RCclw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp&skin_id=2&vertical_id=0&real_bid=0.000684104771182537&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=89,0,83&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=fe373254-293b-4806-96f6-e5408990772a&mlc=1&format=default-slide_SHQ-b_r-body
94.130.198.6200 OK 0 B URL HTTP/2 ff04a1538a.ced4d66e2d.com/in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=2724&price=0.0007352012586593628&is_cpm=0&cpm=0&ecpm=0.02601421672510791&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=2&auction_queue=0&burl=Z36JKFqKprNpL7yvI6i4SrsZjFmubABElS8n6dUJpem_4xwLHfhZDg&pop_winurl=&ip=91.90.42.154&testab=2&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0027246384143682256&placement_type_id=0&skin_test=0&verify_hash=e18ae582099507c8e5eee06f4496e0e6&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.0007352012586593628&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=6Y_xWCNhG4iP0xuZGOKWXfwnyeGumzJApJdECqTVUyyEWala8NUTfWVmAm5ajF4Sc2cniwgu6ErQEjuj6bQsOzl3_PyYTwb__YGEyE8Rx1VK18p_auE5567yw7sKB3hHFyF-RjUCjBMtiIlq5vRpu88WNeRrWspnfk3K6vknsP5i5RCclw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp&skin_id=2&vertical_id=0&real_bid=0.000684104771182537&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=89,0,83&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=fe373254-293b-4806-96f6-e5408990772a&mlc=1&format=default-slide_SHQ-b_r-body
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=2724&price=0.0007352012586593628&is_cpm=0&cpm=0&ecpm=0.02601421672510791&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=2&auction_queue=0&burl=Z36JKFqKprNpL7yvI6i4SrsZjFmubABElS8n6dUJpem_4xwLHfhZDg&pop_winurl=&ip=91.90.42.154&testab=2&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0027246384143682256&placement_type_id=0&skin_test=0&verify_hash=e18ae582099507c8e5eee06f4496e0e6&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.0007352012586593628&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=6Y_xWCNhG4iP0xuZGOKWXfwnyeGumzJApJdECqTVUyyEWala8NUTfWVmAm5ajF4Sc2cniwgu6ErQEjuj6bQsOzl3_PyYTwb__YGEyE8Rx1VK18p_auE5567yw7sKB3hHFyF-RjUCjBMtiIlq5vRpu88WNeRrWspnfk3K6vknsP5i5RCclw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp&skin_id=2&vertical_id=0&real_bid=0.000684104771182537&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=89,0,83&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=fe373254-293b-4806-96f6-e5408990772a&mlc=1&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: ff04a1538a.ced4d66e2d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 Mar 2023 11:55:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ff04a1538a.ced4d66e2d.com/in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=14006&price=0.009576888503506778&is_cpm=0&cpm=0&ecpm=0.0038540520205965546&crid=&crtid=465cb4d58671c391f40f50715475f9fc&tcid=0&out_id=0&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=1&auction_queue=0&burl=CAo67RK3ttTtrY08lU3cIeGOOi5DcoJxepgPqfzWiYDjr6n8Es8pZQ&pop_winurl=&ip=91.90.42.154&testab=2&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