av.sagac.info/v/s:/hanjukb.com/vodplay/1823372.shtml/title/%E3%80%90%E6%BD%87%E6%B4%92%E7%BA%A2%E5%8F%B6%E3%80%91%E4%B8%A4%E4%B8%AA%E5%88%9A%E5%8F%91%E8%82%B2%EF%BC%8C%E6%97%BA%E6%97%BA%E5%B0%8F%E9%A6%92%E5%A4%B4~%E6%93%8D%E6%AF%9B%E9%83%BD%E6%B2%A1%E9%95%BF~%E5%95%AA%E5%95%AA%20%E2%9C%A8%E2%9C%A8%E2%9C%A8%E5%B9%B4%E8%BD%BB%E5%B0%8F%E7%BE%8E%E5%A5%B3%E4%BB%AC%EF%BC%8C%E6%AD%A3%E6%98%AF%E8%BE%A3%E6%89%8B%E6%91%A7%E8%8A%B1%E5%A5%BD%E6%97%B6%E8%8A%82-044720-621_(new)%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81%20[1:17:56x720p]
208.109.191.82200 OK 7.5 kB URL HTTP/1.1 av.sagac.info/v/s:/hanjukb.com/vodplay/1823372.shtml/title/%E3%80%90%E6%BD%87%E6%B4%92%E7%BA%A2%E5%8F%B6%E3%80%91%E4%B8%A4%E4%B8%AA%E5%88%9A%E5%8F%91%E8%82%B2%EF%BC%8C%E6%97%BA%E6%97%BA%E5%B0%8F%E9%A6%92%E5%A4%B4~%E6%93%8D%E6%AF%9B%E9%83%BD%E6%B2%A1%E9%95%BF~%E5%95%AA%E5%95%AA%20%E2%9C%A8%E2%9C%A8%E2%9C%A8%E5%B9%B4%E8%BD%BB%E5%B0%8F%E7%BE%8E%E5%A5%B3%E4%BB%AC%EF%BC%8C%E6%AD%A3%E6%98%AF%E8%BE%A3%E6%89%8B%E6%91%A7%E8%8A%B1%E5%A5%BD%E6%97%B6%E8%8A%82-044720-621_(new)%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81%20[1:17:56x720p]
IP 208.109.191.82:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9229), with CRLF line terminators
Hash 9eccec47ddab4a8c4fa2a83f46b35716
19eef54a2e0f4825fad80f7577eaffe108c1ba82
89b10ce92d024de70395dd5c8692b91a0d1276ed699692a239f78106e37d5be4
GET /v/s:/hanjukb.com/vodplay/1823372.shtml/title/%E3%80%90%E6%BD%87%E6%B4%92%E7%BA%A2%E5%8F%B6%E3%80%91%E4%B8%A4%E4%B8%AA%E5%88%9A%E5%8F%91%E8%82%B2%EF%BC%8C%E6%97%BA%E6%97%BA%E5%B0%8F%E9%A6%92%E5%A4%B4~%E6%93%8D%E6%AF%9B%E9%83%BD%E6%B2%A1%E9%95%BF~%E5%95%AA%E5%95%AA%20%E2%9C%A8%E2%9C%A8%E2%9C%A8%E5%B9%B4%E8%BD%BB%E5%B0%8F%E7%BE%8E%E5%A5%B3%E4%BB%AC%EF%BC%8C%E6%AD%A3%E6%98%AF%E8%BE%A3%E6%89%8B%E6%91%A7%E8%8A%B1%E5%A5%BD%E6%97%B6%E8%8A%82-044720-621_(new)%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81%20[1:17:56x720p] HTTP/1.1
Host: av.sagac.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 26 Nov 2022 04:24:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Host,Accept-Encoding
pdo-line8: host-av.sagac.info127.0.0.1-myhost-av.sagac.info127.0.0.1/v/s://hanjukb.com/vodplay/1823372.shtml/title/%E3%80%90%E6%BD%87%E6%B4%92%E7%BA%A2%E5%8F%B6%E3%80%91%E4%B8%A4%E4%B8%AA%E5%88%9A%E5%8F%91%E8%82%B2%EF%BC%8C%E6%97%BA%E6%97%BA%E5%B0%8F%E9%A6%92%E5%A4%B4~%E6%93%8D%E6%AF%9B%E9%83%BD%E6%B2%A1%E9%95%BF~%E5%95%AA%E5%95%AA%20%E2%9C%A8%E2%9C%A8%E2%9C%A8%E5%B9%B4%E8%BD%BB%E5%B0%8F%E7%BE%8E%E5%A5%B3%E4%BB%AC%EF%BC%8C%E6%AD%A3%E6%98%AF%E8%BE%A3%E6%89%8B%E6%91%A7%E8%8A%B1%E5%A5%BD%E6%97%B6%E8%8A%82-044720-621_(new)%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%8599%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81-%E6%92%AD%E6%94%BE-%E7%B2%BE%E6%B1%A1%E8%A7%86%E9%A2%91%20%5b1:17:43x720p%5d
phost: av.sagac.info
line1066: notjp--myhost-av.sagac.info-filteron-
1934topd: sagac.info
pdo106: feedvid-, cachefileb-cacpdo3/cf/31/055237, lfm-1-217, lmd-217, lud-875256, xfvlen-1677240, fsize-723768, played-788
pdophp-line408: -; cachetime- 527.81165780292; ctime- 20221007110647
line1514: method-5: ik-【潇洒|||红叶】|||两个刚|||发育,|||旺旺小|||馒头~|||操毛都|||没长~|||啪啪 |||✨✨✨|||年轻小|||美女们|||,正是|||辣手摧|||花好时|||节-0|||447|||20-|||621|||_(n|||ew)|||久久9|||9久久|||99久|||久综合|||精品||||||潇洒红叶|||两个刚发育|||旺旺小馒头|||操毛都没长|||啪啪|||年轻小美女们|||正是辣手摧花好时节|||new|||久久|||久久|||久久综合精品【潇洒红叶】两个刚发育,旺旺小馒头~操毛都没长~啪啪 ✨✨✨年轻小美女们,正是辣手摧花好时节-044720-621_(new)久久99久久99久久综合精品: vidlang-cn8645
line1528: method-5: ik-【潇洒|||红叶】|||两个刚|||发育,|||旺旺小|||馒头~|||操毛都|||没长~|||啪啪 |||✨✨✨|||年轻小|||美女们|||,正是|||辣手摧|||花好时|||节-0|||447|||20-|||621|||_(n|||ew)|||久久9|||9久久|||99久|||久综合||||||潇洒红叶|||两个刚发育|||旺旺小馒头|||操毛都没长|||年轻小美女们|||正是辣手摧花好时节|||new|||久久综合精品【潇洒红叶】两个刚发育,旺旺小馒头~操毛都没长~啪啪 ✨✨✨年轻小美女们,正是辣手摧花好时节-044720-621_(new)久久99久久99久久综合精品: vidlang-cn
pdoline1599: sarray-549cn8080
pdoline1662: notjp-: fvkwcnt-8641
pdoline1666: notjp-: fvkwcnt-549
pdo-line1950: $i-71$load-0.814375
Cache-Control: max-age=770976, public
genre: genre=
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Proxy-Cache-5950: EXPIRED
Xkey-5950: av./v/s:/hanjukb.com/vodplay/1823372.shtml-AB-av.sagac.info-av.sagac.info-cacpdo0---yes
X-Proxy-Cache-gla: HIT
Xkey-gla: av./v/s:/hanjukb.com/vodplay/1823372.shtml-AB-av.sagac.info--my_zone
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3403
Expires: Sat, 26 Nov 2022 05:21:29 GMT
Date: Sat, 26 Nov 2022 04:24:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3731
Cache-Control: max-age=112119
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:33:25 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5783
Expires: Sat, 26 Nov 2022 06:01:09 GMT
Date: Sat, 26 Nov 2022 04:24:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 04:19:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 334
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: daRAJq3nykvER37R8v8wYVkwoYHE09gUay6EG0udoLBex2OBR0lR/8nt4jo3xIvhg0VZAk916LM=
x-amz-request-id: S8Y1GM82FKJN5V9X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 03:44:05 GMT
age: 2441
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 04:24:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 45beb6ac3529c7e8f258bb838ae93e82
a7e98f66ffe11dc0a628483cd6a7b082f4e65376
35a6d886b84f812becd4a1e2252de7d596b27e69e54826f151107d2436020fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5045
Cache-Control: max-age=167785
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63816dc2-117"
Expires: Mon, 28 Nov 2022 03:01:11 GMT
Last-Modified: Sat, 26 Nov 2022 01:37:06 GMT
Server: ECS (amb/6B97)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 601ca2b4030cae4df5d9617d20480725
f2aa4d62e215f07257ef9b375d69ebed7097d52a
9dbbb56320b215915ebb035a167daab3c1f1891fce39a8d4f7dbc79531b242ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1316
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63815a08-116"
Expires: Mon, 28 Nov 2022 00:34:52 GMT
Last-Modified: Sat, 26 Nov 2022 00:12:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 601ca2b4030cae4df5d9617d20480725
f2aa4d62e215f07257ef9b375d69ebed7097d52a
9dbbb56320b215915ebb035a167daab3c1f1891fce39a8d4f7dbc79531b242ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1316
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63815a08-116"
Expires: Mon, 28 Nov 2022 00:34:52 GMT
Last-Modified: Sat, 26 Nov 2022 00:12:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
fmtu.netfhtu.com/upload/vod/2022/10/32qnv5hbkq5.jpg
104.21.235.63200 OK 7.4 kB URL HTTP/2 fmtu.netfhtu.com/upload/vod/2022/10/32qnv5hbkq5.jpg
IP 104.21.235.63:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 3x4, segment length 16, comment: "Lavc57.89.100", baseline, precision 8, 240x320, components 3\012- data
Hash e8d1900d3fb93a912a6e4ce6358d65be
60e730d05282e7ee2620def45cea97bf65971da2
92440e864bd61f1c8989e6b78da494f6f4f30f533094866a0d7930f759e9a935
GET /upload/vod/2022/10/32qnv5hbkq5.jpg HTTP/1.1
Host: fmtu.netfhtu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://av.sagac.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:46 GMT
content-type: image/jpeg
content-length: 7363
cf-bgj: h2pri
etag: "633e51e0-1cc3"
last-modified: Thu, 06 Oct 2022 03:56:16 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 5950
