rixon.ml/
109.94.209.69200 OK 3.9 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (354), with CRLF line terminators
Hash 2ab0fbc3c192041d9303776ae91f2545
91fe21b27ed43ad4473291bb2a07330d4d474ec0
f77d208f1804245f4bbd1ca96c84d5b0501935ca1ceb1c1632db95914dd296f6
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET / HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5826
Expires: Wed, 01 Feb 2023 18:16:51 GMT
Date: Wed, 01 Feb 2023 16:39:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7572
Expires: Wed, 01 Feb 2023 18:45:57 GMT
Date: Wed, 01 Feb 2023 16:39:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 15:43:25 GMT
content-type: application/json
age: 3380
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3580
Expires: Wed, 01 Feb 2023 17:39:25 GMT
Date: Wed, 01 Feb 2023 16:39:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TNqTPGX4hVhSrzfpm44TLUTGvaxz6+OS1oWyvq9frcOuzYASh8QfNAs6YWNob9FiJgi8Fm/b57A=
x-amz-request-id: GD3D84V67DXQH3JF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 15:51:37 GMT
age: 2888
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
rixon.ml/css/bootstrap.min.css
109.94.209.69200 OK 21 kB URL HTTP/1.1 rixon.ml/css/bootstrap.min.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (65324)
Hash a2f61d2f83fb978e1cceb01e454f62bb
5d8aa4db67679f791d672456de45aeb1aeec204f
ce5b0694781b233c264c7ede49df5e3b395b1b3a7417a7c97f3819bfbaaed707
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/bootstrap.min.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-22485"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/style.css
109.94.209.69200 OK 2.8 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with CRLF line terminators
Hash dbda56bd86154cbda972f0e845cf7c48
839af899ee764f1073285228c3497b415d9f8027
73c6480943ace4faa2e31a65566b7307e31d9e8b1b71e8bd29f076e75127d493
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/style.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-3107"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/responsive.css
109.94.209.69200 OK 2.2 kB URL HTTP/1.1 rixon.ml/css/responsive.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with CRLF line terminators
Hash 0da92fdab089da81533acc1fba43a396
aa374c0f879ba2931e47b92ae0e7dfa7ae2b25bf
db64047ef523b99205dd3e6ad9efcc301c49a8123b7fa2c9f11f6e6100702492
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/responsive.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-2817"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/jquery.mCustomScrollbar.min.css
109.94.209.69200 OK 4.2 kB URL HTTP/1.1 rixon.ml/css/jquery.mCustomScrollbar.min.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (42839), with no line terminators
Hash 20dbccde25789386c8ec41a215eb867f
5e15a7f1d4c0eb8cff1a0d2e08276c74f20b00ab
d47946901b962b2832d3112981fa4438600248ce3eba85eb42477e743b225e1e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-a757"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/js/popper.min.js
109.94.209.69200 OK 6.9 kB URL HTTP/1.1 rixon.ml/js/popper.min.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (19013)
Hash 2d96c240e82098b8b79e06320a28af44
8601377564ef9a4fe3fd01fd0812f106419292fc
664f9b7fb41d49930caae2cfc95f6344bbcb36835ead91e62e62b4a4a6a2625d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/popper.min.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-4af6"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/js/bootstrap.bundle.min.js
109.94.209.69200 OK 21 kB URL HTTP/1.1 rixon.ml/js/bootstrap.bundle.min.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (65297)
Hash b36a905ee4bb38992d545832ba5084c9
f9baeb6a61eab4bf1ffc26b9913a4bf708c56fa5
d92e2bc945c91c203e678aa7653569c7468ef88af26583d6882e6b235a7d39b0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/bootstrap.bundle.min.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-11498"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:45 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
rixon.ml/js/jquery-3.0.0.min.js
109.94.209.69200 OK 3.5 kB URL HTTP/1.1 rixon.ml/js/jquery-3.0.0.min.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
Hash 6855d3a709efa1186e02e67db5a3e959
538b2bd83af87afc98e9d75509072e07d59523f5
70f5e36cd14dc4dc4ed78487474a59888ddc3095e7faaac586b9f11dce947335
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/jquery-3.0.0.min.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-2c3c"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/js/jquery.min.js
109.94.209.69200 OK 31 kB URL HTTP/1.1 rixon.ml/js/jquery.min.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (65290)
Hash b0c18bb7423e9c71ddab704956108dcb
e44807773b7703bf6a320c1842ff39e9e9e09b94
671484c8cb51354e7a147370cbdd12b59b3727cf8ae65e6c0bb81c56ec05768b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/jquery.min.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-15430"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/js/jquery.mCustomScrollbar.concat.min.js
109.94.209.69200 OK 13 kB URL HTTP/1.1 rixon.ml/js/jquery.mCustomScrollbar.concat.min.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (32001)
Hash 4da37a1b2ad758278fc7026f80b08bbe
addfd2f47f339c3bc9382b1dbb5035258f55d09f
18fc1335094365472e6d2636ec2c76197ccf421158acb77f80bd66cd14486b46
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-b1a7"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/js/custom.js
109.94.209.69200 OK 2.2 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with CRLF line terminators
Hash cbcba3b0c4ef423e6974e5a61e210ba9
3b76c3bc72420b8d70e6751d37d5dcb059577a7b
a6fa87011b8fedd33c4cc9e7a002a6d6709d3790f3bed61fa6aa915ede5aa048
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/custom.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-2320"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
ads.people-group.net/271962/52/4/1/
95.217.114.240200 OK 6.6 kB URL HTTP/1.1 ads.people-group.net/271962/52/4/1/
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (21422), with no line terminators
Hash f9a832e76da74e2a590da9ebc8385e5d
034702b29b2bd4209ff7cefed07ea69fecb84d13
866abdd1c6a39f74498c67ee5ded571207a7d203b902959bd49a36a9b9319f67
GET /271962/52/4/1/ HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/x-javascript;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:45 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
ads.people-group.net/271962/52/3/1/
95.217.114.240200 OK 6.6 kB URL HTTP/1.1 ads.people-group.net/271962/52/3/1/
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (21422), with no line terminators
Hash 76d2bb940bb11caf9bc7d3ce53228133
e8410254443d781f3384ec5aa32bee4d20449945
8dc29e6cc876cb7e7a26aba93689615c06fcec5b5b3fb59587e25fb0bea700c8
GET /271962/52/3/1/ HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/x-javascript;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:45 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
ads.people-group.net/271962/52/2/1/
95.217.114.240200 OK 6.6 kB URL HTTP/1.1 ads.people-group.net/271962/52/2/1/
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (21422), with no line terminators
Hash ba46897cf870b72aefdc31b6df8df730
5e14f0d121096cb3461f1cea6bf09f7ebabc2e1f
7b30eb17c682cf5c927b87703d2fd6de7db8c20172a52312be259040974c249e
GET /271962/52/2/1/ HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/x-javascript;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:45 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
rixon.ml/js/owl.carousel.js
109.94.209.69404 Not Found 113 B URL HTTP/1.1 rixon.ml/js/owl.carousel.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 6cf716f76488f5d0ca109fc4079a37a3
d68f9a32525ba04eee96c544aee9a1f52ca39310
29d729fcfaeac14bfc2223645971630390323b6c2768509fd1ac53def0d0bf4d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/owl.carousel.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
admediatex.net/serve/ads.js
104.26.9.229200 OK 488 B URL HTTP/1.1 admediatex.net/serve/ads.js
IP 104.26.9.229:0
File type ASCII text, with very long lines (587)
Hash 201da561b05e12404962470228f910bb
2db13a38424d454abcdfdebe3d63fcfea05f755c
c68d20190336e0b424f473891884930cb076fc40e6a1cd265febf219d9ef2641
GET /serve/ads.js HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=315360000
Cf-Bgj: minify
ETag: W/"63693aa8-449"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 07 Nov 2022 17:04:40 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 1062805