.00010523575444635685&placement_type_id=0&skin_test=0&verify_hash=63bf816d88c5bb470d882cc84c19edd4&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.009576888503506778&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=qX5CpxS1TmHAessySFuFEMF6V10ECHCi5Ybm9lJeij_83lwHKXGe6wnYbDgcn7q63Gok4kF0VHkgenBmBHqmea8qqvAwERrQrib7vI7w2PXAOUj5F-rwKX9DvkieE6qGwrNQI2nj6L6V42sWGj83eJ2e3LWmibkp2lhMv7nW5tLFLkj4senKjRN6W6EBdM-r7xvwsytLyrmvZghCVsdDREa6Nvm5MOtwJn9U6tge17H7eGNFM_IWTwt4WMyfeg5586SdHWgDlbTEvBs-szhsmAaIsQiYG9DyhaE5YiCARbiLSGr2rMtmNKYNmthxwUimQlycAcu55Os8q0ea1AVXoKe5hxzUwPp-N6ST5ma-n5C0DBWea9JdGmkHV7Km06NMk6gqYlsc0CVfxT_ekBZqFeJFcTUnsMdxpzC8HNEkG1EjxfFKx4PNBrh826oFfqSoR7RGgxs0uxLzssxbWArw3IyxeDYhWqWwD0vsrSB-hMuMGImvdUw1qHnUtaya78HtUaKKmBQpY25AbvS5f8m9NUNkPkmPbVAQPe2zts3eA5u0m_ArV9FQbnYze2m06QnRbL8O8n7MB5l2q0b1A4kQTOCB3ov_TkIvhpQa8zgovUOfshJUiF7TOtTKjkE0OU9DENH5nm_eczkb1cn1-JodRnLHEycvm-S_3D8RNZShA7ks6Dk92vXtUxI6Raq7LbL_bHhOafIupQrWvMu6Rr2oI8Hatg0-aUUDn0T7H3Z6lkiwZby7LbLmeiI6-mf5yi1IJdskCDHNK5tGLtS61-OvrxIV1ARg2dD4KmU0IND63tyJHwmICsYLris5bQ4y6ArpS2G9wKOE3U-5i-XMmL0GIPYCp7hfdv60QTW5UjXakw-2q7CvE5M_e9qqYBnb8zQs3bfF5lMfpYht0F1j1O3-__cMyVjbzWJHibYsp7uFu2-FDkCexiE83m3Iwpdq3VKpPOnDdRA15tM_Pw2pO2CG6Di9KqC_uHYOahMdZr2URvU_1vaXzskVZEJa2kDW0i86MlOwVf7qHtF1gz5iczuFKVy_1dD35okzzrCSrY7nOhBPJMieEXIS0IH484XInB_q1HsuscUv0517TsqIhKzLY4lSjLq6xDwqzU4HuJYiEmG9b00&image_url=https%3A%2F%2Fs.viizumys.com%2Fn%2F1557%2Fpniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F8558%252F558%252Frect_63f6af7b4c624t1677111163r3563.jpeg&skin_id=2&vertical_id=107&real_bid=0.0026240674499608575&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=90,107,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=dabfe322-4099-4d41-b29a-a6b87bc0eb7e&format=default-slide_SHQ-b_r-body
94.130.198.6200 OK 0 B URL HTTP/2 ff04a1538a.ced4d66e2d.com/in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=14006&price=0.009576888503506778&is_cpm=0&cpm=0&ecpm=0.0038540520205965546&crid=&crtid=465cb4d58671c391f40f50715475f9fc&tcid=0&out_id=0&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=1&auction_queue=0&burl=CAo67RK3ttTtrY08lU3cIeGOOi5DcoJxepgPqfzWiYDjr6n8Es8pZQ&pop_winurl=&ip=91.90.42.154&testab=2&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.00010523575444635685&placement_type_id=0&skin_test=0&verify_hash=63bf816d88c5bb470d882cc84c19edd4&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.009576888503506778&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=qX5CpxS1TmHAessySFuFEMF6V10ECHCi5Ybm9lJeij_83lwHKXGe6wnYbDgcn7q63Gok4kF0VHkgenBmBHqmea8qqvAwERrQrib7vI7w2PXAOUj5F-rwKX9DvkieE6qGwrNQI2nj6L6V42sWGj83eJ2e3LWmibkp2lhMv7nW5tLFLkj4senKjRN6W6EBdM-r7xvwsytLyrmvZghCVsdDREa6Nvm5MOtwJn9U6tge17H7eGNFM_IWTwt4WMyfeg5586SdHWgDlbTEvBs-szhsmAaIsQiYG9DyhaE5YiCARbiLSGr2rMtmNKYNmthxwUimQlycAcu55Os8q0ea1AVXoKe5hxzUwPp-N6ST5ma-n5C0DBWea9JdGmkHV7Km06NMk6gqYlsc0CVfxT_ekBZqFeJFcTUnsMdxpzC8HNEkG1EjxfFKx4PNBrh826oFfqSoR7RGgxs0uxLzssxbWArw3IyxeDYhWqWwD0vsrSB-hMuMGImvdUw1qHnUtaya78HtUaKKmBQpY25AbvS5f8m9NUNkPkmPbVAQPe2zts3eA5u0m_ArV9FQbnYze2