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQ%2FuzW3Y9%2BhPUsysdZGZLnyibJiybNCKiROVC6U7oMamHqtwk4IUrkniO3hO0F9pQdNdwdNOCXVNluEms4OqTrjlGKZrU9x4GJCypBJrFBlxreCZK%2FpoHZwSGfQrcpCmtNw5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76ffdb399d8371fa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 45beb6ac3529c7e8f258bb838ae93e82
a7e98f66ffe11dc0a628483cd6a7b082f4e65376
35a6d886b84f812becd4a1e2252de7d596b27e69e54826f151107d2436020fcd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5045
Cache-Control: max-age=167785
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63816dc2-117"
Expires: Mon, 28 Nov 2022 03:01:11 GMT
Last-Modified: Sat, 26 Nov 2022 01:37:06 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 601ca2b4030cae4df5d9617d20480725
f2aa4d62e215f07257ef9b375d69ebed7097d52a
9dbbb56320b215915ebb035a167daab3c1f1891fce39a8d4f7dbc79531b242ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1316
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "63815a08-116"
Expires: Mon, 28 Nov 2022 00:34:52 GMT
Last-Modified: Sat, 26 Nov 2022 00:12:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 04:11:11 GMT
cache-control: public,max-age=3600
age: 815
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3941
Cache-Control: max-age=107266
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:46 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:12:32 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
cacrip.nakadashi.pw/AV4.us.jpg
172.64.128.21200 OK 8.7 kB URL HTTP/1.1 cacrip.nakadashi.pw/AV4.us.jpg
IP 172.64.128.21:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 307x82, components 3\012- data
Hash edfe007a6e5b3d268b2528f564b60b43
1644c8ef97c871079e07e5079d613af5cb94052f
bf5bb657f5e788af0c02b9b437d3f15bec91e27175e5a654e3d431fb6d063390
GET /AV4.us.jpg HTTP/1.1
Host: cacrip.nakadashi.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://av.sagac.info/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 04:24:46 GMT
Content-Type: image/jpeg
Content-Length: 8741
Connection: keep-alive
ETag: "2225-5499bcea176c0"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=360000
X-Proxy-Cache-5950: HIT
Xkey-5950: cacrip./AV4.us.jpg-A-cacrip.nakadashi.pw--cacpdo0---yes
CF-Cache-Status: HIT
Age: 40554
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zkyCyy6XhU0A%2FlbwZionvaxs4ieSw1rC%2Fp%2BC7YOikipLlSmaGUfzu0uKnwDwEcsGcuoMzaEXqfWOM1dAuSYziBb%2FB8r0OVLe1VM2mJcd%2Fkj882x8YJBQ%2F7eTV1Y69d3WW5XPC9h"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76ffdb3cee827708-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3af2cd1da4f6178d8734f043fa6876d
34a4a1fefbc8c64c98b5995c245a284f68112f67
b751b21ab4c10fb70b4dfc4813a6598d99b5578b1c263cddf6dd4679d75f671a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B751B21AB4C10FB70B4DFC4813A6598D99B5578B1C263CDDF6DD4679D75F671A"
Last-Modified: Fri, 25 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5463
Expires: Sat, 26 Nov 2022 05:55:50 GMT
Date: Sat, 26 Nov 2022 04:24:47 GMT
Connection: keep-alive
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GmYsMYU47svXGnLQjs7ZuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AojKca+bhOJUJjnh7FaaEUAigV8=
cndata.jpg4.pw/index.php?oldhot=all
97.74.80.164200 OK 8.7 kB URL HTTP/1.1 cndata.jpg4.pw/index.php?oldhot=all
IP 97.74.80.164:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64201), with CRLF line terminators
Hash 544c97d77012386cc254c95c59f57451
933dff74c55513a04cc18e3d1769baf8b9526111
091ecc0a70e0201d98628c7e3c398096a547eec58c3a577dc71b8addb8377718
GET /index.php?oldhot=all HTTP/1.1
Host: cndata.jpg4.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://av.sagac.info/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 26 Nov 2022 04:24:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Cake
imghost: 127001-h-cndatajpg4pwmh-cndatajpg4pw--rm127001/index.php?oldhot=all
55nloadrate: 0.41
Cache-Control: max-age=72000, public
Content-Encoding: gzip
Vary: Accept-Encoding
X-Proxy-Cache-RZ: STALE
XkeyRZ: jcndata./index.php?oldhot=all-A-cndata.jpg4.pw-cndata.jpg4.pw-my_zone
X-Proxy-Cache-gjp: HIT
Xkey-g-jp: jcndata./index.php?oldhot=all-A-cndata.jpg4.pw--my_zone
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff420d7d34d0bacca3e4e864782c8a50
80dc835f741c6709b349d8287accb7f583df91c0
15a8e4da43e1362bcf300f637a706e4d5b65a92fb50b4faeb30543a04da71a6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15A8E4DA43E1362BCF300F637A706E4D5B65A92FB50B4FAEB30543A04DA71A6B"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13072
Expires: Sat, 26 Nov 2022 08:02:39 GMT
Date: Sat, 26 Nov 2022 04:24:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 601ca2b4030cae4df5d9617d20480725
f2aa4d62e215f07257ef9b375d69ebed7097d52a
9dbbb56320b215915ebb035a167daab3c1f1891fce39a8d4f7dbc79531b242ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1317
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:47 GMT
Etag: "63815a08-116"
Expires: Mon, 28 Nov 2022 00:34:53 GMT
Last-Modified: Sat, 26 Nov 2022 00:12:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
e3d5e80fdb.8659c84895.com/eecac4af0b33c918bd2ed3510a0e46ed.js
45.133.44.24200 OK 35 kB URL HTTP/2 e3d5e80fdb.8659c84895.com/eecac4af0b33c918bd2ed3510a0e46ed.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash a9d96a5423ad07c0a7a20aa521277fb6
4fdc0d0472dd99681c5dacdfc0b277a5ff3263e8
71eab6bbac0fa527100251f3ed3d69f335d29b329dad74edb61232703e33cebf
Analyzer Verdict Alert quad9 Sinkholed
GET /eecac4af0b33c918bd2ed3510a0e46ed.js HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://av.sagac.info
Connection: keep-alive
Referer: http://av.sagac.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 15 Nov 2022 13:38:16 GMT
etag: W/"63739648-17810"
content-encoding: gzip
expires: Sat, 26 Nov 2022 04:29:47 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 601ca2b4030cae4df5d9617d20480725
f2aa4d62e215f07257ef9b375d69ebed7097d52a
9dbbb56320b215915ebb035a167daab3c1f1891fce39a8d4f7dbc79531b242ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1317
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:47 GMT
Etag: "63815a08-116"
Expires: Mon, 28 Nov 2022 00:34:53 GMT
Last-Modified: Sat, 26 Nov 2022 00:12:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 278
cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
104.17.24.14200 OK 4.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/nosleep/0.11.0/NoSleep.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (10613)
Hash 9653b380e66b38af571efdafa5763f0d
835aa2c117b6b3156a3b439ec302ffa268466c55
3181b9ecf39cca87ae50e71c715a2accc9787ac8655edf1d0fc5195bd688b38f
GET /ajax/libs/nosleep/0.11.0/NoSleep.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 3953
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ed16b69-29bf"
last-modified: Fri, 29 May 2020 20:07:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 26191766
expires: Thu, 16 Nov 2023 04:24:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UoywjRm2l3O7RQysuQx30R5h%2B3wOJelvzGVPyhPUVJS58%2FqpxMGPdfhdGzccW73do8gbtOQTcWgdnVTBgMDw2nfhVYv1lECdui77RcCftJW8xsNVj6%2FMrYjQs3IciiGf8gWocwK%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76ffdb450dabb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
151.101.85.229200 OK 67 kB URL HTTP/2 cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash abdd26bf39ab05e9898e3cf1ddbd3fd9
93521bf8e710e9ec024f0e9e24441ccd81c4a6f1
06c56ad9020dc6ef1a5d0141d5c172c0029d18f2dafe0b79a84bb0c4db2aa52d
GET /npm/yandex-metrica-watch/watch.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.249.0
