exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
301 Moved Permanently 0 B URL HTTP/1.1 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 19:48:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 20:48:50 GMT
Location: https://exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2a2nqjdyEwIcVPaIzEd7hDAHnsw518k8WDpWG%2Fz4pTjRfuAnE4MfRQ4BU8ZSzn80WvCp4py%2B3YEpz505SjJfmm3QDUJsl%2B15A0gaLZ0mp5X0%2BdM%2Fvg%2FnkWhO4LbmsUO5ANMUbSY2XFIGLbUjS%2FRt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 748271974aadb4ee-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2636
Expires: Fri, 09 Sep 2022 20:32:46 GMT
Date: Fri, 09 Sep 2022 19:48:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 19:05:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3E8A1XiDH7cOptZDNNLkc4d39rK9Y_HamTm5o1wKGfVbEMyDtR5usQ==
Age: 2575
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e7YXNsplqXxsVOhj5FFv5cAObZAO4ElIbykRvUee9xuWBD_Q1P5H_Q==
age: 57736
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 19:45:29 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z4S84xC5kKRB98oJbHrpvmwiJdY9Z_YeynMxZM9QRQ0RQCOR82nuqg==
Age: 3163
ocsp.digicert.com/
200 OK 471 B IP
Hash d0c56e0b2955a5dd7f37ba4bbf5727b4
f435bd1f6fb8ec931f1817fe4b91e6b86a7cb14b
99f7da9dca677db8e9cec5491c0d6d8a86b9c5e907907c2fdd30973c747f4282
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5121
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:51 GMT
Last-Modified: Fri, 09 Sep 2022 18:23:30 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=512788,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7482719d2943b512-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
IP
Hash 7e1da03b7d5254f7b1d93874c8f85ce4
c1ff6bec84dd9b2bf2bbcd11bb8791444f04b2d7
ff9366f794284e39381efd6b8ae4b6273469134c741ca7c3d6a1e1248e1a98d4
GET /p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:51 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Guv2y6NRGtrGFfjp6xRc8w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3uZTpkv4IQk3Lh5S2zxVcpDxe0A=
r3.o.lencr.org/
200 OK 1.4 kB IP
ASN #20940 Akamai International B.V.
Hash 40c41024341ac160ec574698080aa13d
f4baf674083ab5b8ccda5b727619982e042b44e2
a7e6a1ec6a4397f0e90527b6667d0901bac260ea9c8d3390f2ac102a10259852
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01545C71E7EC8C9FE594A58CEECD0F00D4D2C9DB55BB5D66A14ED92C2F600639"
Last-Modified: Fri, 09 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20612
Expires: Sat, 10 Sep 2022 01:32:23 GMT
Date: Fri, 09 Sep 2022 19:48:51 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash b61b23fbde716eea7439c066b2575d75
3e5fe431c2d18acc0cf278b104ba699993ef3c9e
fe88e34f74fcdc71805335fb36ff404c0bba965c84822e6a84c676d1fefb9196
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 19:48:51 GMT
Last-Modified: Fri, 09 Sep 2022 18:44:28 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RSJT3Ws3t4HJs0W2_8jbgTHC1W5IpDkJi_zNSOdnN6_p_wzTdVFxUA==
Age: 3863
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c65536c32c2d60b20c77c678dc6a474f
0123870510570e2b05a2f5736d577dbfddc1a300
d8e8c5f56dcb77c3c936528d3b4621c50cac90097690c1111b40679328a1e706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8E8C5F56DCB77C3C936528D3B4621C50CAC90097690C1111B40679328A1E706"
Last-Modified: Fri, 09 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20642
Expires: Sat, 10 Sep 2022 01:32:53 GMT
Date: Fri, 09 Sep 2022 19:48:51 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash b61b23fbde716eea7439c066b2575d75
3e5fe431c2d18acc0cf278b104ba699993ef3c9e
fe88e34f74fcdc71805335fb36ff404c0bba965c84822e6a84c676d1fefb9196
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 19:48:51 GMT
Last-Modified: Fri, 09 Sep 2022 18:44:28 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -A46Ej5dnwS0V09yIxxaMek14Wzx1MvlbBNO2GfTvSWcpXx9j0Q8mg==
Age: 3863