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05lnA0MSg%2BVGG7RyxKoEaUauAVrrlv1wgT5lqwj90l6zwL%2BJt3JITsTswVCaPx28pJa%2FD4QssZEuYEtG6L%2F6uOgTcY7ppDWTzpIeF6HMVrdw%2BIYlwl1kAzwZk9rZfE3h"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c2000bb91b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rixon.ml/js/plugin.js
109.94.209.69200 OK 174 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type HTML document, ASCII text, with very long lines (32000), with CRLF line terminators
Size 174 kB (173893 bytes)
Hash 048fe6d2e88c406f653db4538f06357c
92918558908a7d5b27e5b0905a5140d09a8c7bdf
d1f149a2a6e0ac449a06ddbfb122557ae33e8eb0670d88815ccbff0b00e34558
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/plugin.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:45 GMT
Content-Type: application/javascript
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-9b5d0"
Expires: Thu, 02 Feb 2023 16:39:45 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js
104.17.25.14200 OK 7.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (22994), with no line terminators
Hash d29c786e170d3b3b9fc127a05d1b9767
1df51302f9211d83103644342e6da6e06300b0ff
f8cf3ffec23612a3b5e870201fce0fa988d2cee5370a9dbc701daf2ea2ac36fa
GET /ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 7584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-59d2"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1163032
expires: Mon, 22 Jan 2024 16:39:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L402ZLxvzqATeD0ujsRWuLuMR0XvUeJZSPr9oEMa57aiYgiooOQ7hn1Y1Y2%2FDuOjUDBKiEkR2u44pzl4iIAq6e7Fqji8%2B9XM%2B6HCY1HiI1jiaJYXsjwb3YXr13atwJBTvPBrnehp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 792c2001195bb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css
104.17.25.14200 OK 955 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (3885), with no line terminators
Hash 254cb13c6249ee8b9472c24687430bce
b8a63a6e9a1c8a4b459b3406c488063656895e9e
35b2fbdb02a628e43ff25273c788262646b73374101214e88fc8ce83026295c8
GET /ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:46 GMT
content-type: text/css; charset=utf-8
content-length: 955
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-f2d"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1006066
expires: Mon, 22 Jan 2024 16:39:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xepqYl1%2FCYCsTWRYRjpOgDPzJqXePUJHlYOx8P3fVR7U%2BregXzFFBXyiq9zsiHCo2Ql5qOmukTFDzqnkFYPSoEOeZMCclTUY8XrfsKGUbdyxURYe3Q00Lcda39EC9OOV%2BzywkcSY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 792c2001195eb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7c9cfd95365e4c498af2087df6694290
02d175c10c7f423deedcc2e4f59f6267f0701398
7f03c9ef03abc468b3c246e34fdd1465d131a8ba963aa735b0894af5ab371d5a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2329
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Last-Modified: Wed, 01 Feb 2023 16:00:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rixon.ml/css/normalize.css
109.94.209.69200 OK 2.1 kB URL HTTP/1.1 rixon.ml/css/normalize.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
Hash 4e2a6a617e8dd39399ed5c49ebcac6d4
fc8ff2445bd6c1cdf81fa433179b094e29ba5fc3
d18cc1379d5392474d9cf9a774e68d03c34fb4a9180cf711cf9f22a9ba31c149
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/normalize.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-1cd5"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/jquery-ui.css
109.94.209.69200 OK 8.4 kB URL HTTP/1.1 rixon.ml/css/jquery-ui.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (2363)
Hash bf0b19721d44af308303d6f681ca2da2
11da7ffcfe1d23de3f059899e9bb8f464db5c9f5
3218c8ac616981574781e4247e75a262286b57a9ed1f01c8532cada29ab62d41
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/jquery-ui.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-8c85"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/slick.css
109.94.209.69200 OK 551 B IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
Hash d0ad889debd0f1fffdc4c84befe9283a
b24e9ea085dc455d2c1cd2a4ce4b15a0317b4aa9
863b5186d120626dd3e3abd859e215d9b34c8c174b4f0c51d2c3a0f4bf05d635
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/slick.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-75c"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
rixon.ml/css/owl.carousel.min.css
109.94.209.69200 OK 1.0 kB URL HTTP/1.1 rixon.ml/css/owl.carousel.min.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type ASCII text, with very long lines (3081)
Hash 4a478462795a696060ef0b5d0ef7d580
ddad62441021997ff2b4808eeaebe9e7477686d0
d6c3bf052689beb398a14182ed8ea23f90c35d667caebcad64ce9d106c419fe7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/owl.carousel.min.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-cb0"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f4faf0ceee48521c8732243cea5398a5
3113334a6ae9d8af4f2a7d629bff266303641ae4
cba6aeeec105520793f131bb55fb0bab9b2dea86d7be8d5ccdd6f54fbaad1a19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4260
Cache-Control: max-age=160679
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Etag: "63da55d5-117"
Expires: Fri, 03 Feb 2023 13:17:45 GMT
Last-Modified: Wed, 01 Feb 2023 12:06:45 GMT
Server: ECS (amb/6B75)
X-Cache: HIT
Content-Length: 279
rixon.ml/css/nice-select.css
109.94.209.69200 OK 991 B URL HTTP/1.1 rixon.ml/css/nice-select.css
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
Hash 9b3d5657593fc042d70275a55e93b695
0d346aba874b9449af8aa3a15a1fa2a170c6a19f
aa413dc2eb5c3c7de7d4c84c4e1d01eb5bc369c5df27f18391faeb4810a69ebb
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /css/nice-select.css HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: text/css
Last-Modified: Thu, 30 Jul 2020 11:24:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5f22adfa-e45"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-2J7D3QW2PX
142.250.74.40200 OK 80 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-2J7D3QW2PX
IP 142.250.74.40:0
File type ASCII text, with very long lines (25680)
Hash 1eeee5a3f630e410a4ddc90cdaec0900
42305f4a2d67c2616d21578431de54d2d0aaffda
c9d4e4d7593fe2dc8bdb5dbe4adbd100c376f2a7ed23ff3275f7527745a02673
GET /gtag/js?id=G-2J7D3QW2PX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 16:39:46 GMT
expires: Wed, 01 Feb 2023 16:39:46 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79872
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7c9cfd95365e4c498af2087df6694290
02d175c10c7f423deedcc2e4f59f6267f0701398
7f03c9ef03abc468b3c246e34fdd1465d131a8ba963aa735b0894af5ab371d5a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2329
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Last-Modified: Wed, 01 Feb 2023 16:00:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
rixon.ml/images/icon-1.png
109.94.209.69200 OK 8.7 kB URL HTTP/1.1 rixon.ml/images/icon-1.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 111 x 111, 8-bit/color RGBA, non-interlaced\012- data
Hash 4ea0f86f6c332b32c6effa8d52f40dfb
d7410e283049dea7238f38d75b42ef77dcb00223
fe7d22781b0a44d8257477d38243d456a97b50a80d9093780ee920642ead9ab4
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/icon-1.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 8677
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-21e5"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/headfone-icon.png
109.94.209.69200 OK 5.4 kB URL HTTP/1.1 rixon.ml/images/headfone-icon.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 104 x 105, 8-bit/color RGBA, non-interlaced\012- data
Hash 6411dac1455a61c668cb39ad7949bccb
488e12a4afe42df23bb3f1ad1aba7b88d52a45c1
83d1ccd22416f299f99f70ebd2836cf55a82285466a0c8ad9ba4ac23f538bb0d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/headfone-icon.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 5429
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1535"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/logo.png
109.94.209.69200 OK 1.6 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 130 x 46, 8-bit colormap, non-interlaced\012- data
Hash 92e6f5151e78e4213183006d137c2353
16ca6adcbe1f4dd11a0b427716b722abd2da58a0
f04b3aa7aed1c9da48c82f3f9d4550776dcbc11843327b626307a2c04f5a9d8c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/logo.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 1577
Last-Modified: Sun, 26 Jun 2022 16:21:26 GMT
Connection: keep-alive
ETag: "62b88786-629"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/power-full-icon.png