m06QnRbL8O8n7MB5l2q0b1A4kQTOCB3ov_TkIvhpQa8zgovUOfshJUiF7TOtTKjkE0OU9DENH5nm_eczkb1cn1-JodRnLHEycvm-S_3D8RNZShA7ks6Dk92vXtUxI6Raq7LbL_bHhOafIupQrWvMu6Rr2oI8Hatg0-aUUDn0T7H3Z6lkiwZby7LbLmeiI6-mf5yi1IJdskCDHNK5tGLtS61-OvrxIV1ARg2dD4KmU0IND63tyJHwmICsYLris5bQ4y6ArpS2G9wKOE3U-5i-XMmL0GIPYCp7hfdv60QTW5UjXakw-2q7CvE5M_e9qqYBnb8zQs3bfF5lMfpYht0F1j1O3-__cMyVjbzWJHibYsp7uFu2-FDkCexiE83m3Iwpdq3VKpPOnDdRA15tM_Pw2pO2CG6Di9KqC_uHYOahMdZr2URvU_1vaXzskVZEJa2kDW0i86MlOwVf7qHtF1gz5iczuFKVy_1dD35okzzrCSrY7nOhBPJMieEXIS0IH484XInB_q1HsuscUv0517TsqIhKzLY4lSjLq6xDwqzU4HuJYiEmG9b00&image_url=https%3A%2F%2Fs.viizumys.com%2Fn%2F1557%2Fpniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F8558%252F558%252Frect_63f6af7b4c624t1677111163r3563.jpeg&skin_id=2&vertical_id=107&real_bid=0.0026240674499608575&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=90,107,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=dabfe322-4099-4d41-b29a-a6b87bc0eb7e&format=default-slide_SHQ-b_r-body
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=2599695942857777575&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2654949136&cid=14006&price=0.009576888503506778&is_cpm=0&cpm=0&ecpm=0.0038540520205965546&crid=&crtid=465cb4d58671c391f40f50715475f9fc&tcid=0&out_id=0&ver=7.52.1-b&ver_c=&refdom=uugvuwts.gq&hostname=auc-inpage-hz-6-a&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1679658903&created_at=2023-03-23&is_native=1&auction_queue=0&burl=CAo67RK3ttTtrY08lU3cIeGOOi5DcoJxepgPqfzWiYDjr6n8Es8pZQ&pop_winurl=&ip=91.90.42.154&testab=2&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.00010523575444635685&placement_type_id=0&skin_test=0&verify_hash=63bf816d88c5bb470d882cc84c19edd4&score=71.9596522948154&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Fuugvuwts.gq%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.009576888503506778&user_fp=1139696361588824391&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=qX5CpxS1TmHAessySFuFEMF6V10ECHCi5Ybm9lJeij_83lwHKXGe6wnYbDgcn7q63Gok4kF0VHkgenBmBHqmea8qqvAwERrQrib7vI7w2PXAOUj5F-rwKX9DvkieE6qGwrNQI2nj6L6V42sWGj83eJ2e3LWmibkp2lhMv7nW5tLFLkj4senKjRN6W6EBdM-r7xvwsytLyrmvZghCVsdDREa6Nvm5MOtwJn9U6tge17H7eGNFM_IWTwt4WMyfeg5586SdHWgDlbTEvBs-szhsmAaIsQiYG9DyhaE5YiCARbiLSGr2rMtmNKYNmthxwUimQlycAcu55Os8q0ea1AVXoKe5hxzUwPp-N6ST5ma-n5C0DBWea9JdGmkHV7Km06NMk6gqYlsc0CVfxT_ekBZqFeJFcTUnsMdxpzC8HNEkG1EjxfFKx4PNBrh826oFfqSoR7RGgxs0uxLzssxbWArw3IyxeDYhWqWwD0vsrSB-hMuMGImvdUw1qHnUtaya78HtUaKKmBQpY25AbvS5f8m9NUNkPkmPbVAQPe2zts3eA5u0m_ArV9FQbnYze2m06QnRbL8O8n7MB5l2q0b1A4kQTOCB3ov_TkIvhpQa8zgovUOfshJUiF7TOtTKjkE0OU9DENH5nm_eczkb1cn1-JodRnLHEycvm-S_3D8RNZShA7ks6Dk92vXtUxI6Raq7LbL_bHhOafIupQrWvMu6Rr2oI8Hatg0-aUUDn0T7H3Z6lkiwZby7LbLmeiI6-mf5yi1IJdskCDHNK5tGLtS61-OvrxIV1ARg2dD4KmU0IND63tyJHwmICsYLris5bQ4y6ArpS2G9wKOE3U-5i-XMmL0GIPYCp7hfdv60QTW5UjXakw-2q7CvE5M_e9qqYBnb8zQs3bfF5lMfpYht0F1j1O3-__cMyVjbzWJHibYsp7uFu2-FDkCexiE83m3Iwpdq3VKpPOnDdRA15tM_Pw2pO2CG6Di9KqC_uHYOahMdZr2URvU_1vaXzskVZEJa2kDW0i86MlOwVf7qHtF1gz5iczuFKVy_1dD35okzzrCSrY7nOhBPJMieEXIS0IH484XInB_q1HsuscUv0517TsqIhKzLY4lSjLq6xDwqzU4HuJYiEmG9b00&image_url=https%3A%2F%2Fs.viizumys.com%2Fn%2F1557%2Fpniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F8558%252F558%252Frect_63f6af7b4c624t1677111163r3563.jpeg&skin_id=2&vertical_id=107&real_bid=0.0026240674499608575&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=90,107,83&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=dabfe322-4099-4d41-b29a-a6b87bc0eb7e&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: ff04a1538a.ced4d66e2d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 23 Mar 2023 11:55:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 977a7d88e4eb59a9a923635df45ed1b6
806421ef9d9ce42eadebd5ecb22e911efbec0892
a1fe321baf6017b1cf546e51fcdb47aa1dc13de475120b1b621622382f3407f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1FE321BAF6017B1CF546E51FCDB47AA1DC13DE475120B1B621622382F3407F1"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6339
Expires: Thu, 23 Mar 2023 13:40:43 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 977a7d88e4eb59a9a923635df45ed1b6
806421ef9d9ce42eadebd5ecb22e911efbec0892
a1fe321baf6017b1cf546e51fcdb47aa1dc13de475120b1b621622382f3407f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1FE321BAF6017B1CF546E51FCDB47AA1DC13DE475120B1B621622382F3407F1"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6339
Expires: Thu, 23 Mar 2023 13:40:43 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
s.viizumys.com/n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg
31.220.27.155302 Found 0 B URL HTTP/2 s.viizumys.com/n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg
IP 31.220.27.155:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg HTTP/1.1
Host: s.viizumys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Thu, 23 Mar 2023 11:55:04 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/492x328/image/tesr/8558/558/rect_63f6af7b4c624t1677111163r3563.jpeg
X-Firefox-Spdy: h2
s.viizumys.com/n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg&cpa=aa126aa5-dba0-4507-af71-a0a28dc40813&format=default-slide_SHQ-b_r-body
31.220.27.155302 Found 0 B URL HTTP/2 s.viizumys.com/n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg&cpa=aa126aa5-dba0-4507-af71-a0a28dc40813&format=default-slide_SHQ-b_r-body
IP 31.220.27.155:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1557/pniesytfaf6f4addp54fayckmvsqy7s4anxxq62qmbfglhj6qjxdqxt5oicdesrrgaafw3qemr7hgvdfibglrls5jhqyj67imvqhy3ccndogk2r6f6k2tsuszkblpffdgm7nrn4r6b7cjuxmugztolrryfqau4hkstbuw4jym5huwypq4hg2gbybc5fvmt2lmfihrjdnxbegrosxixnwbyuultrdtopccxxe5w3nsb46vfgdjosdgqpytjmyk6p2cxmxjdbttob4oxvypfpk6ok633rw5fsjmfihr5glug4fngsxod5wau6aku56qsdd5jl73fwl7b53iu4kstbzuvnhjjqke6kxa5vq3ybqe5zednxtbcyw3kclncmfita6gikmqvvk6kv2ommujufwqudyktzkdueybvd2ggwzl344dnihbcobuctyi76ngryfki4es2jsk27xiccqpbkpfioqtagspiy23fpptqnva7agrr36cn6g3tp3nonduiv3gbljosldwb5nbwpxzbxlqvkhoibgotjsgfox76jrkxxuqh7ypnk6eo2bteyyxqpmy5jpuucthhmw3gku25hwb4d4yoxmr2lpqjjjzgov6polteb26fw4vhfnqvriu7c6mahhyxilmj3huutg3bivg===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F8558%2F558%2Frect_63f6af7b4c624t1677111163r3563.jpeg&cpa=aa126aa5-dba0-4507-af71-a0a28dc40813&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: s.viizumys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Thu, 23 Mar 2023 11:55:04 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/492x328/image/tesr/8558/558/rect_63f6af7b4c624t1677111163r3563.jpeg