x-jsd-version-type: version
etag: W/"28441-HHcPD8UUl0943tDpENjh6gMs5yQ"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 04:24:48 GMT
age: 35985
x-served-by: cache-fra-eddf8230043-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 66654
X-Firefox-Spdy: h2
js.gazo.space/index.php?js=jpg4&aaa2
104.21.235.170200 OK 44 kB URL HTTP/2 js.gazo.space/index.php?js=jpg4&aaa2
IP 104.21.235.170:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (6448), with CRLF line terminators
Hash 828a89a876d0447b9bafb85e553a4a2f
6c0f41859df72cbeb325d956d7789c7284e42574
2acce089adcc2686e4d527a6033cc8d17c8d87e50054675b8b02acc3532298a3
GET /index.php?js=jpg4&aaa2 HTTP/1.1
Host: js.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:47 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsgazospacmh--GB-rm2400cb003761024ac465553/index.php?js=jpg4&aaa2
55nloadrate: 0.5559375
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 1736
last-modified: Sat, 26 Nov 2022 03:55:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X2vHg6MrxvfzL%2B9Zm4E36jfF05I5%2BevoWYuKzJ2%2B%2BcQw7B0%2FCgiDRy1MzoydcMd7Zd13RsEl9T5AJ3S5wvaOXZVRXv8So7%2BfbrL48s2iUAj1jUNcEMtrrpq96YHio3vu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76ffdb41ae057798-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 293d0427c374f2f229fe3bcdec9e832a
f74d01e0eaaf70a52ed0022ca62042bc476b9c90
100d8a3cfe2b4fa1362dbc134a6498b0473f68d85d6927d0eefa9f19412f1e23
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 04:24:48 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2124B41A4F24A57E4D633CC3E8E050FFADFAFEB9"
Expires: Sat, 26 Nov 2022 15:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1310
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76ffdb458b53fac0-OSL
www.googletagmanager.com/gtag/js?id=UA-620120-3
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-620120-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash a85c0076473a7de6b9ee6236f1336301
dd78ac721bf72d28cd8183bf5bf5631855a559e2
9c528e60144c3d5ec6020eba7d3b65874e6578d18540f93e02e5ae84010946ee
GET /gtag/js?id=UA-620120-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 04:24:48 GMT
expires: Sat, 26 Nov 2022 04:24:48 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43652
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15487
Expires: Sat, 26 Nov 2022 08:42:55 GMT
Date: Sat, 26 Nov 2022 04:24:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15487
Expires: Sat, 26 Nov 2022 08:42:55 GMT
Date: Sat, 26 Nov 2022 04:24:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15487
Expires: Sat, 26 Nov 2022 08:42:55 GMT
Date: Sat, 26 Nov 2022 04:24:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15487
Expires: Sat, 26 Nov 2022 08:42:55 GMT
Date: Sat, 26 Nov 2022 04:24:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c135ab961de12d926b94f9abae8adbe
139f48ea60880efc6d2977f4d3141809f22adfef
1578a994e7c4eef451f1c744116caa95e1aa995c4817a13832f1ac3487cea95d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2944
x-amzn-requestid: 8f1b2573-39ab-442e-8c6e-97538a28aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWXXEjJIAMFu1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813762-52f27ff536b0c3b84bdfba8e;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:45:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9hy8v_azPZzuVRv1VN61DoNWbfA83JPs4JcZfRyLo3j6HCtWv_gkNw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:48 GMT
age: 23760
etag: "139f48ea60880efc6d2977f4d3141809f22adfef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 84020
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaa084a5-6673-4918-8b26-e359fdbd5c53.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaa084a5-6673-4918-8b26-e359fdbd5c53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0cfec0de07b11c3b4b2bde82a9d85395
c6a37206ae6327b5626ee48675638fb3b79eaf2b
b5cd58f099675e96d8f28b633c18db2aab90f1e7e0f593cd38e654f1956c53c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaa084a5-6673-4918-8b26-e359fdbd5c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10966
x-amzn-requestid: 9c8cca96-85d6-4256-9f64-e7ed26946e99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOLHMPoAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358d-2857476f6bdd231525a041f8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BvVDw2WpkhgODREwoilGkb1D-mT5E08DC0B14eIlpe7NupmgUSKTfQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:31:20 GMT
age: 21208
etag: "c6a37206ae6327b5626ee48675638fb3b79eaf2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9ff3e15-6cd5-46f6-800f-5ad08b71ffbc.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9ff3e15-6cd5-46f6-800f-5ad08b71ffbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56d1528e942a2aa2a7f3f6a85f71e277
475980dd8b123ad0acdd54c441271bacad56489f
01f9bd707598d6cb869856ad01d1087f5abc8298727805f61266f6e823814cb8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9ff3e15-6cd5-46f6-800f-5ad08b71ffbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10209
x-amzn-requestid: e6cf9a8b-bbdc-4978-a186-ffc82b369066
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWINF69oAMF5RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813701-35f60a7425e3617e672916c9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:43:29 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NpYcqTynn1gdtbZInm4lBnTo9N6ev2jp0Rn6ozMhQlh8kVJ9orQWnw==
via: 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:35:20 GMT
age: 20968
etag: "475980dd8b123ad0acdd54c441271bacad56489f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9443750de7962c9e235cbb6dbda24df0
05de7f68103849bd0cd80a704ef97685d0150800
d84e37f9bfd9888a385364c52cdc0d817aa680ee0a83e579ca1f1083f1131468
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12505
x-amzn-requestid: a89c780f-e1a4-451e-842b-656ba43958be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOeHzfIAMFpGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358f-3478b6c81d94ec65388bd3da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5zG4aexCKPFQiK74gstk7S4kWT20BfHdu07UOz955omfjsCulbFUyA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
age: 23904
etag: "05de7f68103849bd0cd80a704ef97685d0150800"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HgiyaodE2vJx5JL8QfOiTersSAgAwq74gtsPkpHUhnQ3In2vZ-3rbQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:09 GMT
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
age: 21099
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 165cba3b19d24ec30fb5c56f192c7a9b
6b00f9f617c619b939efe4cc094a77180a8e7ecf
9cd66ab950654c9a7323b539e995ab26d7af932a44eabf516bcf4cbf4635e289
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 04:24:48 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Wed, 30 Nov 2022 02:53:44 GMT
ETag: "6b00f9f617c619b939efe4cc094a77180a8e7ecf"
Last-Modified: Sat, 26 Nov 2022 02:53:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1669
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76ffdb476baefac0-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3af2cd1da4f6178d8734f043fa6876d
34a4a1fefbc8c64c98b5995c245a284f68112f67
b751b21ab4c10fb70b4dfc4813a6598d99b5578b1c263cddf6dd4679d75f671a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B751B21AB4C10FB70B4DFC4813A6598D99B5578B1C263CDDF6DD4679D75F671A"