109.94.209.69200 OK 4.9 kB URL HTTP/1.1 rixon.ml/images/power-full-icon.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 104 x 105, 8-bit/color RGBA, non-interlaced\012- data
Hash f16b718e0e448b498e583b0f0bba1b27
c8db4eacb61ef067c6414b7f9fa115f42d356e32
65f456c782708ef6576b23f6333c555e6582ee7a72c0ca360d5fb471d0faeba7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/power-full-icon.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 4916
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1334"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/img-2.png
109.94.209.69200 OK 122 kB URL HTTP/1.1 rixon.ml/images/img-2.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 571 x 565, 8-bit colormap, non-interlaced\012- data
Size 122 kB (121707 bytes)
Hash 12cf918ea25738c0ff2e4dbabb4d61f5
2c87c38320deafb69495890e4ed36554f2c828be
15581766782d9115e723c246b87fd7eeea166e7d1766df836fbc17cf6579b9d0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/img-2.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 121707
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1db6b"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/icon-2.png
109.94.209.69200 OK 5.8 kB URL HTTP/1.1 rixon.ml/images/icon-2.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 111 x 111, 8-bit/color RGBA, non-interlaced\012- data
Hash c2e6a12ec4b0a42e0fd712f00d10f66f
c6c90f984f0cbf8905daad149316c4a0780accf9
c308faa9440a1926c7da412341d5f6912feca213c44ed260c3a5b68cba4f8cb5
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/icon-2.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 5815
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-16b7"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/img-1.png
109.94.209.69200 OK 249 kB URL HTTP/1.1 rixon.ml/images/img-1.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1], baseline, precision 8, 800x533, components 3\012- data
Size 249 kB (248680 bytes)
Hash 17f06a8b9760d851362ff2f2915ecf9b
d81ae4e2e3188276843706faf58da40dd4a33b34
e0f73de60e5208a3d0921cde943ef73a72495af36c52dfcb5d108b608774d602
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/img-1.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 248680
Last-Modified: Wed, 05 Jan 2022 11:21:50 GMT
Connection: keep-alive
ETag: "61d57f4e-3cb68"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/right-aerow.png
109.94.209.69200 OK 2.7 kB URL HTTP/1.1 rixon.ml/images/right-aerow.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 370 x 125, 8-bit/color RGBA, non-interlaced\012- data
Hash 76b5de33e7779a4cde73101e6fa9a7c6
4a9a113a52f1b3640f1227755d66d70d06bfff2b
f68ffe1f2c1ccf79e9625e6e1e782b551524d09652c6ba42aee52d7fb1e90eff
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/right-aerow.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 2701
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-a8d"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/optimised-icon.png
109.94.209.69200 OK 5.4 kB URL HTTP/1.1 rixon.ml/images/optimised-icon.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 104 x 105, 8-bit/color RGBA, non-interlaced\012- data
Hash ee81c475b1269d8d2808ac76166435f5
bc113e05795b428cc70c4905349f4b2e039a4767
2c2ad442d01fa8c9a1ece166990403d5c9f1ace701ad5d9809c94c1a3da930dd
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/optimised-icon.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 5376
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1500"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/icon-3.png
109.94.209.69200 OK 8.0 kB URL HTTP/1.1 rixon.ml/images/icon-3.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 111 x 111, 8-bit/color RGBA, non-interlaced\012- data
Hash 69f1e54e5b65d1acfd4f1a23e449ffe8
bd1a8d5d752898f429fc9149058146f389ed7ec7
c28bbbf3bc0167d11066f178fbe859ced858a48d6ed4fb4ca18a7ae03dc8a914
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/icon-3.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 7992
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1f38"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/woofer.png
109.94.209.69200 OK 35 kB URL HTTP/1.1 rixon.ml/images/woofer.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 636 x 633, 8-bit colormap, non-interlaced\012- data
Hash 1cf16665c3161a0c351569fe7f30e339
451c5d7bbdc0f259e00afbc1cb533c4cd02b50f1
9c7d05ed9f731cefd3935471d070db5cccf9389fd75274d732c7ae83a052b95d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/woofer.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 34609
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-8731"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rixon.ml/images/banner.png
109.94.209.69200 OK 148 kB URL HTTP/1.1 rixon.ml/images/banner.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 1920 x 994, 8-bit colormap, non-interlaced\012- data
Size 148 kB (148190 bytes)
Hash 3c6fa1357b4a5487223cfb967fdee3d4
481a134b93f55ced84b4d0c73f5e7b9a1804c6ba
7b2ca38ec901afa624ab02b6b948c9bdeb19aaab4bfd2acfc492fc94a96cbbff
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/banner.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: image/png
Content-Length: 148190
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-242de"
Expires: Thu, 02 Feb 2023 16:39:46 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f4faf0ceee48521c8732243cea5398a5
3113334a6ae9d8af4f2a7d629bff266303641ae4
cba6aeeec105520793f131bb55fb0bab9b2dea86d7be8d5ccdd6f54fbaad1a19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4260
Cache-Control: max-age=160679
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Etag: "63da55d5-117"
Expires: Fri, 03 Feb 2023 13:17:45 GMT
Last-Modified: Wed, 01 Feb 2023 12:06:45 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rixon.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 03:37:24 GMT
expires: Thu, 01 Feb 2024 03:37:24 GMT
cache-control: public, max-age=31536000
age: 46942
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 15:41:42 GMT
age: 3484
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
adz2you.net/serve/jquery.js
188.114.97.1200 OK 30 kB URL HTTP/1.1 adz2you.net/serve/jquery.js
IP 188.114.97.1:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6a8bf7b263e12606f27e40c6740f0786
ae47eee90239938b3353061e463c41c6e24d7fd0
7ae62d76a48089951bd9f15de0dc716de9b58fd9df1854acd6ca97206948be9e
GET /serve/jquery.js HTTP/1.1
Host: adz2you.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=85589
ETag: W/"56929ae8-14e55"
Last-Modified: Sun, 10 Jan 2016 17:54:48 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=STQ4sjCQU4bkNfqW23mipRvtMcgJcJJ63aqc6TCpRv4VNTc%2FNSsb%2FkTQzw%2FQS8TwiasHA4GnojQQtLr2UxA%2Bf1Os9SDGt%2FNcPnajRFa0eOxPV3DLYm5U9VNgM3TSEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c20036c45fac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2766
Expires: Wed, 01 Feb 2023 17:25:52 GMT
Date: Wed, 01 Feb 2023 16:39:46 GMT
Connection: keep-alive
push.services.mozilla.com/
52.35.143.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.143.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uWoAwc9RXUjqOHKt8uvGRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kceDq7ix+EwkhHoitWBhP4bX7Po=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d06772c89c7a012705e6cfaf687294c5
504bbd2dbccb982eb093c06e9b79c77ec8a52f60
ed937edbbf4f946e4e9f466e36aa1306bfe6a9e69fa095081ee02161d19d897a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED937EDBBF4F946E4E9F466E36AA1306BFE6A9E69FA095081EE02161D19D897A"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1229
Expires: Wed, 01 Feb 2023 17:00:16 GMT
Date: Wed, 01 Feb 2023 16:39:47 GMT
Connection: keep-alive
unitraffic.net/banner.php?user=1578&_=1675269609119
85.208.187.144200 OK 1.5 kB URL HTTP/1.1 unitraffic.net/banner.php?user=1578&_=1675269609119
IP 85.208.187.144:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (3926), with no line terminators
Hash 190344ee942e7d953fcb62d7c820957c
cd4ad6a1083cf52b9fc6c23b1fed4cea334b3493
f23957be02e8a95579a1d6b291850c15971c6de277477bae9b1115a57bffe88d
GET /banner.php?user=1578&_=1675269609119 HTTP/1.1
Host: unitraffic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=vjikuv3trp1n8c3iuq4kojf7d1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83ebbefa3c70b7eeaa44e13ef73a42ae
729881f591c435369223be02ec0069d957f6ceb0
8c7645a83cc56a80aaf01165c126adfe3c6a8a23df2a2c5339d2e8a13a72f9e1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C7645A83CC56A80AAF01165C126ADFE3C6A8A23DF2A2C5339D2E8A13A72F9E1"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12153