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 59ac11ffd6c4d59ddc26d97071d1b942
dce4aacb90e673a3981bb451cfbe110494ae94f5
f2bdab9291980c483e0a22f652ec97150c863e23b4a0083640f76145f33d72f6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2BDAB9291980C483E0A22F652EC97150C863E23B4A0083640F76145F33D72F6"
Last-Modified: Fri, 09 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20643
Expires: Sat, 10 Sep 2022 01:32:54 GMT
Date: Fri, 09 Sep 2022 19:48:51 GMT
Connection: keep-alive
overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
200 OK 6.9 kB URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d58cca65bfe013d7dc1ac1da54fdadd0
cd9f08b6e240f90b51a9f9b2daa31d8d0dc669a1
030ca1c79d905492f1b37b3a120751b306fbe4c671ffa0481ca12b1731522775
GET /api/v3.0/clickapi/img?aid=1&clickId={clickid} HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Set-Cookie: currentClickid=%7B%221%22%3A%22%7Bclickid%7D%22%7D; Max-Age=31536000; Path=/; Expires=Sat, 09 Sep 2023 19:48:51 GMT; Secure; SameSite=None
analytics.tiktok.com/i18n/pixel/identify.js
200 OK 31 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash eb9d635525ea1ed00362235ffb02fd6a
2aaea5da2cbffe0c685db39409c1b739d49612a9
7c5feb24bb876dbad20dbe0045790ae95ebf8f89cb67ff946ccc910bbbc925ea
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20220909194851FDDCE4C50EE1CA76339A
x-tt-trace-host: 01c4e41847e877d4ddee541f8f890bc0ca12f4450bd2ecfcb565977b1a09b7365b2440585916ea05f2206c34a4a0914984be22a745db4f809c1e1f79b76fcccdc5db144636d2946875a883349d7f2c81d800f84279c45b799d5d47ac26a8f4b47d
content-encoding: gzip
content-length: 30801
x-origin-response-time: 43,23.222.0.206
x-akamai-request-id: 1ac3cb4.43533237
expires: Fri, 09 Sep 2022 19:48:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 09 Sep 2022 19:48:51 GMT
x-cache: TCP_MISS from a184-31-15-221.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-222-0-206.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=108, origin; dur=42, inner; dur=6
x-parent-response-time: 150,184.31.15.221
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a115c14e4524e983f84779890e99fb1f
f8ca03324ba5bdc989a42da3bce04fce57f2b875
294369dc746e1108361924ed119868a681c1504ccee2b8fbe28b4703d0ab7c92
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "294369DC746E1108361924ED119868A681C1504CCEE2B8FBE28B4703D0AB7C92"
Last-Modified: Fri, 09 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20543
Expires: Sat, 10 Sep 2022 01:31:14 GMT
Date: Fri, 09 Sep 2022 19:48:51 GMT
Connection: keep-alive
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
200 OK 1.3 kB URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash 414ba2e323d35eba896a75c86c4ac0c2
69603e28ac982d6fc787c20a7d125a410d6167e0
418b9a8ba2e6341bbd4610333544f106a714c1e9d02c5bd5a3bb7c45cf3877d8
OPTIONS /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 8 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash f30c3a40e9a3e65c868c754a5de95919
65101ff283414b70636ff494d866190a66ed9978
875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe
OPTIONS /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Allow: GET,HEAD
analytics.tiktok.com/api/v2/pixel
200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Cookie: _ttp=2EXrmoGgzB2c2dI7S77YpUYvpFy
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 202209091948518AE2AAC8A5207D557BAD
x-tt-trace-host: 01c4e41847e877d4ddee541f8f890bc0ca12f4450bd2ecfcb565977b1a09b7365b2440585916ea05f2206c34a4a0914984731557f32ce31be5b84f01a074f6a2a9250aa8f6ccfdcb64b58bffb986f0f55148722b2f3de07bcabe2fb46b138eff16
x-origin-response-time: 29,23.222.0.206
x-akamai-request-id: 1ac502a.43533389
expires: Fri, 09 Sep 2022 19:48:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 09 Sep 2022 19:48:51 GMT
x-cache: TCP_MISS from a184-31-15-221.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-cache-remote: TCP_MISS from a23-222-0-206.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=117, origin; dur=29, inner; dur=16