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7495
Expires: Thu, 23 Mar 2023 13:59:59 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7495
Expires: Thu, 23 Mar 2023 13:59:59 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
static.bookmsg.com/creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc_icon.webp?mlf=1&cpa=418af8d6-63e2-4278-ad55-e22ff686df01&mlc=1&format=default-slide_SHQ-b_r-body
88.198.186.112200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc_icon.webp?mlf=1&cpa=418af8d6-63e2-4278-ad55-e22ff686df01&mlc=1&format=default-slide_SHQ-b_r-body
IP 88.198.186.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 504afc88949ff54d841b7ae0b10bd4ed
4e870b45cd93964ac432efdba8c63b4188240737
6dfb1c5475aa5db84ee0a1a0351c6d5c4c1f6a0409db4b54167e8bc6acd1e29c
GET /creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc_icon.webp?mlf=1&cpa=418af8d6-63e2-4278-ad55-e22ff686df01&mlc=1&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 23 Mar 2023 11:55:04 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:20:41 GMT
etag: "5fbd16b9-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: k6VaCG5oTQnKOvKJnleVqxIIc9yOgdOL0oPcL0ZSVw7DZQ8_GzFoZQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:43 GMT
age: 50841
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp
88.198.186.112200 OK 2.0 kB URL HTTP/2 static.bookmsg.com/creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp
IP 88.198.186.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a3e4538cd4517126cc4c316649e28ea8
7d6fb88682b528b0dcc3dd85f0ef9e4ade1dc88b
3f36b8f3f0f6f00484b4399edac3456142fd6673637ca99598d3700dc53fdba7
GET /creatives/IN/IN_3933fcfaca4940e1c0e74ab5cc4d9366d437e4dc.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 23 Mar 2023 11:55:04 GMT
content-type: image/webp
content-length: 2046
last-modified: Tue, 24 Nov 2020 14:20:41 GMT
etag: "5fbd16b9-7fe"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: soxgrR0B6Rz79QysB7qbMTsNYmkYfG8doOMPpTEd9uLlrE6WTcDKdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 50840
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f777f840a3fc7e500c57a7cbdf88f26d
3518e8a18807209e94011806a96492e0d86ee9c9
44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7419
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbnE7OIAMFW2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 20:21:35 GMT
age: 56009
etag: "3518e8a18807209e94011806a96492e0d86ee9c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77cfac24-9654-4b34-9264-7d0268ec9c29.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77cfac24-9654-4b34-9264-7d0268ec9c29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b877c9b1fa2292db9a135eff3c3995c
919df81af94dd2dc33516bba4632c417d4313d9f