Expires: Wed, 01 Feb 2023 20:02:20 GMT
Date: Wed, 01 Feb 2023 16:39:47 GMT
Connection: keep-alive
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyCkIT5lu.woff2
216.58.207.227200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyCkIT5lu.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 25640, version 1.0\012- data
Hash a76940a6dbf58b7014bdaa4211cd384b
90407725b851547b0a63e863d8880f6a531f425f
3aaa08d1c1434c3dd80f3ae7b73884fd1570ddc777b9bc2beaeeb1648373cffd
GET /s/raleway/v28/1Ptug8zYS_SKggPNyCkIT5lu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rixon.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25640
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 02:42:44 GMT
expires: Fri, 26 Jan 2024 02:42:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:41:19 GMT
content-type: font/woff2
age: 568623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2167083ade638acb1a197429f008d212
b27dbcd1b75dca1f3ea8bf61722f1b9c19271693
ecb15aab80107eedff9349d199b5f85868e3e207073a91e13c935f86f94ebd74
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2965
Cache-Control: max-age=159754
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:47 GMT
Etag: "63da5749-118"
Expires: Fri, 03 Feb 2023 13:02:21 GMT
Last-Modified: Wed, 01 Feb 2023 12:12:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
unitraffic.net/banners/42c8717aad7ce0cfde78cfb20dc5a3c5.png
85.208.187.144200 OK 26 kB URL HTTP/1.1 unitraffic.net/banners/42c8717aad7ce0cfde78cfb20dc5a3c5.png
IP 85.208.187.144:0
File type PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 2a1583f2fb1354cddb544be42c8dbb70
96aa9d61e6a0106a72c6d7a8161e7ecac7ce390b
94fcba61529944645b131018d89f79c3db37ed5a00c42bfc4acbcb187dbfce59
GET /banners/42c8717aad7ce0cfde78cfb20dc5a3c5.png HTTP/1.1
Host: unitraffic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/png
Content-Length: 25977
Last-Modified: Thu, 26 Jan 2023 03:31:42 GMT
Connection: keep-alive
ETag: "63d1f41e-6579"
Expires: Thu, 02 Feb 2023 16:39:47 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
ads.people-group.net/?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901
95.217.114.240200 OK 4.9 kB URL HTTP/1.1 ads.people-group.net/?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13181), with no line terminators
Hash b547c0f269696fe912b41582ccf9b614
248718e45e40cd8a8048e8467791368af6f06f8e
56c8ea351fbb45925e07f79ae182c25aa0d75437ad3e6aaa0ee659d7a5656314
GET /?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901 HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgutm1=3ac|25|1; path=/; domain=ads.people-group.net;
_pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:47 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
ads.people-group.net/?hwn=MjcxOTYyJzUyJzMn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.786257781700436
95.217.114.240200 OK 4.9 kB URL HTTP/1.1 ads.people-group.net/?hwn=MjcxOTYyJzUyJzMn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.786257781700436
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13181), with no line terminators
Hash 5a2984b11d92368c38f9dcb34f0a2749
e048031520fcf2df47433bed62cdf550deffb9e2
238c06c22d0e94696ce719362854c14e6e47dcde829d6124050dc9d55636174d
GET /?hwn=MjcxOTYyJzUyJzMn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.786257781700436 HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgutm1=a81|25|1; path=/; domain=ads.people-group.net;
_pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:47 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
ads.people-group.net/?hwn=MjcxOTYyJzUyJzQn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.014289720547551177
95.217.114.240200 OK 4.9 kB URL HTTP/1.1 ads.people-group.net/?hwn=MjcxOTYyJzUyJzQn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.014289720547551177
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
Hash f5801db9aab08a52520c78ec90b542da
1892a2e7ade3fd3cceadb90eb21ada824a6add6e
e5228f50178fbee57688d1bfa265e9000dcb41699ee9e8b885acb1766dc4b3af
GET /?hwn=MjcxOTYyJzUyJzQn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.014289720547551177 HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgutm1=36c|25|1; path=/; domain=ads.people-group.net;
_pgstg=1675269585.1e7a2db587; expires=Sat Jan 27 16:39:47 2024 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
unitraffic.net/img/logo.png
85.208.187.144200 OK 828 B URL HTTP/1.1 unitraffic.net/img/logo.png
IP 85.208.187.144:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 5d64b2a407d39375aef50b69e12d0f3b
a4c8e0b4992866f11bb0f9bd90b17fa686567d01
0cf9fb277578e649197b5ff942f81b45816f139a5bff53a7222d348a9b79da67
GET /img/logo.png HTTP/1.1
Host: unitraffic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/png
Content-Length: 828
Last-Modified: Sun, 17 Apr 2022 06:43:39 GMT
Connection: keep-alive
ETag: "625bb71b-33c"
Expires: Thu, 02 Feb 2023 16:39:47 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
151.101.65.229200 OK 30 kB URL HTTP/2 cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (32003)
Hash 69f7727d5370722fc853661154db167f
fcb0ea060769e9d3727d2c000ac9017690b38fd0
0e544c30c56ec861e8ffd4192c893490118bcbcd99bbb57fed10a49fb80ffb13
GET /jquery/3.0.0-rc1/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"1511e-iX3qQTkE9uH1SwOLGxDGVnnk1pk"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 01 Feb 2023 16:39:47 GMT
age: 1870430
x-served-by: cache-fra-eddf8230023-FRA, cache-bma1622-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30035
X-Firefox-Spdy: h2
ad.a-ads.com/2134377?size=468x60
213.239.209.209200 OK 4.7 kB URL HTTP/1.1 ad.a-ads.com/2134377?size=468x60
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash ff2dceec4b2f946d80f891abf0a2f647
dca6b786af0ae034b8239447e8346c69c281be9e
49252e5ea85acdf022abceae68531b2fefbf500845d702ae25c5d0ba71ccb365
GET /2134377?size=468x60 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://rixon.ml/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 97ff1773b7e2d54d2df8553c827c457c
4403cb2790b79155a1490b65311f0269bae663f4
0050485f496d5f1ad50e37215415e2d327ce11942a9a548245e993b3b9109230
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "41C4C5A124C52A7822CD6FD3E297AB1A40D78BEB"
Expires: Thu, 02 Feb 2023 03:00:00 GMT
Last-Modified: Wed, 01 Feb 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2544
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c2009a9641c0a-OSL
ads.people-group.net/bann/fonts2.css
95.217.114.240200 OK 93 kB URL HTTP/1.1 ads.people-group.net/bann/fonts2.css
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (33850), with CRLF line terminators
Hash 8fb32ddcad6d21e053e826836814a373
53d4198a8e2e68a2541cd877c179c453651ec1b5
3999b2214fe8faa2b3e3f3b087f4962564e7a002b485cca42921d56a18cb52af
GET /bann/fonts2.css HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/css
Last-Modified: Fri, 08 Aug 2014 18:44:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"53e51a9b-1e2d2"
Expires: Wed, 01 Feb 2023 17:39:47 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
unitraffic.net/banner.php?user=1578&_=1675269609121
85.208.187.144200 OK 1.5 kB URL HTTP/1.1 unitraffic.net/banner.php?user=1578&_=1675269609121
IP 85.208.187.144:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (3926), with no line terminators
Hash 190344ee942e7d953fcb62d7c820957c
cd4ad6a1083cf52b9fc6c23b1fed4cea334b3493
f23957be02e8a95579a1d6b291850c15971c6de277477bae9b1115a57bffe88d
GET /banner.php?user=1578&_=1675269609121 HTTP/1.1
Host: unitraffic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=h9rhr7adm046559ogesraa6986; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
ads.people-group.net/bann/jquery.min.js
95.217.114.240200 OK 33 kB URL HTTP/1.1 ads.people-group.net/bann/jquery.min.js
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32086)
Hash f3f99798737334e9d6a59819c7d7590a
4257d1ffd07601b36d1e68c4e9e803196e7db9df
560f5a20ad5d7b5add7aa23e53a0371837a82d6765fc12df5cdfa03bc076e964
GET /bann/jquery.min.js HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Oct 2014 12:03:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"54352814-1762a"
Expires: Wed, 01 Feb 2023 17:39:47 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/yW6XGAPVupc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/yW6XGAPVupc
IP 142.250.74.131:0
Hash 42f5f0fc8425df2031b4c24345ef85c7
dce7ab1d10fdeac0628b3d4b9c44b22fbbea753c