x-parent-response-time: 145,184.31.15.221
X-Firefox-Spdy: h2
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
301 Moved Permanently 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Server: gunicorn
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: text/html; charset=utf-8
Location: /device_by_model/?model=rv:96.0
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Content-Length: 0
Via: 1.1 vegur
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 126 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash c8f85db18fe8f89306f6c0819c67036d
7b5c44e4a9fd70e664aa4fe54fc0bd7bb3963a31
a71ab24977d03d440189548647bee7fdbdf0d6dee44478d1f6b44f17699a75ee
GET /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
200 OK 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Fri, 09 Sep 2022 19:48:51 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_push_%7Boffer.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_push_%7Boffer.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_push_%7Boffer.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:51 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=18df626b65bc4db0a64f2f27dd8aa4a3; expires=Sat, 09 Sep 2023 19:48:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bec137161b4d16d7843c3bd17b416706
a05c0dd6ac1b372a13f8e9cac7d39af02853803b
bc241eef809baac4a17804d51e608abd4ff8ad8f07c702aba3ee4fb614485be0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC241EEF809BAAC4A17804D51E608ABD4FF8AD8F07C702ABA3EE4FB614485BE0"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5582
Expires: Fri, 09 Sep 2022 21:21:54 GMT
Date: Fri, 09 Sep 2022 19:48:52 GMT
Connection: keep-alive
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
404 Not Found 90 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 2333fc4fb0305a69c4127a26296830f7
8019da38e6449bf32aacc41b941155d3cca9e578
7b9954a74aab72fdb8478c4209d31f54ae822cd90c2c392c2bfb9f5736fdb4f3
GET /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Connection: keep-alive
Server: gunicorn
Date: Fri, 09 Sep 2022 19:48:52 GMT
Content-Type: application/json
Allow: GET, HEAD, OPTIONS
X-Frame-Options: DENY
Content-Length: 90
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Via: 1.1 vegur
primaveratrack.com/testb.php
200 OK 285 B URL HTTP/1.1 primaveratrack.com/testb.php
IP
Hash eeb1ba42982d2d0e6b604b1c30d9eca5
83acb60b808445637c741086320873f966ae032f
2e9c8e30222b618d6bbe7ff49f1f7b4466291130346ca9b2e23df74831ac95a3
GET /testb.php HTTP/1.1
Host: primaveratrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Sep 2022 19:48:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
200 OK 0 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-length: 0
x-trace-id: f3a290c137eadf721dcf8b7a884fb97c
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash e694f5e12c9310b9716791f55558f0e5
72df7b263bc90b0c781374ab841e9be488fc6627
c9e9e3418f55e59bbbcd20b73eee2cd6b81b691322165b09ccc027886e3d1ae6
GET /gid.js?pub=0&userId=&zoneId=4826947&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Cookie: ID=18df626b65bc4db0a64f2f27dd8aa4a3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=18df626b65bc4db0a64f2f27dd8aa4a3; expires=Sat, 09 Sep 2023 19:48:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings
200 OK 693 B URL HTTP/2 redrotou.net/zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings
IP
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 22006f3369cf3f6eb55d338907995792
57c1413630d561bc5fb5fc7a8dab77789982dd82
5cf7cdd6d4335d1668e344fc11824b267d4cf700e940025f288c36ef8e53ca81
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?&pub=0&zone_id=4826947&is_mobile=false&domain=exceptionalphonesecurity.xyz&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 71454c9905ecca765f9ee384e7d43747
access-control-allow-origin: https://exceptionalphonesecurity.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