e6d61f94237d97be08a89d16b3c86c44e624c021906e6d94c74395751caf8d4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77cfac24-9654-4b34-9264-7d0268ec9c29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10239
x-amzn-requestid: 3df584e9-63cf-42c6-8b3a-d212a9b1b9ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CBGTLH3wIAMFpFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6416b747-4deaa0770aae24c17c4e4edf;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 07:18:31 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: pNoGlkaYZhWFCF11qRn6HVWBUiz2Rm7jmwB_N-6hXM0xYuTMeNgoEQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:06:49 GMT
age: 49695
etag: "919df81af94dd2dc33516bba4632c417d4313d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 14440
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0695d5b8ec4421991f0edb15bc3eaab
9ef4bccdaa95707bbadf696a2bf842893bae5108
51638d8416d6e62ed58afa851bad8a6827cc8b0ccf8008112acf3567bb1670d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51638D8416D6E62ED58AFA851BAD8A6827CC8B0CCF8008112ACF3567BB1670D2"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17008
Expires: Thu, 23 Mar 2023 16:38:32 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b0695d5b8ec4421991f0edb15bc3eaab
9ef4bccdaa95707bbadf696a2bf842893bae5108
51638d8416d6e62ed58afa851bad8a6827cc8b0ccf8008112acf3567bb1670d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51638D8416D6E62ED58AFA851BAD8A6827CC8B0CCF8008112ACF3567BB1670D2"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17008
Expires: Thu, 23 Mar 2023 16:38:32 GMT
Date: Thu, 23 Mar 2023 11:55:04 GMT
Connection: keep-alive
i.cdnkimg.com/auto/492x328/image/tesr/8558/558/rect_63f6af7b4c624t1677111163r3563.jpeg
45.133.44.36200 OK 91 kB URL HTTP/2 i.cdnkimg.com/auto/492x328/image/tesr/8558/558/rect_63f6af7b4c624t1677111163r3563.jpeg
IP 45.133.44.36:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 492x328, components 3\012- data
Hash 0414eb79ebf52ac5bc3181e3dbd4f065
fad85cd5600d1523cbfbb454d11642957b8b8c6a
aadd81243eb0192b35ff130c09e6967fba50e777b66f415196296f62806317ea
GET /auto/492x328/image/tesr/8558/558/rect_63f6af7b4c624t1677111163r3563.jpeg HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:04 GMT
content-type: image/jpeg
content-length: 90793
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Thu, 06 Apr 2023 11:55:04 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
aa69f8e019.55706cc809.com/09823d03c3b3ee765e3fce006285a46d.js
45.133.44.24200 OK 0 B URL HTTP/2 aa69f8e019.55706cc809.com/09823d03c3b3ee765e3fce006285a46d.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /09823d03c3b3ee765e3fce006285a46d.js HTTP/1.1
Host: aa69f8e019.55706cc809.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.25200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://uugvuwts.gq/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:55:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 21 Mar 2023 15:03:14 GMT
etag: W/"6419c732-10327"
content-encoding: gzip
expires: Thu, 23 Mar 2023 12:00:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2