Last-Modified: Fri, 25 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5462
Expires: Sat, 26 Nov 2022 05:55:50 GMT
Date: Sat, 26 Nov 2022 04:24:48 GMT
Connection: keep-alive
jsjs.gazo.space/index.php?js=very
104.21.235.169200 OK 451 B URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 104.21.235.169:0
File type ASCII text, with no line terminators
Hash 976223643382148d9ef422ea33a159e3
f35de39623d8ab7a09f12b6007f0e0102c7de3b5
cb55afafcfc6a9803ad963631988afbb52396373e90a06832d10d705cba32f9d
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:48 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003771024ac465a7/index.php?js=very
55nloadrate: 0.4021875
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWpNfzjTGLrahfVq3qXHzk9ksUwHvhZrGYsrxst2Dg%2FfCdOHhwcNQ4sctwZlxh95dMU5Zd9RM%2FFPP3YY2kU%2FG%2FBTtj1jhiOzjIpconGIRWm3WqQNJoUgwQ%2BOeYj0%2Fly94DY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76ffdb418df9885f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e3d5e80fdb.8659c84895.com/eecac4af0b33c918bd2ed3510a0e46ed.js
45.133.44.24200 OK 35 kB URL HTTP/2 e3d5e80fdb.8659c84895.com/eecac4af0b33c918bd2ed3510a0e46ed.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash bd1a83504c6d65e095d90d82d7e7c22d
44eab82912183295a56dc3625bb479372819d828
e371e58d74df1e83484c2c0dba426acf8dbf5d764cdabeae0eedd051c736cae8
Analyzer Verdict Alert quad9 Sinkholed
GET /eecac4af0b33c918bd2ed3510a0e46ed.js HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:48 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 15 Nov 2022 13:38:16 GMT
etag: W/"63739648-17810"
content-encoding: gzip
expires: Sat, 26 Nov 2022 04:29:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
e3d5e80fdb.8659c84895.com/a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=a
45.133.44.24200 OK 2.8 kB URL HTTP/2 e3d5e80fdb.8659c84895.com/a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=a
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash f29c0188729b6330f94de91c2f82b0c1
284c2aea5a8c670d04ccfd052d3154b32d430a25
1c79f734c5cd79ea65762669f0199ab8ccd72feecfdae902ff229d92e5a687f0
Analyzer Verdict Alert quad9 Sinkholed
GET /a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=a HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:48 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 26 Nov 2022 04:29:48 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 26 Nov 2022 04:29:48 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cndata.jpg4.pw/favicon.ico
97.74.80.164404 Not Found 184 B URL HTTP/1.1 cndata.jpg4.pw/favicon.ico
IP 97.74.80.164:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c47ccd27e20577113190cce275183f09
64d58e43ef45374058be8257d497a6bac2123fdb
2d7de9752e1924cb43052125ec78a50427af6828fdb05ac011c7e0a35e97c464
GET /favicon.ico HTTP/1.1
Host: cndata.jpg4.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cndata.jpg4.pw/index.php?oldhot=all
Cookie: cnt=0; _ym_uid=1669436688699701096; _ym_d=1669436688
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Sat, 26 Nov 2022 04:24:48 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
X-Proxy-Cache-RZ: STALE
Content-Encoding: gzip
X-Proxy-Cache-gjp: HIT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9cab555e32fe20961a2378c1d4c63420
5fa0f3e1374827838e0da4e75d49884a3e3865a3
f26456b6fe0acd12a42c5d907172f6d70053b5ed9ce2c37582ddf459d6224ad3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F26456B6FE0ACD12A42C5D907172F6D70053B5ED9CE2C37582DDF459D6224AD3"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3584
Expires: Sat, 26 Nov 2022 05:24:33 GMT
Date: Sat, 26 Nov 2022 04:24:49 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://cndata.jpg4.pw/
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 26 Nov 2022 04:24:49 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://cndata.jpg4.pw
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
fp.metricswpsh.com/fp?tag_id=23782
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=23782
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=23782 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22282
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 26 Nov 2022 04:24:49 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://cndata.jpg4.pw
Set-Cookie: id=1536731907009817820; Expires=Sun, 26 Nov 2023 04:24:49 GMT; Secure; SameSite=None
Vary: Origin
notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=a
88.198.200.22200 OK 2.3 kB URL HTTP/2 notification.tubecup.net/tags?tag_id=23782&timezone_olson=UTC&version_name=a
IP 88.198.200.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (2268), with no line terminators
Hash f2a2d9db3c7ea3ce7629f3c1f8ea1dc7
70b02c8e06420008bb2a9506db8d01a75bb7dd5e
c777eea2c2fa757dfb57e4d923f3fda52368c3d1c8a8dd0e9dfe3b1c0cb6d311
GET /tags?tag_id=23782&timezone_olson=UTC&version_name=a HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 26 Nov 2022 04:24:49 GMT
content-type: application/json
content-length: 2268
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a19657c8cd67bcddc4705d8f9c4200c5
2f236fff559e31e6790966fffb144a9728da2a82
18b8bb2220d41fa67a107a94891317223cb4b7ae0d997064ed9386a484fe49cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18B8BB2220D41FA67A107A94891317223CB4B7AE0D997064ED9386A484FE49CF"
Last-Modified: Fri, 25 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5525
Expires: Sat, 26 Nov 2022 05:56:54 GMT
Date: Sat, 26 Nov 2022 04:24:49 GMT
Connection: keep-alive
1041598d1a.da1a0e7bb3.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5MjM0MzIyMDkyMDc5Mzk3MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMiIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41NSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU5JTgxJThFJUU1JThFJUJCJUUzJTgxJUFFJUU0JUJBJUJBJUU2JUIwJTk3JUUzJTgyJUFEJUUzJTgzJUJDJUUzJTgzJUFGJUUzJTgzJUJDJUUzJTgzJTg5JUU1JTgwJTg5JUU1JUJBJUFCJTJDRGFpbHklMkNob3QlMkNzZWFyY2glMkNwaHJhc2VzJUVGJUJDJTg4JUU1JUJEJTkzJUU2JTk3JUE1JUU0JUJBJUJBJUU2JUIwJTk3JUU5JUEwJTg2JUVGJUJDJTg5JTIwIn0=
45.133.44.25200 OK 0 B URL HTTP/2 1041598d1a.da1a0e7bb3.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5MjM0MzIyMDkyMDc5Mzk3MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMiIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41NSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU5JTgxJThFJUU1JThFJUJCJUUzJTgxJUFFJUU0JUJBJUJBJUU2JUIwJTk3JUUzJTgyJUFEJUUzJTgzJUJDJUUzJTgzJUFGJUUzJTgzJUJDJUUzJTgzJTg5JUU1JTgwJTg5JUU1JUJBJUFCJTJDRGFpbHklMkNob3QlMkNzZWFyY2glMkNwaHJhc2VzJUVGJUJDJTg4JUU1JUJEJTkzJUU2JTk3JUE1JUU0JUJBJUJBJUU2JUIwJTk3JUU5JUEwJTg2JUVGJUJDJTg5JTIwIn0=
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5MjM0MzIyMDkyMDc5Mzk3MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMiIsInRhZ19pZCI6MjM3ODIsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC41NSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJUU5JTgxJThFJUU1JThFJUJCJUUzJTgxJUFFJUU0JUJBJUJBJUU2JUIwJTk3JUUzJTgyJUFEJUUzJTgzJUJDJUUzJTgzJUFGJUUzJTgzJUJDJUUzJTgzJTg5JUU1JTgwJTg5JUU1JUJBJUFCJTJDRGFpbHklMkNob3QlMkNzZWFyY2glMkNwaHJhc2VzJUVGJUJDJTg4JUU1JUJEJTkzJUU2JTk3JUE1JUU0JUJBJUJBJUU2JUIwJTk3JUU5JUEwJTg2JUVGJUJDJTg5JTIwIn0= HTTP/1.1
Host: 1041598d1a.da1a0e7bb3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:49 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f385e56c7fd9fc36de628ab71e38cd9e
c1c9520bb7213ebdf82d851f9278befaa3fe75e0