200 OK 40 kB URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
IP
Hash a4f0fa80d8b33c81ffd854baecf3961f
bb88b3b91086a35516a589509cc0150c495cb76a
7c53b4149dafc4087e7885d0d85ac1b60e1312cece1c9727a7a9f3e8db056033
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8984ab8a9bf1f023fa53603e9cca8c45
47b4e712a2a935fa4fc427d3c5ee75ce3dfe1d62
dc8ce237868bedb903581be3bef15b4eb1ea43fb260c820512ddd44ee61a8d1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC8CE237868BEDB903581BE3BEF15B4EB1EA43FB260C820512DDD44EE61A8D1F"
Last-Modified: Thu, 08 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12999
Expires: Fri, 09 Sep 2022 23:25:31 GMT
Date: Fri, 09 Sep 2022 19:48:52 GMT
Connection: keep-alive
dratingmaject.com/3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1
302 Found 0 B URL HTTP/2 dratingmaject.com/3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /3d3be039-23cb-4934-aaf6-c11425045708?zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cc-v4=9HmGe0ONF6tzSuZIEj%2FsXiutoRZJhfFQai9JmT3Zju4K7w822ja5X%2FrMoiDqYvbQM1Z%2FqIBmMMOUPloTMNVNVr7wKuUP72UNxkIE30ssw5xDI14OONfOKkDijQDomKA7mhKRVv5PEYnO45r%2BW%2B8okg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://babesroulette.com/landers/18c/?clickid=w43r9g0s7qtj93ui285nrida&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=UDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3&lptoken=161562c875904788325f&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1
pragma: no-cache
set-cookie: 3d3be039-23cb-4934-aaf6-c11425045708-v4=CRj2mEvi_H1XJFqpVp8NeCDvmeJkr7BkJPtW3DAzlBM; Max-Age=86400; Expires=Sat, 10-Sep-2022 19:48:52 GMT; Domain=dratingmaject.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=gnhLAogYXHJjsQf-KtPQeyvJoNR2ojXD7DdyvAlPYQItnbwk-shjdO8wHk5TTInj2MFSjW1lY-2ZlmcO1snYpN-7vj-YwVTwCfXsvzFH95LGV8lufSb0R_6bbOWq_HwOHl2TJCg_wWzLEhsfh2_004stSxrKbDQY3cL2zdp-vCRAUVNevWk59R5QTUobbkDAsey3xm-iNvMfUNgwU29G_lbkIrUAwYsJSFgo3IHCXTi4dMK4WVF-5JlT0oIcneILx0N55bcpdCqrfd96hi_kR-uPMcRsGIIBiJp4dNdmM0F_ndtJQScUtqZS40VbwRiINSZLCYn9XYQvYa6ziNW6vOZOijGMuFIP9cw23cyeZ1zlOdUqNfKXdhfwXL-jBfLKoUqpX2lnJARpEEevomnDa5ftUA92cAQgmIHXUYLPzExD868B4nZPqprZDmdT0U3hRJu_XHPTy1n2-ZKetXCMtQ7kzSbzb4ZKkEyteLsSjSIbj2kWz5HYo9O4rjj1DBGOsbJZwn98cEwgfne6JR3FA2Z7CxZ7Chxoe0C2dG_Ys-S2TsfsN_Rje0-UQC9GUQfezd9TOPPZNOl-34g3Ti5OJ38OXqxIE8dAqfl3cuCuijiK331U4pzVomoXb4ISDjo4dIi9pKY-pkQd3EEXtENeuMu2TMvT-4rSxr_PBuxUqpCwB2d9C1tfY3SMMG5Re3p8; Max-Age=86400; Expires=Sat, 10-Sep-2022 19:48:52 GMT; Domain=dratingmaject.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 19:48:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=512787,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748271a66d42b512-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10741
Expires: Fri, 09 Sep 2022 22:47:53 GMT
Date: Fri, 09 Sep 2022 19:48:52 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10741
Expires: Fri, 09 Sep 2022 22:47:53 GMT
Date: Fri, 09 Sep 2022 19:48:52 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10741
Expires: Fri, 09 Sep 2022 22:47:53 GMT
Date: Fri, 09 Sep 2022 19:48:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9590b525c8b07a297c8784f02b161a1
cec8428d159a5bde29e89c64cfb04146f759d52b
d309772ce79d36f7b1df0a3ea85a01f8278db2909c860721d105b772efed82ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4002
x-amzn-requestid: ea2f5309-e220-4b7e-b718-9339b9444cc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQ6hHM8IAMFeJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a61dc-7d45fd9253b7b7fa732b6f8d;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:42:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: VD7SlrM2RwFk5cfQvul2bTJA__GPYd5_UPY0D0_5NGLHoBj3yur7PA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:15:21 GMT
age: 77611
etag: "cec8428d159a5bde29e89c64cfb04146f759d52b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba8d1b764c2d18807caecb5ee1e046c0