c54f5d525a9b1fcbed306c4de77d037fb01a125ef76320afc52e81636f846218
POST /s/gts1p5/yW6XGAPVupc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.people-group.net/bann/3/3/1/8/331848_4.gif
95.217.114.240200 OK 252 kB URL HTTP/1.1 ads.people-group.net/bann/3/3/1/8/331848_4.gif
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 468 x 60\012- data
Size 252 kB (252467 bytes)
Hash 4287a93c114c3fa85f86262443869bac
f64b16c83355b2f67f3e2eae1375873eaeda9d5d
1054b2cb53543d3fd8a3476967ceec3df5d98cf7425ee310257435352cb719ff
GET /bann/3/3/1/8/331848_4.gif HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MjcxOTYyJzUyJzIn&xm=1&swf=0&hrf=http%3A%2F%2Frixon.ml%2F&stg=1675269585.1e7a2db587&s=MTI4MCUzQTAlM0E4OTg%3D&h=02%2F01%2F2023%2016%3A40%3A09%27%5E%271%27%5E%27&k=WDH%20%20&0.5313670041087901
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/gif
Content-Length: 252467
Last-Modified: Mon, 02 Jan 2023 16:40:35 GMT
Connection: keep-alive
ETag: "63b30903-3da33"
Expires: Wed, 01 Feb 2023 17:39:47 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
admediatex.net/serve/valid.php?a=3986&b=468x60&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
104.26.9.229200 OK 710 B URL HTTP/1.1 admediatex.net/serve/valid.php?a=3986&b=468x60&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
IP 104.26.9.229:0
File type ASCII text, with very long lines (5357)
Hash 5422c8815f8e9673af0c36a9763b43d1
71e4c132cebc04b0fa77269050f33397f3fa1594
b6a9add3cde8be8b59fbdad98f7bf8b990cc9cc4c120add29c970b6d186bae83
GET /serve/valid.php?a=3986&b=468x60&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D%2BL0RaNDkBpLJWG3HYPu81QahwjTedkA3nISmPS7b3NDP18CXf%2Bb0YDbypGvaaIQUGuqelE7piybwUJHsmVIF5Im0tBTScrta3X6oShkmFZnMbTSwUtWdgQUbA86TTe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200b1b1cb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
static.a-ads.com/a-ads-banners/217383/468x60?region=eu-central-1
213.239.209.209200 OK 595 kB URL HTTP/1.1 static.a-ads.com/a-ads-banners/217383/468x60?region=eu-central-1
IP 213.239.209.209:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 468 x 60\012- data
Size 595 kB (595197 bytes)
Hash 984d4053847f4cc202675a9db8bf1d94
0d60f56e63f6091096e636bca9562523661b26b5
ca0a905973ac49273ab4f564e920c1d97e88efefc52dcb74eaba0858ca50ef1a
GET /a-ads-banners/217383/468x60?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ad.a-ads.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/gif
Content-Length: 595197
Connection: keep-alive
x-amz-id-2: xUuLJ0L3utKpnnOGacqdywG5XRU6mXGz3cnFfbNWECpNUe3WXJ9o8hej0aJxd9gZRkHDQtNnYrU=
x-amz-request-id: Z5HG1TERATHGM7C1
x-amz-replication-status: COMPLETED
Last-Modified: Sun, 11 Jul 2021 13:31:34 GMT
ETag: "984d4053847f4cc202675a9db8bf1d94"
Cache-Control: max-age=315360000
x-amz-version-id: mfQPWf1VQUt8EDnbXU35SHFnmIMsARZi
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges: bytes
admediatex.net/serve/valid.php?a=3986&b=728x90&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
104.26.9.229200 OK 890 B URL HTTP/1.1 admediatex.net/serve/valid.php?a=3986&b=728x90&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
IP 104.26.9.229:0
File type ASCII text, with very long lines (5361)
Hash 9fb94a38f1a5d7b1058c5b0f2587cfca
d7255b08c9d43f45ad2b2da26de3273818dfa32a
6821bc0203ee23285f647826338e5b2b1b7466a7869cfc1e2f405941e1e1fa6a
GET /serve/valid.php?a=3986&b=728x90&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNVxugHdvmi%2Fqwzq878OodCsZc9JtxOSqHPulTl2MgeTWYJTKE3l6PCd38Bx%2F%2F7bVf3N7HFuA5AAlfCaRGpRsXEDvuYBrLJOY3sPnN9TU%2FUK5CFXfKJrq%2BUpWJhYI28N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200b7fdcb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rixon.ml/images/about-top-bg.png
109.94.209.69200 OK 5.2 kB URL HTTP/1.1 rixon.ml/images/about-top-bg.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 1920 x 112, 8-bit/color RGBA, non-interlaced\012- data
Hash adf7eeb16dcfa95f3a6ea3aac4e64523
1b7353dfd00a2d0ab90d50e8bc52b1d385f8c18b
14477689d427c4a45114f265b4689b7d3fddaf135710a3c9a2a7a05706332f8d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/about-top-bg.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/png
Content-Length: 5203
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1453"
Expires: Thu, 02 Feb 2023 16:39:47 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/images/about-bottom-bg.png
109.94.209.69200 OK 5.2 kB URL HTTP/1.1 rixon.ml/images/about-bottom-bg.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 1920 x 112, 8-bit/color RGBA, non-interlaced\012- data
Hash 59b0932fcd52055ca6f5fc9b10f62061
5abed39396dcd4ccc4a3b3e5c0baa61a7ad77663
0a793389d43f91e37bb40ed7735bbb3be3159ae7ddee12f7f1bfc37bdbf141a9
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/about-bottom-bg.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/png
Content-Length: 5203
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-1453"
Expires: Thu, 02 Feb 2023 16:39:47 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
admediatex.net/serve/valid.php?a=3986&b=300x250&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
104.26.9.229200 OK 889 B URL HTTP/1.1 admediatex.net/serve/valid.php?a=3986&b=300x250&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf
IP 104.26.9.229:0
File type ASCII text, with very long lines (5364)
Hash 800995b80d7634d9248ea286dbb9bb8b
647df56196c65cef50d877ae15325940b6a9541e
525449702274d6dde2a3e70bcb0769b5978847289ca98395874e35ae9718d76f
GET /serve/valid.php?a=3986&b=300x250&referr=&t=1675269587&c=zetx&doma=0&dcat=5&h=acedaeddfddf HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOKvM39su7l1QguivnDFhmpNss3RoTQFWGF%2FuEqFSBrV0k0s8zgjsUv5BjPx%2FiOAfrTVwPYerBNP%2Fa%2FUTFIaJans%2B6Bh3PzEZqw%2F6nrGFTExr5k%2FmJOVyHhPQEjEGSWy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200bfc63b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
cdn.admediatex.net/468x60/
104.26.8.229200 OK 191 B URL HTTP/1.1 cdn.admediatex.net/468x60/
IP 104.26.8.229:0
File type HTML document, ASCII text, with no line terminators
Hash 054049f12828ce17fb8e0d896833587b
29ff8c63366cbbadf02c2d1299b370467a782e92
0ffe540992a745572d943b16577646858ce39018cf97e1ea83c51dabc33a6463
GET /468x60/ HTTP/1.1
Host: cdn.admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/8.1.12
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jAs5yBneFTE5gOWrNa05XxQJUXr%2Fj%2FNTLs9uSK2Qghhvw%2B2a759%2Bc5NIHf7sLzYr3JrEXcYAi1F5G7GsxcQyFUywcdxEZJcxw7EsDmfWl4WEE9NjcOfgHEckpX2E39%2BR%2BfSeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200baf25b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
rixon.ml/images/contact-bg.png
109.94.209.69200 OK 28 kB URL HTTP/1.1 rixon.ml/images/contact-bg.png
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type PNG image data, 1920 x 888, 8-bit/color RGBA, non-interlaced\012- data
Hash 4441d29a851f2b849752da354cb21988
77cbd015a31c38c337665885d542ed0da7b61417
e75725c876f45ade5101c744cf93a724d1cd64bb58e72b624dd815208db51b77
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /images/contact-bg.png HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/css/style.css
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: image/png
Content-Length: 27519
Last-Modified: Fri, 31 Jul 2020 10:27:24 GMT
Connection: keep-alive
ETag: "5f23f20c-6b7f"
Expires: Thu, 02 Feb 2023 16:39:47 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
rixon.ml/js/owl.carousel.js
109.94.209.69404 Not Found 113 B URL HTTP/1.1 rixon.ml/js/owl.carousel.js
IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 6cf716f76488f5d0ca109fc4079a37a3
d68f9a32525ba04eee96c544aee9a1f52ca39310
29d729fcfaeac14bfc2223645971630390323b6c2768509fd1ac53def0d0bf4d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
suricata medium ET INFO HTTP Request to a *.ml domain
GET /js/owl.carousel.js HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
admediatex.net/ads/300x250.html
104.26.9.229200 OK 755 B URL HTTP/1.1 admediatex.net/ads/300x250.html
IP 104.26.9.229:0
File type HTML document text\012- HTML document, ASCII text
Hash c26cd1d05ab5c272e0b7650e68f4fe30
518b9a7c8e248168717d294cd5545dbafbecf469
7f55f24a1e90a56f17fee60fcdd9c7b0a1ca7af0196070b341d7f8755bed03c0
GET /ads/300x250.html HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 20:20:09 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vpm65MgLiWdUCgIUo%2BRpZj%2B0Qhyju2zeSZljfd6gFcDQN%2FT%2FUMVTsgFRGn9KRBFtsCEm1g513lLHsQq3xbqNEjuUM8pNJDvpW59cnZSqIO2djKfYYm9uJEwb%2FVdbqPQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200c794db50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