286c78a9006043094602c7a88b91622683f7fefc0c7f6767627c1aabddb26ee2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "286C78A9006043094602C7A88B91622683F7FEFC0C7F6767627C1AABDDB26EE2"
Last-Modified: Wed, 23 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13044
Expires: Sat, 26 Nov 2022 08:02:13 GMT
Date: Sat, 26 Nov 2022 04:24:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 98ea967650cd81755b272e43ee9e2a56
d186462c5c52272cb0a6d3b698e6a717a9914e45
ddeeb6fb942cc85e0b150223d635d5996d12fde30bdbe505537886c8e0f543cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDEEB6FB942CC85E0B150223D635D5996D12FDE30BDBE505537886C8E0F543CD"
Last-Modified: Wed, 23 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10389
Expires: Sat, 26 Nov 2022 07:17:58 GMT
Date: Sat, 26 Nov 2022 04:24:49 GMT
Connection: keep-alive
e3d5e80fdb.8659c84895.com/81a904aea6b7338289ed7316c86e3727.js
45.133.44.24200 OK 73 kB URL HTTP/2 e3d5e80fdb.8659c84895.com/81a904aea6b7338289ed7316c86e3727.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash c2b300e5f3345aa192e663c4f7265de1
c7c64fb0817e9cbf7f151094687b2fde7a548dc5
619fc2b4d96c1da2b3c04d5ebe03cfd7da53b264f5bf2d76298cc5cd872ff7dd
Analyzer Verdict Alert quad9 Sinkholed
GET /81a904aea6b7338289ed7316c86e3727.js HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:49 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 22 Nov 2022 16:27:58 GMT
etag: W/"637cf88e-48777"
content-encoding: gzip
expires: Sat, 26 Nov 2022 04:29:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cc8ffe7ceb.da1a0e7bb3.com/in/multy
157.90.84.246204 No Content 0 B URL HTTP/2 cc8ffe7ceb.da1a0e7bb3.com/in/multy
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: cc8ffe7ceb.da1a0e7bb3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://cndata.jpg4.pw/
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 26 Nov 2022 04:24:49 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
e3d5e80fdb.8659c84895.com/10a97da5a56bf3f19b5c5a93f873ab36.js
45.133.44.24200 OK 29 kB URL HTTP/2 e3d5e80fdb.8659c84895.com/10a97da5a56bf3f19b5c5a93f873ab36.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash c327f394315195d812c425da0356b3be
6647566e100ebd46c567a8794ac1d93146535c33
0debca0bf7a7ee7731f05dcf54095cce7684ac80baa32ead203c7f61954f5d80
Analyzer Verdict Alert quad9 Sinkholed
GET /10a97da5a56bf3f19b5c5a93f873ab36.js HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:49 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 13 Oct 2022 09:19:10 GMT
etag: W/"6347d80e-16007"
content-encoding: gzip
expires: Sat, 26 Nov 2022 04:29:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cc8ffe7ceb.da1a0e7bb3.com/in/multy
157.90.84.246200 OK 19 kB URL HTTP/2 cc8ffe7ceb.da1a0e7bb3.com/in/multy
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18869), with no line terminators
Hash 72d8d0cb1f4ef37139f41a2e931c3a28
acd49ae560a0d42570518d9e4293485d9ad61682
f0516bd3b2e02f1f200aa5cb12ee67a4e9b2923c0893ec46385683bd20156737
Analyzer Verdict Alert quad9 Sinkholed
POST /in/multy HTTP/1.1
Host: cc8ffe7ceb.da1a0e7bb3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 913
Origin: http://cndata.jpg4.pw
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: application/json
content-length: 18871
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
cc8ffe7ceb.da1a0e7bb3.com/in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=2695&price=0.00096&is_cpm=0&cpm=0&ecpm=0.027829822321178435&crid=&crtid=1cb8074d31280e2c1629b641e5cf110a&tcid=0&out_id=1&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669523089&created_at=2022-11-26&is_native=2&auction_queue=0&burl=qOiyzHkor4QTgnMtKwOXpZ2TwVJzEVnedfBbuUdb4DyvvqBOlT7uww&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.016351733063005944&placement_type_id=&skin_test=0&verify_hash=873b9d7956cf97808367e4e5377eae10&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.00096&user_fp=0&v2_track=0&url=OBXqI1LSfc8mB051RBZjcR-ij7pcCEfNEwaE6vKLUnn1jukrOHyrCy8kgS2NmXSX3gdBcqT7C0Y8H5nXVpswJdsBNOy9h6vcSzJejxOqLjaZqcia_aCzpT6NQykO9FyB7f5LE4dl09HuZlxQXziAWoUvhSAH2IQVVBWsYDLqyAo0foGnbw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_488724abcaceb568485f5344782133fb4ca44b06.webp&skin_id=2&vertical_id=0&real_bid=0.0007672320000000001&pr=av.sagac.info&user_keywords=&auc_type=1&aid=221&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=05310f57-c41f-4df0-b94a-bdcf81c7321b
157.90.84.246302 Found 0 B URL HTTP/2 cc8ffe7ceb.da1a0e7bb3.com/in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=2695&price=0.00096&is_cpm=0&cpm=0&ecpm=0.027829822321178435&crid=&crtid=1cb8074d31280e2c1629b641e5cf110a&tcid=0&out_id=1&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669523089&created_at=2022-11-26&is_native=2&auction_queue=0&burl=qOiyzHkor4QTgnMtKwOXpZ2TwVJzEVnedfBbuUdb4DyvvqBOlT7uww&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.016351733063005944&placement_type_id=&skin_test=0&verify_hash=873b9d7956cf97808367e4e5377eae10&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.00096&user_fp=0&v2_track=0&url=OBXqI1LSfc8mB051RBZjcR-ij7pcCEfNEwaE6vKLUnn1jukrOHyrCy8kgS2NmXSX3gdBcqT7C0Y8H5nXVpswJdsBNOy9h6vcSzJejxOqLjaZqcia_aCzpT6NQykO9FyB7f5LE4dl09HuZlxQXziAWoUvhSAH2IQVVBWsYDLqyAo0foGnbw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_488724abcaceb568485f5344782133fb4ca44b06.webp&skin_id=2&vertical_id=0&real_bid=0.0007672320000000001&pr=av.sagac.info&user_keywords=&auc_type=1&aid=221&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=05310f57-c41f-4df0-b94a-bdcf81c7321b
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=2695&price=0.00096&is_cpm=0&cpm=0&ecpm=0.027829822321178435&crid=&crtid=1cb8074d31280e2c1629b641e5cf110a&tcid=0&out_id=1&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669523089&created_at=2022-11-26&is_native=2&auction_queue=0&burl=qOiyzHkor4QTgnMtKwOXpZ2TwVJzEVnedfBbuUdb4DyvvqBOlT7uww&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3117050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.016351733063005944&placement_type_id=&skin_test=0&verify_hash=873b9d7956cf97808367e4e5377eae10&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.00096&user_fp=0&v2_track=0&url=OBXqI1LSfc8mB051RBZjcR-ij7pcCEfNEwaE6vKLUnn1jukrOHyrCy8kgS2NmXSX3gdBcqT7C0Y8H5nXVpswJdsBNOy9h6vcSzJejxOqLjaZqcia_aCzpT6NQykO9FyB7f5LE4dl09HuZlxQXziAWoUvhSAH2IQVVBWsYDLqyAo0foGnbw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_488724abcaceb568485f5344782133fb4ca44b06.webp&skin_id=2&vertical_id=0&real_bid=0.0007672320000000001&pr=av.sagac.info&user_keywords=&auc_type=1&aid=221&ext_cid=0&device_theme=light&keywords=&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=05310f57-c41f-4df0-b94a-bdcf81c7321b HTTP/1.1
Host: cc8ffe7ceb.da1a0e7bb3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 26 Nov 2022 04:24:50 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06_icon.webp
X-Firefox-Spdy: h2