c0e3d10ce67f77a92b54954410e30621af7ee87c
f558c4827c2edf896588b6e3f0b4f295269e95f86143b40729a7a2a5e1adbbb6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f31e9e-7d20-466c-a9b3-ce9e9c5475e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9011
x-amzn-requestid: cf861da4-5f3b-43b8-931a-5285839c6301
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQgHFbOoAMFYVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6133-4cf2e37f5e762a557b081446;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:40:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: wqcl8zkszPZhWjJ7mr_p82IRaNzU2vMV3wtipUYgRaL7Vj3ntmYYqQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 95785220a566cd050f3ad80928463374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:47:07 GMT
age: 79305
etag: "c0e3d10ce67f77a92b54954410e30621af7ee87c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0078c7a407144a1ede33aef6f734eecf
113393e0dbabb3aff949d19ab6517ba1082b622d
42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:20 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
content-type: image/jpeg
age: 54992
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7afe346e3b24ea4388913b449d1ffc42
f5348ba99fb8966dded580409108316f4e4e1237
1d1cafc3e99c20b23212679838567d4d5fc98c45cf902188e44b25ff2982c8ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 55971de2-bf63-4300-9007-1bc234962d0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRKXFGTIAMFp3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6242-23914ec672a0a898498bbed6;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:44:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: lxqcvxSdM4FBQBZTNnhCrpl02fsnInyii7Yaw7fs4STzEd2fZIuuXA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
etag: "f5348ba99fb8966dded580409108316f4e4e1237"
content-type: image/jpeg
age: 79396
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5fdeb374d4e3669ce5d9ff2cd22cd19
70ede5692526afd351d134a391383461dafdc64f
10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zdVUahmbPQ7sQMlg14M89JOwjN2PEM03GNLYEwxPjcaioRpyqb8isA==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:26:32 GMT
age: 76940
etag: "70ede5692526afd351d134a391383461dafdc64f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fa03262bb3728f24a4c7a8177ec788
09dcbdc6043f01dd56920cca3ce3920d0d07b795
e7448f186933f9848f1d55f0e8dba593918846d02fb9cc3a7cd86d69b96a7fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7515
x-amzn-requestid: eaf81b32-3b53-4e89-a9d0-943bc9f9982f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0j0QFhxoAMF-Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311b34e-114287d30092033a2b54ec01;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:39:58 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: _mlXN3nJ7ZPcUDWIqqiv2CB6dkSJ2Y-AZIXNs4xOj18ZX6DYMdhXAA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:46:19 GMT
age: 79353
etag: "09dcbdc6043f01dd56920cca3ce3920d0d07b795"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=ed23ef0f58e74173b1a9f93b1a7aee75
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=ed23ef0f58e74173b1a9f93b1a7aee75
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=ed23ef0f58e74173b1a9f93b1a7aee75 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ed23ef0f58e74173b1a9f93b1a7aee75; expires=Sat, 09 Sep 2023 19:48:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ouhastay.net/favicon.ico
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: OAID=ed23ef0f58e74173b1a9f93b1a7aee75; oaidts=1662752932
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash ebc205cf750164c31d1fce2318d1636b
9309949107d69193b1c5156d45fbcc91e20a0fe4
4ab7f53d17c5d642e17a3e78aa93dc133c4713e44ccccb849f04fdcca62be8b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