admediatex.net/js/asdshef.js
104.26.9.229200 OK 33 kB URL HTTP/1.1 admediatex.net/js/asdshef.js
IP 104.26.9.229:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 795b5d7f70f2e0d9c18caa9e9616bb33
f5835cba9ea7518a5a4ae9503a94c5547e4c95af
0d9009264fb655bc1b54e59be4edfe58071a6c9c4b5c68449ca624353c7d2804
GET /js/asdshef.js HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admediatex.net/ads/300x250.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=315360000
Cf-Bgj: minify
ETag: W/"63693a97-16d0a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 07 Nov 2022 17:04:23 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 1061412
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aqk734ujd9KOU4cYzAtFLIGIuGqLK4Y9AIf7%2FbhLnNeCKkExLNrV6778W1R0WNFb7aZFp03DoWZygy86Aig%2F%2Fs08i0hjqnv1rtPZhGPUoAr%2B%2BqWMIIMlvRAYfFS%2FK52c"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200cfa09b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.5 kB URL HTTP/1.1 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash 2b153cb2287eac49566b32fce9c385f8
206074b038daff8bc66d86bca0c5ff35f9f72655
7398435bd3f0dae8206173dd66954ae029dc8787962d5f089bcb548f53409869
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
date: Wed, 01 Feb 2023 16:30:01 GMT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 103483393
etag: W/"-375139978"
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4547
x-iplb-request-id: 5B5A2A9A:D15B_2E69C9F0:0050_63DA95D4_F7870:25405
x-iplb-instance: 40744
rixon.ml/favicon.ico
109.94.209.69200 OK 1.2 kB IP 109.94.209.69:0
ASN #202376 Arvid Logicum OU
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash e3466735189215709a83c859405d4f64
f25663fb769cc13df932900465a65a45d1186a19
24d01616a058f0b6684d89b6e35d63dfa09d7eef5c9ca8a4086c8515bd5268d9
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /favicon.ico HTTP/1.1
Host: rixon.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 31 Dec 2021 09:55:18 GMT
Connection: keep-alive
ETag: "61ced386-47e"
Accept-Ranges: bytes
cdn.admediatex.net/468x60/FrrBFb43297_r_3.gif
104.26.8.229200 OK 18 kB URL HTTP/1.1 cdn.admediatex.net/468x60/FrrBFb43297_r_3.gif
IP 104.26.8.229:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash e956aecd39318b541f135b6586609c3d
4188ec13d188198000a861249d06bc76ba4750ae
84ca75301b6f0d6cfdb5d05f6836e273c5dff5e580d77214dc524dc17847a795
GET /468x60/FrrBFb43297_r_3.gif HTTP/1.1
Host: cdn.admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.admediatex.net/468x60/
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: image/gif
Content-Length: 17545
Connection: keep-alive
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=17608
cache-control: public, max-age=604800
expires: Wed, 08 Feb 2023 16:21:49 GMT
last-modified: Sat, 24 Dec 2022 01:59:56 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 1079
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKqqdR%2FbmLetjfC0f6UgawDKgfe9SqauOobTqYdYcDtVoO8Olx5ehJ3e9JAq%2F7LX9C8pFybQciND9hESBR5k6dXa6HQXhlBIH4uo1mkkhXzUzXxHKV7iS1uKofIrNXI%2BaSf63w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c200d3957b505-OSL
alt-svc: h2=":443"; ma=60
admediatex.net/ads/728x90.html
104.26.9.229200 OK 675 B URL HTTP/1.1 admediatex.net/ads/728x90.html
IP 104.26.9.229:0
File type HTML document text\012- HTML document, ASCII text
Hash 114ef82e2c72fa36986698d014c9ea82
b233db771464c7e6d1ab370bf8bb2e838672af2d
97996167a65b01ac6834ba34e4aef0c2f03f1d896124dd47ba99b3c179a814b6
GET /ads/728x90.html HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 16:58:36 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2Flo%2Ft%2Bq%2BzhtCtGn%2BBUdDMOoYASRVX1i4%2FH%2F%2F%2F2iO1OEG8ImmNKdeZuiAKhSvYYJ87M1H5icCgDtQupq2xUEDIPOLmide%2Bf4vGmilo%2FUt5FqCuPl6ym%2F7fCiNab9F9hF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c200d0a38b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
admediatex.net/ads/images/300x250_787445658598815454454545.gif
104.26.9.229200 OK 15 kB URL HTTP/1.1 admediatex.net/ads/images/300x250_787445658598815454454545.gif
IP 104.26.9.229:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 2b513bb5998d69e8533ac016c373bda5
9635a2e66c270aa69b509f84c6c3468fd76138ee
fbbb7d0a175e64abad07810c4b28348eb7497760265dc36a9deb78bfd1c75ffb
GET /ads/images/300x250_787445658598815454454545.gif HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admediatex.net/ads/300x250.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: image/gif
Content-Length: 15107
Connection: keep-alive
Cache-Control: max-age=315360000
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=15155
ETag: "63693ae5-3b33"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 07 Nov 2022 17:05:41 GMT
CF-Cache-Status: HIT
Age: 195647
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SX5g5E53ne1UQFnLbiQD8fA%2BwlD7wOSOqbjVx2fg0tpoqV6OPAoBY3ue4cWBBwLenlRgPmYWEyjtGbIInp%2BlOn5X0Jw8mVdsKV5jNJV2Ce2M6dRdfP4F5tBbifx2iW37"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c200d8afbb50f-OSL
alt-svc: h2=":443"; ma=60
xml.zaimads.com/redirect?feed=475884&auth=URZUI4
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=475884&auth=URZUI4
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=475884&auth=URZUI4 HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
Pragma: no-cache
admediatex.net/ads/images/728x90_884555.gif
104.26.9.229200 OK 35 kB URL HTTP/1.1 admediatex.net/ads/images/728x90_884555.gif
IP 104.26.9.229:0
File type GIF image data, version 89a, 728 x 90\012- data
Hash f23ed25f272e79d993ecd68909a473e6
22ebc3b0130c3aa2dc2228b8fd8974b163ae1bcf
ba73d17c888570d01c497e304481e66905e25efed3126c637a369abcbcf9e6da
GET /ads/images/728x90_884555.gif HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admediatex.net/ads/728x90.html
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: image/gif
Content-Length: 35152
Connection: keep-alive
Cache-Control: max-age=315360000
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=35288
ETag: "63693af4-89d8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 07 Nov 2022 17:05:56 GMT
CF-Cache-Status: HIT
Age: 126674
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqaf2shjAn0ii06lP6USdk6rUozE53ISnjxfeC5FntEelp5s05QA6ELR%2BvjScvmm3M8EGvroFqmqjC%2Fm%2B8iSMD1wG%2Fbzdlrgy3ZN4%2Bt6YPz%2FM2Bhes5Of%2F2teNweugw%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c200dfb8bb50f-OSL
alt-svc: h2=":443"; ma=60
xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471426&auth=4zKcxP HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
Pragma: no-cache
xml.zaimads.com/redirect?feed=475884&auth=URZUI4
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=475884&auth=URZUI4
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=475884&auth=URZUI4 HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
Pragma: no-cache
xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=464209&auth=59BEQe HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_457457.517775
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89cc0a50bb4d8ec23b595750e01e940d
e16df38596648dae40f3c54ec8b1af80c44b2892
05810c510e679e2129f47f9d179a5ccf1210f5327bdcddef994371ef7a7c6654
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05810C510E679E2129F47F9D179A5CCF1210F5327BDCDDEF994371EF7A7C6654"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4125
Expires: Wed, 01 Feb 2023 17:48:33 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471426&auth=4zKcxP HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
Pragma: no-cache
xml.adflyer.media/redirect?feed=466229&auth=H7UXus
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=466229&auth=H7UXus