cc8ffe7ceb.da1a0e7bb3.com/in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.034488&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669609489&created_at=2022-11-26&is_native=1&auction_queue=0&burl=RI4yKT06098WK1AhRk4fOOaNxP785CmkdRHuyDE3cjfqtlNZgpQUbQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7317050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0006716019367574212&placement_type_id=&skin_test=0&verify_hash=4c70757733bc1e7e18476295eaf61b34&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2_track=0&url=RoFJH990ZtduwICDDFSb87JYzHk4CrxhTavDYD2CrPw8VAJd3kSNfpJ9bvl2WCKgX72L8AdOWi-7Tct7aZoY4P_A7T8sYM-ta_ea0P43wBP9276lP7vdiD_itq8ANPJNObB1pFQ6QkUSlhF9SmqcUjBwVajkgiXgQ2AMFibuNahpizLnY68CU6OOLXihZl1-F04wgmq-2GoQuXovEHkGAuKUPjo8Dj_HUJe2H6OoK3RTKihkmop21TtW2JAjhDGHRc7nBCH2eo9tZ2IGC66rXXPpvfrv0gWOz9KcQmd-z_yw9i4Ssvz4EYxauuq4uWMMcopF_Fu7Ebvlg06oM8wNqeRmXVV0fghQIMSRVMnQFfae_cO3Wf4pOMBu9mHCJnFICl60F64kmEtZwyI7ugTqOHdu7CdJvfmmYhDsp2_OzUvV4gXwLe3BEg5omJxaIkorABA443FrEAodQdW_6SpM6LFjjUOPrDozG7JQcn_dvUBesWeiQkO4T4bLf55osCqP2oGKakvCccfojXk7cTmoRnoEfN_Zq-jfKSQi4pc3wFOQfmpZbppPRbrdwyDxwTbMlzmFem3xs8q7jQYBPOX7jkpdm5yp4u_TRC0ieHMbHpP4hSj3bVqW-nQfJv3YVSInKngTrmsxrnLm_M6c4iYBz9YkiY-TGDtyoB-3UgrSeTCEuTap7DJcJinlr_KBhbE9os2tz8HlLbZrhSo_S0o5iUvYtKTGvYMHpMH6GUhpZcf1E5pvFwY9MZN1paP67pOEEwcTKQL6X4Q2VMtODSvU3TGtaZSqoTtvqQAbpJ_6cV7lO9PNgW5trOZadSBJ5Nmvw-aTLXTalkm2WCOiTdoNf7aPgvARh1-OSo6VFFY1e_Piz1L4z67iTTeNCnq5mES0whUSqcYer2QGZUV-7M8ozynXuedTl0wb6AdO8odQ5gq8cHOFVoDtGCYcpnAU8I2gZgIs_qjboEgFbB4ONZ-uSbYFDzvAEDA3ILCWUcWUNLPU5nQbJz-t4M6_cP3mp5jZVJB7fS8_5qoMKz0sm8nWL-vXmdkslRM63VPH3IdEzvoEkvK2UhJZXqMaf7y_wFT0vsQMItf2U6zEydOYruaWaFR3oDlEN_04hKirZjFfqNH6t_zuXOMytavOgVxB9OMz6DEp-zXHnUD1wJlGxCm3sAAQcvO-XSZ-gO4XziWjOE4hLQZxNCyArfTz-6uGtqhh7ITSrf8a23ceh3LmhlGX2T38orcl_AYoy7hOpgRFIMUtgx5yysa3YvkCd9XyWODGQuofvAPPoj6oUlVF2-9_j4cwMrmdAm-MCoCFvnEFTuXPgo9s6mOlFzYY0h_g2mCbwOFRZCRrPWMsEtetfjSkWKMn5RStadVuNXhCpo8YNWK6FR-ndZLXqdWGYZQQV2WwqbcL3HJ-LKalqTLPO2ExZYoq3VciY-MO-oFl-wJmyLZc7VFA6n-PWTRdWCoPzWL4h6NTdUyXGL5dyQfNsttUEYvvb_0GVtH-AGdkl0yLTwcjtBMYyS-NOuHtdC-Pmw6XkxbDZPDq0qWfUBhl171iqFT8aBXrvYxhFFrqproqqUvnKTdlubg8elucYsU57WtTB0qLW9nK0eXLCWK_RujrjvbxeAN9KfLqP5QQQ7mqh5dbh_WcAaB5R5tV8PZ-0I7WO19PFIt_x4Ih3m7AHsz-lDsvZBiN-bVWS-cFbydHZIJWxIguf07HQiQGqNyJyrbX_lVZN5k0FOi_ikhqhMhDTXQOp3oaHECeuf0HoL4HsZItUR9NSkNnW3vYlZ0&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.034488&pr=av.sagac.info&user_keywords=&auc_type=1&aid=127&ext_cid=38905&device_theme=light&keywords=&format=default-slide-b_r-body&cpa=d9fd7519-1adc-4dc7-a7fd-cb81cf719580
157.90.84.246302 Found 0 B URL HTTP/2 cc8ffe7ceb.da1a0e7bb3.com/in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.034488&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669609489&created_at=2022-11-26&is_native=1&auction_queue=0&burl=RI4yKT06098WK1AhRk4fOOaNxP785CmkdRHuyDE3cjfqtlNZgpQUbQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7317050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0006716019367574212&placement_type_id=&skin_test=0&verify_hash=4c70757733bc1e7e18476295eaf61b34&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2_track=0&url=RoFJH990ZtduwICDDFSb87JYzHk4CrxhTavDYD2CrPw8VAJd3kSNfpJ9bvl2WCKgX72L8AdOWi-7Tct7aZoY4P_A7T8sYM-ta_ea0P43wBP9276lP7vdiD_itq8ANPJNObB1pFQ6QkUSlhF9SmqcUjBwVajkgiXgQ2AMFibuNahpizLnY68CU6OOLXihZl1-F04wgmq-2GoQuXovEHkGAuKUPjo8Dj_HUJe2H6OoK3RTKihkmop21TtW2JAjhDGHRc7nBCH2eo9tZ2IGC66rXXPpvfrv0gWOz9KcQmd-z_yw9i4Ssvz4EYxauuq4uWMMcopF_Fu7Ebvlg06oM8wNqeRmXVV0fghQIMSRVMnQFfae_cO3Wf4pOMBu9mHCJnFICl60F64kmEtZwyI7ugTqOHdu7CdJvfmmYhDsp2_OzUvV4gXwLe3BEg5omJxaIkorABA443FrEAodQdW_6SpM6LFjjUOPrDozG7JQcn_dvUBesWeiQkO4T4bLf55osCqP2oGKakvCccfojXk7cTmoRnoEfN_Zq-jfKSQi4pc3wFOQfmpZbppPRbrdwyDxwTbMlzmFem3xs8q7jQYBPOX7jkpdm5yp4u_TRC0ieHMbHpP4hSj3bVqW-nQfJv3YVSInKngTrmsxrnLm_M6c4iYBz9YkiY-TGDtyoB-3UgrSeTCEuTap7DJcJinlr_KBhbE9os2tz8HlLbZrhSo_S0o5iUvYtKTGvYMHpMH6GUhpZcf1E5pvFwY9MZN1paP67pOEEwcTKQL6X4Q2VMtODSvU3TGtaZSqoTtvqQAbpJ_6cV7lO9PNgW5trOZadSBJ5Nmvw-aTLXTalkm2WCOiTdoNf7aPgvARh1-OSo6VFFY1e_Piz1L4z67iTTeNCnq5mES0whUSqcYer2QGZUV-7M8ozynXuedTl0wb6AdO8odQ5gq8cHOFVoDtGCYcpnAU8I2gZgIs_qjboEgFbB4ONZ-uSbYFDzvAEDA3ILCWUcWUNLPU5nQbJz-t4M6_cP3mp5jZVJB7fS8_5qoMKz0sm8nWL-vXmdkslRM63VPH3IdEzvoEkvK2UhJZXqMaf7y_wFT0vsQMItf2U6zEydOYruaWaFR3oDlEN_04hKirZjFfqNH6t_zuXOMytavOgVxB9OMz6DEp-zXHnUD1wJlGxCm3sAAQcvO-XSZ-gO4XziWjOE4hLQZxNCyArfTz-6uGtqhh7ITSrf8a23ceh3LmhlGX2T38orcl_AYoy7hOpgRFIMUtgx5yysa3YvkCd9XyWODGQuofvAPPoj6oUlVF2-9_j4cwMrmdAm-MCoCFvnEFTuXPgo9s6mOlFzYY0h_g2mCbwOFRZCRrPWMsEtetfjSkWKMn5RStadVuNXhCpo8YNWK6FR-ndZLXqdWGYZQQV2WwqbcL3HJ-LKalqTLPO2ExZYoq3VciY-MO-oFl-wJmyLZc7VFA6n-PWTRdWCoPzWL4h6NTdUyXGL5dyQfNsttUEYvvb_0GVtH-AGdkl0yLTwcjtBMYyS-NOuHtdC-Pmw6XkxbDZPDq0qWfUBhl171iqFT8aBXrvYxhFFrqproqqUvnKTdlubg8elucYsU57WtTB0qLW9nK0eXLCWK_RujrjvbxeAN9KfLqP5QQQ7mqh5dbh_WcAaB5R5tV8PZ-0I7WO19PFIt_x4Ih3m7AHsz-lDsvZBiN-bVWS-cFbydHZIJWxIguf07HQiQGqNyJyrbX_lVZN5k0FOi_ikhqhMhDTXQOp3oaHECeuf0HoL4HsZItUR9NSkNnW3vYlZ0&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.034488&pr=av.sagac.info&user_keywords=&auc_type=1&aid=127&ext_cid=38905&device_theme=light&keywords=&format=default-slide-b_r-body&cpa=d9fd7519-1adc-4dc7-a7fd-cb81cf719580
IP 157.90.84.246:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=7862350779409703412&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=809032184&sid=3104803553&cid=12694&price=0&is_cpm=1&cpm=0.036&ecpm=0.034488&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.5.1&ver_c=&refdom=cndata.jpg4.pw&hostname=auc-inpage-hz-7-c&site_id=3117050&spot_id=17050&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1669609489&created_at=2022-11-26&is_native=1&auction_queue=0&burl=RI4yKT06098WK1AhRk4fOOaNxP785CmkdRHuyDE3cjfqtlNZgpQUbQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7317050&adblock=0&auction_host=dch_ip&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.0006716019367574212&placement_type_id=&skin_test=0&verify_hash=4c70757733bc1e7e18476295eaf61b34&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D809032184%26spot_id%3D17050%26is_adult%3D1%26p%3Dhttp%253A%252F%252Fcndata.jpg4.pw%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=a&original_bid=0.036&user_fp=0&v2_track=0&url=RoFJH990ZtduwICDDFSb87JYzHk4CrxhTavDYD2CrPw8VAJd3kSNfpJ9bvl2WCKgX72L8AdOWi-7Tct7aZoY4P_A7T8sYM-ta_ea0P43wBP9276lP7vdiD_itq8ANPJNObB1pFQ6QkUSlhF9SmqcUjBwVajkgiXgQ2AMFibuNahpizLnY68CU6OOLXihZl1-F04wgmq-2GoQuXovEHkGAuKUPjo8Dj_HUJe2H6OoK3RTKihkmop21TtW2JAjhDGHRc7nBCH2eo9tZ2IGC66rXXPpvfrv0gWOz9KcQmd-z_yw9i4Ssvz4EYxauuq4uWMMcopF_Fu7Ebvlg06oM8wNqeRmXVV0fghQIMSRVMnQFfae_cO3Wf4pOMBu9mHCJnFICl60F64kmEtZwyI7ugTqOHdu7CdJvfmmYhDsp2_OzUvV4gXwLe3BEg5omJxaIkorABA443FrEAodQdW_6SpM6LFjjUOPrDozG7JQcn_dvUBesWeiQkO4T4bLf55osCqP2oGKakvCccfojXk7cTmoRnoEfN_Zq-jfKSQi4pc3wFOQfmpZbppPRbrdwyDxwTbMlzmFem3xs8q7jQYBPOX7jkpdm5yp4u_TRC0ieHMbHpP4hSj3bVqW-nQfJv3YVSInKngTrmsxrnLm_M6c4iYBz9YkiY-TGDtyoB-3UgrSeTCEuTap7DJcJinlr_KBhbE9os2tz8HlLbZrhSo_S0o5iUvYtKTGvYMHpMH6GUhpZcf1E5pvFwY9MZN1paP67pOEEwcTKQL6X4Q2VMtODSvU3TGtaZSqoTtvqQAbpJ_6cV7lO9PNgW5trOZadSBJ5Nmvw-aTLXTalkm2WCOiTdoNf7aPgvARh1-OSo6VFFY1e_Piz1L4z67iTTeNCnq5mES0whUSqcYer2QGZUV-7M8ozynXuedTl0wb6AdO8odQ5gq8cHOFVoDtGCYcpnAU8I2gZgIs_qjboEgFbB4ONZ-uSbYFDzvAEDA3ILCWUcWUNLPU5nQbJz-t4M6_cP3mp5jZVJB7fS8_5qoMKz0sm8nWL-vXmdkslRM63VPH3IdEzvoEkvK2UhJZXqMaf7y_wFT0vsQMItf2U6zEydOYruaWaFR3oDlEN_04hKirZjFfqNH6t_zuXOMytavOgVxB9OMz6DEp-zXHnUD1wJlGxCm3sAAQcvO-XSZ-gO4XziWjOE4hLQZxNCyArfTz-6uGtqhh7ITSrf8a23ceh3LmhlGX2T38orcl_AYoy7hOpgRFIMUtgx5yysa3YvkCd9XyWODGQuofvAPPoj6oUlVF2-9_j4cwMrmdAm-MCoCFvnEFTuXPgo9s6mOlFzYY0h_g2mCbwOFRZCRrPWMsEtetfjSkWKMn5RStadVuNXhCpo8YNWK6FR-ndZLXqdWGYZQQV2WwqbcL3HJ-LKalqTLPO2ExZYoq3VciY-MO-oFl-wJmyLZc7VFA6n-PWTRdWCoPzWL4h6NTdUyXGL5dyQfNsttUEYvvb_0GVtH-AGdkl0yLTwcjtBMYyS-NOuHtdC-Pmw6XkxbDZPDq0qWfUBhl171iqFT8aBXrvYxhFFrqproqqUvnKTdlubg8elucYsU57WtTB0qLW9nK0eXLCWK_RujrjvbxeAN9KfLqP5QQQ7mqh5dbh_WcAaB5R5tV8PZ-0I7WO19PFIt_x4Ih3m7AHsz-lDsvZBiN-bVWS-cFbydHZIJWxIguf07HQiQGqNyJyrbX_lVZN5k0FOi_ikhqhMhDTXQOp3oaHECeuf0HoL4HsZItUR9NSkNnW3vYlZ0&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.034488&pr=av.sagac.info&user_keywords=&auc_type=1&aid=127&ext_cid=38905&device_theme=light&keywords=&format=default-slide-b_r-body&cpa=d9fd7519-1adc-4dc7-a7fd-cb81cf719580 HTTP/1.1