babesroulette.com/landers/18c/?clickid=w43r9g0s7qtj93ui285nrida&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=UDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3&lptoken=161562c875904788325f&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1
200 OK 18 kB URL HTTP/2 babesroulette.com/landers/18c/?clickid=w43r9g0s7qtj93ui285nrida&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=UDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3&lptoken=161562c875904788325f&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (757), with CRLF line terminators
Hash f790f419f8f3aab71da99ad6edc26be7
fc4af2761250be1be12fe7b558aecff715473c98
1a50c41ec9b335884dd036387a171334cc94dba5f52063c5863065cbb726a083
GET /landers/18c/?clickid=w43r9g0s7qtj93ui285nrida&source=3d3be039-23cb-4934-aaf6-c11425045708&cep=UDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3&lptoken=161562c875904788325f&zoneid=3647676&bannerid=14747845&browser=firefox&os=linux&device=desktop®ion=03&isp=blix+group+as&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&language=en&connectiontype=broadband&cost=0.007931&visitor_id=592191322115551675&rdk=rk1 HTTP/1.1
Host: babesroulette.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 19:48:53 GMT
content-type: text/html
last-modified: Thu, 25 Aug 2022 23:06:23 GMT
x-powered-by: PleskLin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tlOPRMURjqJXaBT%2BsjSyeZ7yjuBRQwjllkO07UKe9SRUIYeuq8d1dpf7labyu5TyGqyUbsMA%2BHy8K7bn8zodjwyyRdg1OERWXGtfzW99Ia4P7VpgzxX8aXcHErHezO0S0K1c%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748271a6c96db50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b04c7697d3b47bd0363610301bc839ba
d79f4fb5ef0979fe0773b847c4d52dca403f81a6
cad39ea058777355e8066291d967bcf47c57e7ede7f7f53db10d77f6876e59c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CAD39EA058777355E8066291D967BCF47C57E7EDE7F7F53DB10D77F6876E59C7"
Last-Modified: Thu, 08 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18855
Expires: Sat, 10 Sep 2022 01:03:08 GMT
Date: Fri, 09 Sep 2022 19:48:53 GMT
Connection: keep-alive
track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662752932304&hash=ir3WZdHkikGxWnZqTxqbnbDGrbOrk4tmgCW1SvFJfoY&rm=D
200 OK 16 kB URL HTTP/2 track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662752932304&hash=ir3WZdHkikGxWnZqTxqbnbDGrbOrk4tmgCW1SvFJfoY&rm=D
IP
Hash ed219c55081932b8fe426d93fd5a00d9
62c00de8294c0b1560c3cede133af73be25a7e55
78c7bb3ff2af41e94c14d5be6b03585c7742cbce8a978612a6c331841626ec42
GET /redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1662752932304&hash=ir3WZdHkikGxWnZqTxqbnbDGrbOrk4tmgCW1SvFJfoY&rm=D HTTP/1.1
Host: track.profitableredirect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=041q8gCabJpehUzeaNAmIeVK4lyZ8enxKvsWd0CGzhM; cc-v4=fJoYQPvYMCC09tD8t0sz%2FQ4VybncXbp6T3kwvpt%2BuLsKDeN0JXE1RiMgsB6UND4x17W51ekQjqaIjoWa9ZY7U7L5q%2B7tbL0CJbN2cgz69QPWRCx8BxhiWQ5Ku4XzOMAbL8Iva2K5XUdBk87r0IIIGQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dw43r9g0s7qtj93ui285nrida%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DUDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3%26lptoken%3D161562c875904788325f%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.007931%26visitor_id%3D592191322115551675%26rdk%3Drk1&lpt=Title%20here&t=1662752924328
200 OK 3.6 kB URL HTTP/2 dratingmaject.com/d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dw43r9g0s7qtj93ui285nrida%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DUDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3%26lptoken%3D161562c875904788325f%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.007931%26visitor_id%3D592191322115551675%26rdk%3Drk1&lpt=Title%20here&t=1662752924328
IP
File type ASCII text, with very long lines (1559)
Hash 0431a41775f4ec4a22d801a614dbb497
a72458d181fc6dd59797d31e6781098652bbc5d1
cf69e63f4809f41616e24557a98f99d7c2287825c96537c4ed8cb82fc6c1506b