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=466229&auth=H7UXus HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://r-us.tsyndicate.com/do2/direct?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYxNGSMwVHGRpgWZsaQGdOCRhkxLHHYoAGjBY6QNGLIwDEGho0ZOUQ4nCMmDRmFOraIqBEDqA0cX2jkgHFDpoguDse4QRrjJwyHYeqMwWhDTI4xT8PYaFGDjI0aLXPYINMix82aYUqGMRjjBg2eOISKKEoGIxkYZWK4nTGjRYwcNMy0LDNDjE0bZcrYjAED5l6qMh4LNmhnoYwZNJ46hFNHjGm5OGqAhXNRxwwZMHIOhSNRB04cOfo6LIOHzpc5vDEydQpVKlWrWdvUntE0Nw6wZMwsbDjYjRvTp2_MuCHDYRs3HnXIwB189fn0fXHIoOGwTgyMaOhYnKPjxYszb7iABxt2pJGGHGTI4cIYb7TxwhxthCGHRRu9UMYYNYhhQw5m2NDTDTGEMcMYZpBxWhiRxUBDGOKVgYNPY9AAkkkl5lCGeGH4ZBBIZchgw0w1tEXGDSCaYcYPdcyBUBJk9HADDDmEkdIMJNUwgxkv1SCefHKZQQOVOKR0g5ZijFmVDJC1ZVINZZSIpYtiuBjkSHPJcFgMXNQBAww-tlFGG3HKwWQPXwRRRh0tUIFEG2oEkcQVWMSRxRVv2ICHo2fQAZMRZsBAxm_BjQncDTbAUAMWNMCRRBZUtNFEGHmMOAMUatSRgxVhaGHGHEbMYMcTa-BARRNraEHHGq3iCoeKbLzxxBlVnGFDrTTckIUcRoQBxRBNlJGFHnngYGIVNtDxxBtiZFGGGknAIQcWQ5QVBBpVwBCEGVjEoAcROUFxhRlN4AFDDHnQEeQUcpiRxRktCDFFE23QMcQdX0CbBBFSVJFGnnv6OMcbdcgxRhmDgtoXx3zaAIcMPQCHw6go-7hsD048EbPKM_QgGBkNYiRHGni84YYLbbAh2Bhh9LYFdVhlJPJCMLiwJ1U2OCSGdjpELYNsIowBRxtfuDtW1i5YWZ4Ictgx3VciXPg11C6QWl8daRiWExk8kWFXp53h5pJde-Zg14Vm3CTDDWUIlkZtIgTnwlQuhORCDDXQIFgdYWDUxBt6pMEGG2G8UIPUIKBwRRpu8HzHHCA4QQUInEm9AwinuzHT7HjcDkLaOnA2OgwpgHDEhWu88QJunA08MAhGHNjmG3i84LvUR48tQs2CvSHHF2NYj71DbFhfhBM7l2HHF3KUYXTvWlY1w1N7OiTHGd-pVwMO3B10vhhyLPSyQ_r7QhveUBj1yIQiIkjQGxYyA4e8ASn0cRr08rCQCKYPawPRDxz684KfBW1oRXuBYOaQNp-9gQ5J014L6uCGNNChBaFxwR3CMAcZ7Mx6SfrCDGsoGDq0YSI2GJOPcnC_64jAhzbsXRBrMMQiPsaIBkFfGZDzhaQBUYgbKuJwzhcGNiCEDkhZWg2aFgYx9CaBbQoLGySymvBBLSvpgUEfFBAQ&s=e54bf44047420105dd85b2fb4a724281e90e0516b93e9af6278cd334fc30cfe41675269588
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:39:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2419bbbf287e620325438f5620183e32
257963245f14742bf9cd90e71ca748066d5495c3
47c7495be97a81189da17fc3abf430d1f4ecae95fdda30006cc462a4cea4c643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7628
x-amzn-requestid: 29c70d62-ed3a-4c90-8f32-2dc0c1caf5e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcDSnG4RIAMF5eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4b276-0267c928110be13d26906bed;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 05:28:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: temaq_TJ35QzsVDLMotam8rNea4vwiE7Zo7i8wlqQJr0JIXdL1_Iww==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 20:27:56 GMT
age: 72712
etag: "257963245f14742bf9cd90e71ca748066d5495c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:57:00 GMT
age: 13368
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 50990
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _xCzARAxn6PB9wrQAL98hWvnUxQOocZFqMoS2l_CoIzOJC18bXQuSQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:53:32 GMT
age: 67576
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 33127
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c83dcdb618756ebbfeb69a8bff6d38c
5f909182ab6847690e7ebd100e3f0d2798e36192
2e29d0747fb973908228501178465ac09f6553ef8e50dd70ee617f3379eb733c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7049
x-amzn-requestid: bc6522f2-eb6b-4e59-9912-0c03d145f021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk31LGE2IAMF8rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839ba-67477ed1260c27f67e28043d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q_aVbWJKMbX1_bjggzbdnWbgmfooGvXj76t55QGGXRr_y6ZgW2gctw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:23:45 GMT
age: 15363
etag: "5f909182ab6847690e7ebd100e3f0d2798e36192"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xml.zaimads.com/redirect?feed=475884&auth=URZUI4
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=475884&auth=URZUI4
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=475884&auth=URZUI4 HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
Pragma: no-cache
fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext
142.250.74.74200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext
IP 142.250.74.74:0
Hash 9bbabdc073cf395b4d96a03aab92b888
4fe39e035766516627f1380c99c865dcc33320de
4e7fb4d331420134cf65036c35919307842a63914921327ce9e4f5654ff24973
GET /css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 16:39:46 GMT
date: Wed, 01 Feb 2023 16:39:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498003&auth=ZmYisy HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=VEm9VnBbiek_0&s=459305_498003
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_457457.517775
95.101.10.153307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_457457.517775
IP 95.101.10.153:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_457457.517775 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:48 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228768246128%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 01-Feb-3022 16:39:48 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=89, cdn-cache; desc=MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2167083ade638acb1a197429f008d212
b27dbcd1b75dca1f3ea8bf61722f1b9c19271693
ecb15aab80107eedff9349d199b5f85868e3e207073a91e13c935f86f94ebd74
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2966
Cache-Control: max-age=159754
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:48 GMT
Etag: "63da5749-118"
Expires: Fri, 03 Feb 2023 13:02:22 GMT
Last-Modified: Wed, 01 Feb 2023 12:12:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=gn5oGqENIrOD8iataulPIBBydgKLKkLO4l6LqwSAU6dpZY2TQhvEJOgUFmqUNWjkSWVsjsMgqDCo_Ov6moktPYbGci-6MrYQ6R2xUy4livzfBgdBVEh88tMN4uEf_VyejMUs6RRlX5sikoiAqmO8YHelh8_NfqMsAcpg75wNWI2G-oPa9nnzYQVhUEh_hTaiAtDunzaRS8gRtcPxGT7rGWdTwDWiaEtM0JDlDbOPTEbOod_Xa-MgFpc2PakXQMLPHUXRwB9I5mXHUBBK1q3iQkcgTqRcke7JGXo24-8qxMdy2cHzjAG8wmmYXS-q5KcOWuyA4DjLjVTIx7J66ZoXt4WKYBX1sfa2fTpO8nl1-9-HnTMEFBSeaW3W_PrYHc7LV16rtoY2_5-kMcI6hNHDWNA40oxyjlJsjxtWTGqmGrHPH2F0fzinOW7_B0CKzMNXL1DTNkduUGSkq8Nm9KKOqBbNZMDpiaH4OrUWIePyp79ZwANbRC_RNGbfvPhZH3N2m12ys04liAXqWMPu04RvZ3zKjGNKjuK6GwSUKmje7JWJAqXkirh3B96veVrzExnu50qWlaPFYMDhI9jY6oFfeLIoquisZP50-xU4Ky8m_igdwC8PI7YLrenrLN-yJogngmclUkloi0ARftWf4mE19lKywNKIQaK2ghF_WydZcOSD-2bU8WmeT-NsS_8Aws_jTgTdZuh3lQiuXcdrf6fEKMdgHASRvcSV
X-Request-Id: eafca830e1673796
Set-Cookie: ts_uid=724066b0-afa1-4013-9d9e-a9c9f1241d73; expires=Tue, 01 Aug 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471426&auth=4zKcxP
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471426&auth=4zKcxP HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
Pragma: no-cache
xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=444916&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470760
Pragma: no-cache
s4.histats.com/stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-32298799&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
149.56.240.31200 OK 72 B URL HTTP/1.1 s4.histats.com/stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-32298799&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
IP 149.56.240.31:0
File type ASCII text, with no line terminators
Hash 4165a6c7d08129dc2f1ddc31de1313a9
09d3925108795c9110ff552ced98e969c060c702
cfc9096a07269e8a8b1f19780a269d07e966640fcff514f927046f44c7c9c34a
GET /stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-32298799&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 72
Connection: close
xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498002&auth=4QVAPl HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=0hLUuU-xQoU&campaignid=986795&siteid=504185.461005&publishid=504185&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.00022
Pragma: no-cache
s4.histats.com/stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-14886148&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
149.56.240.31200 OK 72 B URL HTTP/1.1 s4.histats.com/stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-14886148&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
IP 149.56.240.31:0
File type ASCII text, with no line terminators
Hash 4165a6c7d08129dc2f1ddc31de1313a9
09d3925108795c9110ff552ced98e969c060c702
cfc9096a07269e8a8b1f19780a269d07e966640fcff514f927046f44c7c9c34a
GET /stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-14886148&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 72
Connection: close
admediatex.net/serve/ads.php?a=3986&b=728x90&random=69265288&referr=
104.26.9.229200 OK 174 B URL HTTP/2 admediatex.net/serve/ads.php?a=3986&b=728x90&random=69265288&referr=
IP 104.26.9.229:0
Hash 0ea47eca01fb8cff1b5a5dd85b0514ad
ad375bad6a8f69bc7df2858d57ed0ae886c70ca3
673780c8febb109af48ab0be344ffc6e7ea880db305196c7e7e7b848b8311b0d
GET /serve/ads.php?a=3986&b=728x90&random=69265288&referr= HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ugLiZ%2BAExL4L81SDx8iwfs3TiLWj8ChN%2FtX%2FkTke%2BnS%2FSjzRDq8gR73FUzMZFeU7wUcSY64B4ji4PoaF0IM106EMQoQ7YMJR7EvTxMQbBCcqhoOUMmD8%2Fg8NFi8AoGpK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c200b2f9a0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415140&auth=6OUXF6 HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U*sgh6KDYuc_0&s=470760_415140
Pragma: no-cache
admediatex.net/serve/ads.php?a=3986&b=300x250&random=47138847&referr=