Host: cc8ffe7ceb.da1a0e7bb3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.20.1
date: Sat, 26 Nov 2022 04:24:50 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://pn.bquildna43.site/in/tip_shows/?katds_ep=pnonRko4c7XgZOeR3gJhS04h5XTI9f0CIcV42dVOz-jOCvRfEVBXNgDDZ55QN_nu9vziIPTu-jSlUqFvrdGzef-bzivlUhv9po5eXwG0pFrILIXHEtKDq3ECWVIZ0dnqLc8nRn5JzWLIuNVuv4uU_EC1zi7xPq_JdpROAg-CS-zkjLAbH-mevXi5cvixZFQDnox93vKYtLTcak6N6K7oiihEFkPtWeuDz-2sBUO4F2_czztSHvb1zIvBEoOlZHW4GLecdEsowzDiJAaYFPEyJLjMzJTsYazTi0nFtgDyVQY7Vp528yGp3Ty0C_28xpVyEBnFgr2OhXlGhBTNH_jd4sDrVSZPwHKRp97xk_7z7Ih_1oH3oKH1yqUIPz74A5zNXOq22D7Lo-McQs6ec0ZkurMRFvk54jRNjwll90p_W7hPQyxJDL-UWbzdARjQ8C5DIszhTxwWAgITIXWH8q0okXUqzt0ieK1rePMhs-9mVdyFxQhW2zjkYOQDxQWEh0Qc7Z5f3PLMVELzohmwvpAV6J7Q4T4TIIvLFB2j0OACFxOd5-MkQXy0FCHOcc9JGAYUFLIdorDxiR4HDD_nhOVQhGfMHVug69hQl3mQbZ_HTlXrRfpXhukCBmJAFRHaWMYV5baLndTgJYV0NU5FvrL2S6LcDcNmb4E3cpnWU1jrpI4zNPCpBsSg_w54fRui6FsLJc8ZZ4gN_7HqyHuzCa6BTen0MRCsyf84HVWp_LoE2ql4Ct6EJx6W1UIprgeheeArPVxM3BPeJNqn2529SUSGv2D-SBhHZkgStehZxovjlIpEqCcXtihPCin7qy05xa0M9mOabp9cYZZw72mXbVdZ3J54gVnLX7Fx8NqFp8ka-aNwvWVozs0hnONoR1lMLkVWcD8VMs_bKVS9Blvo9Qv4lok3sGoFWGwFEeD6O6BS_px-foXFt4fqz7Y1mH9UwQZkGondapEZr-icxu6KM-3TtMGCgeAVqualNRfzppmTZw3PqDS7MIy3pkzAFjFy6qs3zTIinBcofY8csbJa4YVGcO45bjxB9WlUcL7VwliPetCIz65RvCzSTQwYVx3QrU4cStObYNSyxrypxqr68z2DwEZVuq9i280fePlZBsQrjbNtzibVaU6h5ryW5edYi76GKgvLa9yx4S1cFS76WPlDKmpaeSUE9KP1mP5a8kSxs1pS4WEIJw1zSNqetitn0xpCaqqr0yFEwBrGAU4&sp=${SECOND_PRICE}
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e42c5e40c28577c157d80722def05e75
aca3b0f470ccf77a0648b840f51aee7f5858976b
dcac9fd537159c18d669d30c50c466a7182babe613effb36cd518ff27b1cf309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5435
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:50 GMT
Last-Modified: Sat, 26 Nov 2022 02:54:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
pn.bquildna43.site/in/tip_shows/?katds_ep=pnonRko4c7XgZOeR3gJhS04h5XTI9f0CIcV42dVOz-jOCvRfEVBXNgDDZ55QN_nu9vziIPTu-jSlUqFvrdGzef-bzivlUhv9po5eXwG0pFrILIXHEtKDq3ECWVIZ0dnqLc8nRn5JzWLIuNVuv4uU_EC1zi7xPq_JdpROAg-CS-zkjLAbH-mevXi5cvixZFQDnox93vKYtLTcak6N6K7oiihEFkPtWeuDz-2sBUO4F2_czztSHvb1zIvBEoOlZHW4GLecdEsowzDiJAaYFPEyJLjMzJTsYazTi0nFtgDyVQY7Vp528yGp3Ty0C_28xpVyEBnFgr2OhXlGhBTNH_jd4sDrVSZPwHKRp97xk_7z7Ih_1oH3oKH1yqUIPz74A5zNXOq22D7Lo-McQs6ec0ZkurMRFvk54jRNjwll90p_W7hPQyxJDL-UWbzdARjQ8C5DIszhTxwWAgITIXWH8q0okXUqzt0ieK1rePMhs-9mVdyFxQhW2zjkYOQDxQWEh0Qc7Z5f3PLMVELzohmwvpAV6J7Q4T4TIIvLFB2j0OACFxOd5-MkQXy0FCHOcc9JGAYUFLIdorDxiR4HDD_nhOVQhGfMHVug69hQl3mQbZ_HTlXrRfpXhukCBmJAFRHaWMYV5baLndTgJYV0NU5FvrL2S6LcDcNmb4E3cpnWU1jrpI4zNPCpBsSg_w54fRui6FsLJc8ZZ4gN_7HqyHuzCa6BTen0MRCsyf84HVWp_LoE2ql4Ct6EJx6W1UIprgeheeArPVxM3BPeJNqn2529SUSGv2D-SBhHZkgStehZxovjlIpEqCcXtihPCin7qy05xa0M9mOabp9cYZZw72mXbVdZ3J54gVnLX7Fx8NqFp8ka-aNwvWVozs0hnONoR1lMLkVWcD8VMs_bKVS9Blvo9Qv4lok3sGoFWGwFEeD6O6BS_px-foXFt4fqz7Y1mH9UwQZkGondapEZr-icxu6KM-3TtMGCgeAVqualNRfzppmTZw3PqDS7MIy3pkzAFjFy6qs3zTIinBcofY8csbJa4YVGcO45bjxB9WlUcL7VwliPetCIz65RvCzSTQwYVx3QrU4cStObYNSyxrypxqr68z2DwEZVuq9i280fePlZBsQrjbNtzibVaU6h5ryW5edYi76GKgvLa9yx4S1cFS76WPlDKmpaeSUE9KP1mP5a8kSxs1pS4WEIJw1zSNqetitn0xpCaqqr0yFEwBrGAU4&sp=${SECOND_PRICE}
172.67.190.231302 Found 0 B URL HTTP/2 pn.bquildna43.site/in/tip_shows/?katds_ep=pnonRko4c7XgZOeR3gJhS04h5XTI9f0CIcV42dVOz-jOCvRfEVBXNgDDZ55QN_nu9vziIPTu-jSlUqFvrdGzef-bzivlUhv9po5eXwG0pFrILIXHEtKDq3ECWVIZ0dnqLc8nRn5JzWLIuNVuv4uU_EC1zi7xPq_JdpROAg-CS-zkjLAbH-mevXi5cvixZFQDnox93vKYtLTcak6N6K7oiihEFkPtWeuDz-2sBUO4F2_czztSHvb1zIvBEoOlZHW4GLecdEsowzDiJAaYFPEyJLjMzJTsYazTi0nFtgDyVQY7Vp528yGp3Ty0C_28xpVyEBnFgr2OhXlGhBTNH_jd4sDrVSZPwHKRp97xk_7z7Ih_1oH3oKH1yqUIPz74A5zNXOq22D7Lo-McQs6ec0ZkurMRFvk54jRNjwll90p_W7hPQyxJDL-UWbzdARjQ8C5DIszhTxwWAgITIXWH8q0okXUqzt0ieK1rePMhs-9mVdyFxQhW2zjkYOQDxQWEh0Qc7Z5f3PLMVELzohmwvpAV6J7Q4T4TIIvLFB2j0OACFxOd5-MkQXy0FCHOcc9JGAYUFLIdorDxiR4HDD_nhOVQhGfMHVug69hQl3mQbZ_HTlXrRfpXhukCBmJAFRHaWMYV5baLndTgJYV0NU5FvrL2S6LcDcNmb4E3cpnWU1jrpI4zNPCpBsSg_w54fRui6FsLJc8ZZ4gN_7HqyHuzCa6BTen0MRCsyf84HVWp_LoE2ql4Ct6EJx6W1UIprgeheeArPVxM3BPeJNqn2529SUSGv2D-SBhHZkgStehZxovjlIpEqCcXtihPCin7qy05xa0M9mOabp9cYZZw72mXbVdZ3J54gVnLX7Fx8NqFp8ka-aNwvWVozs0hnONoR1lMLkVWcD8VMs_bKVS9Blvo9Qv4lok3sGoFWGwFEeD6O6BS_px-foXFt4fqz7Y1mH9UwQZkGondapEZr-icxu6KM-3TtMGCgeAVqualNRfzppmTZw3PqDS7MIy3pkzAFjFy6qs3zTIinBcofY8csbJa4YVGcO45bjxB9WlUcL7VwliPetCIz65RvCzSTQwYVx3QrU4cStObYNSyxrypxqr68z2DwEZVuq9i280fePlZBsQrjbNtzibVaU6h5ryW5edYi76GKgvLa9yx4S1cFS76WPlDKmpaeSUE9KP1mP5a8kSxs1pS4WEIJw1zSNqetitn0xpCaqqr0yFEwBrGAU4&sp=${SECOND_PRICE}
IP 172.67.190.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=pnonRko4c7XgZOeR3gJhS04h5XTI9f0CIcV42dVOz-jOCvRfEVBXNgDDZ55QN_nu9vziIPTu-jSlUqFvrdGzef-bzivlUhv9po5eXwG0pFrILIXHEtKDq3ECWVIZ0dnqLc8nRn5JzWLIuNVuv4uU_EC1zi7xPq_JdpROAg-CS-zkjLAbH-mevXi5cvixZFQDnox93vKYtLTcak6N6K7oiihEFkPtWeuDz-2sBUO4F2_czztSHvb1zIvBEoOlZHW4GLecdEsowzDiJAaYFPEyJLjMzJTsYazTi0nFtgDyVQY7Vp528yGp3Ty0C_28xpVyEBnFgr2OhXlGhBTNH_jd4sDrVSZPwHKRp97xk_7z7Ih_1oH3oKH1yqUIPz74A5zNXOq22D7Lo-McQs6ec0ZkurMRFvk54jRNjwll90p_W7hPQyxJDL-UWbzdARjQ8C5DIszhTxwWAgITIXWH8q0okXUqzt0ieK1rePMhs-9mVdyFxQhW2zjkYOQDxQWEh0Qc7Z5f3PLMVELzohmwvpAV6J7Q4T4TIIvLFB2j0OACFxOd5-MkQXy0FCHOcc9JGAYUFLIdorDxiR4HDD_nhOVQhGfMHVug69hQl3mQbZ_HTlXrRfpXhukCBmJAFRHaWMYV5baLndTgJYV0NU5FvrL2S6LcDcNmb4E3cpnWU1jrpI4zNPCpBsSg_w54fRui6FsLJc8ZZ4gN_7HqyHuzCa6BTen0MRCsyf84HVWp_LoE2ql4Ct6EJx6W1UIprgeheeArPVxM3BPeJNqn2529SUSGv2D-SBhHZkgStehZxovjlIpEqCcXtihPCin7qy05xa0M9mOabp9cYZZw72mXbVdZ3J54gVnLX7Fx8NqFp8ka-aNwvWVozs0hnONoR1lMLkVWcD8VMs_bKVS9Blvo9Qv4lok3sGoFWGwFEeD6O6BS_px-foXFt4fqz7Y1mH9UwQZkGondapEZr-icxu6KM-3TtMGCgeAVqualNRfzppmTZw3PqDS7MIy3pkzAFjFy6qs3zTIinBcofY8csbJa4YVGcO45bjxB9WlUcL7VwliPetCIz65RvCzSTQwYVx3QrU4cStObYNSyxrypxqr68z2DwEZVuq9i280fePlZBsQrjbNtzibVaU6h5ryW5edYi76GKgvLa9yx4S1cFS76WPlDKmpaeSUE9KP1mP5a8kSxs1pS4WEIJw1zSNqetitn0xpCaqqr0yFEwBrGAU4&sp=${SECOND_PRICE} HTTP/1.1
Host: pn.bquildna43.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cndata.jpg4.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: application/json
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 2357.0=1; expires=Sun, 27 Nov 2022 04:24:50 GMT; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FZiI%2BHjYxrWGufiXPet2iQBX6gUXZybE33fhmWsspq6FjvcdKKKckpaUZFliNJiOJlF3H4YmCuy%2FwMH8yFah%2FOKH%2B62ZNToCQY0HPC9wXAvfO%2BrsXXWv%2BqO8NnEcU4ed9Kvbvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76ffdb55b86db518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e42c5e40c28577c157d80722def05e75
aca3b0f470ccf77a0648b840f51aee7f5858976b
dcac9fd537159c18d669d30c50c466a7182babe613effb36cd518ff27b1cf309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5435
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:50 GMT
Last-Modified: Sat, 26 Nov 2022 02:54:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d7890bae16d4cc8df912a5d9c41575f
f5763282e257a8c80154aa233b821d8316dbfe0e
734bd9b4d59b73ef91dd78c00c83d53293a036a7355afa9b84a946153c642b7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "734BD9B4D59B73EF91DD78C00C83D53293A036A7355AFA9B84A946153C642B7E"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7354