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fbabesroulette.com%2Flanders%2F18c%2F%3Fclickid%3Dw43r9g0s7qtj93ui285nrida%26source%3D3d3be039-23cb-4934-aaf6-c11425045708%26cep%3DUDuKm1lTKwfCjWyiw_OANC8BAgrQE6HsGeyftWGNLZ1ZRognOFMazOvg_CfDprChHF87igwbXzHjbIn5I7mWdBK1-2FuBQ01fAG4iXohz4apY2XluGXmnxiQ16kRs9OBDe9X_t9UyopSaahN2_xIybQZOAptGK-JC77CBAIYSzy9gjtHR5oBsFzwI2fBOr-NqJmyvhgQIE7xL09wTf4CygW_OEUAh1rBYKfdbaGfZjPjxxnLFRs8VdpOX3Rs9Vlmg0RQlF5j4TNFvIaAE7nhEVBJnyEezfZGO4OX67O17NOWJuWZlNUvxjeRaxX94rt6vvZV8wY77wkzcq9zAC0Cf87olVoIcM9YMJqn2BugByHeCJpEHw-zwl6WtGb_ggjIKBtePrhbNhVdWD8jMq8ypr7FRZi0E2XrQa7C3bege02EyCyzsIXOeOVLeYmm4fVceEcDjO0JNWyQ_PSJdw9y3nvVvyp88uic85kNzAneawMNPhU4DXV4CoHNCHY29wWaUXSGN2SoIW9D0tv2rDvBdsP7_n-gFB8SMraVAdxIjtxsEteRIrTp1kYFSn66u2aDF_HW-wJ_hwo2p6IZ5fiI70cByvsQ3NFQvOOaI4aQHcErOMd9e3xjjY5eaaq-UiF_iOH3-Ej5TUeZjQa2kUHP8KpVNIX4HYxqCHwEJvYSqRzZTYJaR1kfNXpfD21hfWQ3%26lptoken%3D161562c875904788325f%26zoneid%3D3647676%26bannerid%3D14747845%26browser%3Dfirefox%26os%3Dlinux%26device%3Ddesktop%26region%3D03%26isp%3Dblix%2Bgroup%2Bas%26useragent%3DMozilla%252F5.0%2B%2528X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%2529%2BGecko%252F20100101%2BFirefox%252F96.0%26language%3Den%26connectiontype%3Dbroadband%26cost%3D0.007931%26visitor_id%3D592191322115551675%26rdk%3Drk1&lpt=Title%20here&t=1662752924328 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:53 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3587
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:48:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js
200 OK 40 kB URL HTTP/2 deefauph.com/pfe/current/micro.tag.min.js?z=4740019&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js
IP
Hash 1c63fdf72824db19e6df6f6be34cc77b
b800279fae0b30cdf48338f901ec3612bd5bb258
aecbf1e59e9046c145e06cb54e84d7b2f84e571671c6090197a73c2c192fb6fc
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=4740019&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708&sw=/sw-check-permissions-2e801.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://babesroulette.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:53 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 12:32:41 GMT
etag: W/"6315ec69-1a29e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=w43r9g0s7qtj93ui285nrida&var_3=&dsig=&action=settings
200 OK 693 B URL HTTP/2 deefauph.com/zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=w43r9g0s7qtj93ui285nrida&var_3=&dsig=&action=settings
IP
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 557683d491fb7c28d0ae3408cd19988f
ce818311d63933916109997fbfb82d007b15d1dc
2cee7494ea8240d1ede88281de219194704c6e27b1119f7cc3872376822e4d1c
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?&pub=0&zone_id=4740019&is_mobile=false&domain=babesroulette.com&var=3d3be039-23cb-4934-aaf6-c11425045708&ymid=w43r9g0s7qtj93ui285nrida&var_3=&dsig=&action=settings HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:53 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 4e7060f77f2f440f5732c410294e465e
access-control-allow-origin: https://babesroulette.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 19:48:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=512786,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748271ab5c67b512-OSL
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708
IP
File type JSON data\012- , ASCII text
Hash 3ab4f2bc6599b7897f11578ee4401ceb
efa0699da747576534d46d4e94f9393805bd0723
090fcfe631d0ef87ce3753265e80df2e9c45ee10cac8b65a09ba507f13b7318b
GET /gid.js?pub=0&userId=&zoneId=4740019&checkDuplicate=true&ymid=w43r9g0s7qtj93ui285nrida&var=3d3be039-23cb-4934-aaf6-c11425045708 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://babesroulette.com/
Origin: https://babesroulette.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://babesroulette.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=732e78c9e4164a17b0ef9d630ada2337; expires=Sat, 09 Sep 2023 19:48:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ee79a10-bae9-4fae-b19f-8beb6d75a42c.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ee79a10-bae9-4fae-b19f-8beb6d75a42c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 706c7ceb40056f848425ca7d994cedc8
b9b1bf8291b6a66f260f82947966fa01ca78c61f
739205893d17a123d2fac165f468314de14a99dc56c9e5b0ac79434f7c38b558
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ee79a10-bae9-4fae-b19f-8beb6d75a42c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7139
x-amzn-requestid: 5125cc11-410a-4a86-a0cf-68950433b602
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFBoyHycIAMFxcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318496b-5579dee14390c1b63e97e0fc;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:34:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QAFJoWNKPurEH344wsc43OZdBSFCrN7zlnQfTsrMrF6qKM4Wj0QV7w==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:03:18 GMT
age: 78341
etag: "b9b1bf8291b6a66f260f82947966fa01ca78c61f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ouhastay.net/afu.php?zoneid=3647676
200 OK 0 B URL HTTP/2 ouhastay.net/afu.php?zoneid=3647676
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=3647676 HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:48:52 GMT
content-type: text/html; charset=utf8
x-trace-id: ae97f946d60fb25dbc02e31ebdddaf21
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://dratingmaject.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=ed23ef0f58e74173b1a9f93b1a7aee75; expires=Sat, 09 Sep 2023 19:48:52 GMT; path=/; secure; SameSite=None
oaidts=1662752932; expires=Sat, 09 Sep 2023 19:48:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
200 OK 0 B URL HTTP/2 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Sep 2022 19:48:51 GMT
content-type: text/html
last-modified: Mon, 13 Jun 2022 09:09:10 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8IXu5dfPQ%2BeX%2Fe4y%2BVtPeBtLCwVfhoKo7175yCjFsEp6MsDCZ5ApJXPJc3thXNXSPhp3OwBiSM9j8BJ6pBHTDhrjEyDH6omSX5zfAISKB34peyckdtX6T2T05DHN1E7hMjISIDmp597CAG7Zx%2Fk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748271985be3b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022090919485137A35134467E5672C08C
x-tt-trace-host: 01c4e41847e877d4ddee541f8f890bc0ca12f4450bd2ecfcb565977b1a09b7365bde796b1dbbadc4d56bfe28c1cb5230cfb7683bced6f23c6b2aaf722cf671e21cccab583f0d90815bbaa103ed5bcc863bfb2033c44a761f88aba6adb5eeed251b
content-encoding: gzip
x-origin-response-time: 10,23.222.0.201
x-akamai-request-id: 46d70c07.4353309c
expires: Fri, 09 Sep 2022 19:48:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 09 Sep 2022 19:48:51 GMT
x-cache: TCP_MISS from a184-31-15-221.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-222-0-201.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=109, origin; dur=9, inner; dur=2
x-parent-response-time: 114,184.31.15.221
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20220909194851E69D118632A2F26EF219
x-tt-trace-host: 01c4e41847e877d4ddee541f8f890bc0cae90087596b962812b65397c544e71eeabb5fca8b5cd30c1e3c8f177963932de9c4b8fa7799502e7b9d91064e8d8266a6d665773d726f55d3b72cd0eff93b2ded0aefe13b5d922cd4a576864161d863e1
content-encoding: gzip
x-origin-response-time: 6,66.198.8.113
x-akamai-request-id: 40f2c561.4353324d
expires: Fri, 09 Sep 2022 19:48:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 09 Sep 2022 19:48:51 GMT
x-cache: TCP_MISS from a184-31-15-221.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
set-cookie: _ttp=2EXrmoGgzB2c2dI7S77YpUYvpFy; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a66-198-8-113.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=6, inner; dur=3
x-parent-response-time: 102,184.31.15.221
X-Firefox-Spdy: h2
172.67.155.44
104.18.32.68
184.31.15.225
139.45.195.8
167.114.103.223
18.195.149.11
23.36.77.32