Expires: Sat, 26 Nov 2022 06:27:24 GMT
Date: Sat, 26 Nov 2022 04:24:50 GMT
Connection: keep-alive
static.bookmsg.com/creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06.webp
159.69.161.134200 OK 5.3 kB URL HTTP/2 static.bookmsg.com/creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06.webp
IP 159.69.161.134:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e451f4618502d6197766a095bf5c60ba
03a167dc9a244f1dd6f369597823f132561078e4
9d2569f080dae9f2599a360b0c583fd70d43eba0767ab52fd2d5fb76ae4da6c0
GET /creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: image/webp
content-length: 5260
last-modified: Mon, 30 Nov 2020 08:59:31 GMT
etag: "5fc4b473-148c"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06_icon.webp
159.69.161.134200 OK 694 B URL HTTP/2 static.bookmsg.com/creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06_icon.webp
IP 159.69.161.134:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 68c5a8e10328371a7831a37b3eb23ab7
a85689c2ab329730159728774293ffa744c8f1c7
5771d5318f7d8738f75b9ce6b3f572f7882faecc3b1069f3c85f6615f96f8ec7
GET /creatives/SG/SG_488724abcaceb568485f5344782133fb4ca44b06_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cndata.jpg4.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: image/webp
content-length: 694
last-modified: Mon, 30 Nov 2020 08:59:31 GMT
etag: "5fc4b473-2b6"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
45.133.44.25200 OK 2.9 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3\012- data
Hash 66098442dc8934e8c6f5351e39d40e71
6bdebd9a664636433febe19afd7a5b37bff07126
b264aead392358ee4523a21bdd6726c1ec24c6ff849dbdf07dfd15bc6dedff4e
GET /m/p/0/374/374538/conversions/6OTjphwd-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cndata.jpg4.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: image/jpeg
content-length: 2921
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:17:53 GMT
etag: "62e4e931-b69"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
45.133.44.25200 OK 9.0 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 300x200, components 3\012- data
Hash ac4fce2099a6cbd7264384fba760fc66
d95ed9daf1b4e01d98b089f6688319cc5e377aad
0e5e7942344997c25d52522d74def5e71eb22337f2fecf13ac63fe940bcdb176
GET /m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:50 GMT
content-type: image/jpeg
content-length: 9014
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:18:07 GMT
etag: "62e4e93f-2336"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash e99fcdc3ed7523948d56cbe1c943fcf3
4b8a3c27fa51771c288a392441d678321d7a3717
60e7c3efee2b4d2fb45d7ddeaee81b3dcd379b3cad9774f51402f09e1dcf9cfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 424bdf2ddd72e92608f8f239ce483922
0c5f46774cd5518ddd2dbaf62ae5efee3b5b4121
feb673f3a26b659cebc1469005654192ddb22367deb9ef93d2af66c79ac1c5b9
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 04:24:51 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S486671826%3A1669436691067913&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt1F6pTTfQCf3FSM6NIBXxsKS9363a8PgT3KDLqQuWZmuhdkQTTVkB8qUCICdA8zcZr6Ejw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-WSMVodHGbkw75rej-BAyrg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:YpOZoovBrSZydmP0wqnmlpsMkdSYow:M9Qs-J3dCeR5EzRC;Path=/;Expires=Mon, 25-Nov-2024 04:24:51 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:24:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.gazo.space/index.php?js=av4&advertisement&
104.21.235.169200 OK 0 B URL HTTP/2 js.gazo.space/index.php?js=av4&advertisement&
IP 104.21.235.169:0
GET /index.php?js=av4&advertisement& HTTP/1.1
Host: js.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://av.sagac.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:46 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsgazospacmh--IE-rm2400cb003771024ac465ab3/index.php?js=av4&advertisement&
55nloadrate: 0.3828125
cache-control: public, max-age=7200, s-max-age=1800
vary: Accept-Encoding
cf-cache-status: HIT
age: 86
last-modified: Sat, 26 Nov 2022 04:23:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUymYvNpnG5OZGorMw040xGGdvO87ojhFYAPWhXsOalt237ITtfIqQ8DyVuTlTg5wtDqwLJuMTMcKYb5KS8LfYKJi4L%2Fr%2BZ%2BKnMzUVbm0ssti%2Fw4o3D8AebLpD7cIUJs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76ffdb39cd05887f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jsjs.gazo.space/index.php?js=very
104.21.235.169200 OK 0 B URL HTTP/2 jsjs.gazo.space/index.php?js=very
IP 104.21.235.169:0
Analyzer Verdict Alert fortinet Phishing
GET /index.php?js=very HTTP/1.1
Host: jsjs.gazo.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://av.sagac.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:46 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Cake
imghost: 240026512804c008ad763d1c3-h-jsjsgazospacmh--NO-rm2400cb003731024ac46a2ac/index.php?js=very
55nloadrate: 0.4021875
cache-control: max-age=360000, private
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MrGxu%2FPKSTnrra0qEzcXR%2Be4B4Rn5eDLCnhhrOd8rC2OnXvUfiSoYreJ4gA6rtR1bIMp%2FZpq7dlwvM%2BZUeO9Lyp01ThAu%2Bvn1LCMX6djLQjVQBKES5VafVjsI669Wl9nTzA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76ffdb39beb17509-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S486671826%3A1669436691067913&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt1F6pTTfQCf3FSM6NIBXxsKS9363a8PgT3KDLqQuWZmuhdkQTTVkB8qUCICdA8zcZr6Ejw
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S486671826%3A1669436691067913&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt1F6pTTfQCf3FSM6NIBXxsKS9363a8PgT3KDLqQuWZmuhdkQTTVkB8qUCICdA8zcZr6Ejw
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S486671826%3A1669436691067913&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAt1F6pTTfQCf3FSM6NIBXxsKS9363a8PgT3KDLqQuWZmuhdkQTTVkB8qUCICdA8zcZr6Ejw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cndata.jpg4.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 26 Nov 2022 04:24:51 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-5Ha_atNCd2nkjuOD17jcLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e3d5e80fdb.8659c84895.com/a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=b
45.133.44.24200 OK 0 B URL HTTP/2 e3d5e80fdb.8659c84895.com/a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=b
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /a62aeb182151cbf0807b92d6894b4c0f/23782?version_name=b HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://av.sagac.info
Connection: keep-alive
Referer: http://av.sagac.info/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:47 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 26 Nov 2022 04:29:47 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
e3d5e80fdb.8659c84895.com/adfe84a1ecfdf5fa2977d9740d66dc94.js
45.133.44.24200 OK 0 B URL HTTP/2 e3d5e80fdb.8659c84895.com/adfe84a1ecfdf5fa2977d9740d66dc94.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /adfe84a1ecfdf5fa2977d9740d66dc94.js HTTP/1.1
Host: e3d5e80fdb.8659c84895.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cndata.jpg4.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:24:49 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 25 Nov 2022 13:22:47 GMT
etag: W/"6380c1a7-adbb"
content-encoding: gzip
expires: Sat, 26 Nov 2022 04:29:49 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2