104.26.9.229200 OK 175 B URL HTTP/2 admediatex.net/serve/ads.php?a=3986&b=300x250&random=47138847&referr=
IP 104.26.9.229:0
Hash 5720241987847bb70f92dd68725067e2
c682aa8ea6ee2a8c78f795f8bbc18555a7afcf2b
273fd9f6b8fceafca68ff08931a7aad4fffb8f73ba4f0844d752be189b2712d5
GET /serve/ads.php?a=3986&b=300x250&random=47138847&referr= HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqPQre4QN0e%2BFo05RCZX6UqDtuIGitIsnQoCql0eLIWoMomsqzbtAZkbizMCQE1HQrS6NvTpvMjEYJiD0OIMwTjRiawJrPl67bjukA7sM5GyKB5ghWp8gf1PFM419A8K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c200b781a0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-80593546&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
149.56.240.31200 OK 72 B URL HTTP/1.1 s4.histats.com/stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-80593546&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
IP 149.56.240.31:0
File type ASCII text, with no line terminators
Hash 4165a6c7d08129dc2f1ddc31de1313a9
09d3925108795c9110ff552ced98e969c060c702
cfc9096a07269e8a8b1f19780a269d07e966640fcff514f927046f44c7c9c34a
GET /stats/0.php?4163264&@f16&@g0&@h2&@i1&@j1675269610303&@k7&@l2&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-80593546&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 72
Connection: close
s4.histats.com/stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-129756237&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
149.56.240.31200 OK 72 B URL HTTP/1.1 s4.histats.com/stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-129756237&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w
IP 149.56.240.31:0
File type ASCII text, with no line terminators
Hash 4165a6c7d08129dc2f1ddc31de1313a9
09d3925108795c9110ff552ced98e969c060c702
cfc9096a07269e8a8b1f19780a269d07e966640fcff514f927046f44c7c9c34a
GET /stats/0.php?4163264&@f16&@g1&@h1&@i1&@j1675269610296&@k0&@l1&@mWDH&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-129756237&@b3:1675269610&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Frixon.ml%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 72
Connection: close
xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470362&auth=rqwsKo HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=bZxiRCCdDuo_0&s=470427_470362
Pragma: no-cache
tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=2r5bAA_eYVgSCjrh9KqlDWcm8oa_ysidrLObJTSKJ1ywAIgWTrrh4018FYY0dBSo5r-xwReDpedkiQPm9dsHnxkL958ubGLX2NfbSwyP6UwhYxcDoIRhwuVcBIQFRICJwyu3-beoAEXh47ByFJAGO2MvnEb8SnL5ygaHVG93QWUroP55yf63JuWP4bgzW9G-1d23g-YEGqfDtJ_SOiWFp8YC0Ee-9JbPmwWl7qBXQkRcU-c1hIiV9f8H6BqIUP9SOVIQkIT3Nzp_QwsHCPmsUc0qZFb1GGwn5HtBeRiIG7DrZTpHd8rv50ZRuYZpyzQCAfzHTu7bCvuT7C6Joswn52__7lxXb13hqbr5KNlIy5SYwGdMKm5x3kHxog4xVocpAdvOZLN6YM-4Vi-eiYje2QE2F94S-YrwViBS8yPo-_K1ntNy-0Yn8obc1CpdN6wpTD_K1p_uMgK-pGcWblRqzdnFWN5dUzalPT3jBkNMPwzQIEMxsuxBeGsHMxcdM_nZm9rZ7g8mJlBLvmS07c_zNu_m_sFfsJ0VFt0HdFAfolA4zY_s3yMO3877t4vGY0k1LoiPU-YH88qpBvrNsykjtEtggz_aExg3PZI7glo90m9uy29PzLeMfMyrhogNlmHHituLpLSwIkNaziotw6oT_nmSe2JFn5l-ob6n6lGHy56ih-qcnHqRoRjGcU42aHnaUYRw4vRo14P64Y5uvxgKMMaevZsJIC13VqSsKNHSaaDDtm-crgyZ1_AwWKk
X-Request-Id: b150dcd58ba6d0f9
Set-Cookie: ts_uid=534561c6-ce51-4e73-a0ef-640a2fe04bf4; expires=Tue, 01 Aug 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470427
95.101.10.153307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470427
IP 95.101.10.153:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470427 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&sref=TRM&TRM=dL_433774.470427&affiliateId=1&pid=86525768&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:48 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86525768%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588594)%5c%2f%22%2c%22CookieTag%22%3a%223795086525768451240919C2023211639%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228768246134%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 01-Feb-3022 16:39:48 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=44
X-Firefox-Spdy: h2
xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=500770&auth=fclUlL HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://vzvnjw.delicatedates.net/c/da57dc555e50572d?s1=103756&s2=1514503&j1=1
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470760
95.101.10.153307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470760
IP 95.101.10.153:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_433774.470760 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:48 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228768246132%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 01-Feb-3022 16:39:48 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=23, origin; dur=51
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A92628443-37950
set-cookie: JSESSIONID=node0gow5nn4x1gcf1g9u209h3ofxi919587.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="http://rixon.ml/"; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_2F716B76543F430D9E6B3655D6F58253; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=92628443; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=http%3A%2F%2Frixon.ml%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_2F716B76543F430D9E6B3655D6F58253%26sref%3DTRM%26TRM%3DdL_457457.517775%26affiliateId%3D1%26pid%3D92628443%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: http://rixon.ml/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 01 Feb 2023 16:39:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
xml.zaimads.com/redirect?feed=475885&auth=wpRMce
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=475885&auth=wpRMce
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=475885&auth=wpRMce HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
Pragma: no-cache
xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471425&auth=d7gllh HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=3d94r7DBv5E_0&s=499756_471425
Pragma: no-cache
free-btc.org/
172.67.171.68200 OK 59 kB IP 172.67.171.68:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2146)
Hash 7ff0720cfecccc11114cbcbcc2bb8bce
9fff097bbd5a068cde377037d4c5a290a9681a79
6755b01a7b096a21a2af54223349b38a59fcc9c853f586719a9ce11483695559
GET / HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:48 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=526b1f86b56419edbab65362fe516dd7; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1saRZu69T5tTuaiYQnwgJny8HOY5lthaNVBsNHOr0kmg4%2BogXX6FcdeQBCnrMW9N2%2B8w%2FLOIeQuXA1rGhKr%2F2dTf4vmxeEguwyooIhotgNJcWyGJDkcts5RygpT0%2Bxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20100aeb0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
198.134.116.16302 Found 1.7 kB URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash c54c2e7743421adf54ef55381f14d418
523703f7703c8f8540cdd9995bb1f96c04b9f4e7
8b1a28c28df48f7c83695e1c15eb8d9bd06a060edf4868edf311142dc0b55d6c
GET /redirect?feed=444917&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZmR3hNB1XB8_0&s=470760_444917
Pragma: no-cache
sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
173.239.53.18302 Found 0 B URL HTTP/1.1 sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467932&auth=YyhXqX HTTP/1.1
Host: sub.adzgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=35OSAmtU4Yo_0&s=496490_467932
Pragma: no-cache
xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
174.137.133.18200 OK 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471451&auth=5aCfHU HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
r-us.tsyndicate.com/do2/direct?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYxNGSMwVHGRpgWZsaQGdOCRhkxLHHYoAGjBY6QNGLIwDEGho0ZOUQ4nCMmDRmFOraIqBEDqA0cX2jkgHFDpoguDse4QRrjJwyHYeqMwWhDTI4xT8PYaFGDjI0aLXPYINMix82aYUqGMRjjBg2eOISKKEoGIxkYZWK4nTGjRYwcNMy0LDNDjE0bZcrYjAED5l6qMh4LNmhnoYwZNJ46hFNHjGm5OGqAhXNRxwwZMHIOhSNRB04cOfo6LIOHzpc5vDEydQpVKlWrWdvUntE0Nw6wZMwsbDjYjRvTp2_MuCHDYRs3HnXIwB189fn0fXHIoOGwTgyMaOhYnKPjxYszb7iABxt2pJGGHGTI4cIYb7TxwhxthCGHRRu9UMYYNYhhQw5m2NDTDTGEMcMYZpBxWhiRxUBDGOKVgYNPY9AAkkkl5lCGeGH4ZBBIZchgw0w1tEXGDSCaYcYPdcyBUBJk9HADDDmEkdIMJNUwgxkv1SCefHKZQQOVOKR0g5ZijFmVDJC1ZVINZZSIpYtiuBjkSHPJcFgMXNQBAww-tlFGG3HKwWQPXwRRRh0tUIFEG2oEkcQVWMSRxRVv2ICHo2fQAZMRZsBAxm_BjQncDTbAUAMWNMCRRBZUtNFEGHmMOAMUatSRgxVhaGHGHEbMYMcTa-BARRNraEHHGq3iCoeKbLzxxBlVnGFDrTTckIUcRoQBxRBNlJGFHnngYGIVNtDxxBtiZFGGGknAIQcWQ5QVBBpVwBCEGVjEoAcROUFxhRlN4AFDDHnQEeQUcpiRxRktCDFFE23QMcQdX0CbBBFSVJFGnnv6OMcbdcgxRhmDgtoXx3zaAIcMPQCHw6go-7hsD048EbPKM_QgGBkNYiRHGni84YYLbbAh2Bhh9LYFdVhlJPJCMLiwJ1U2OCSGdjpELYNsIowBRxtfuDtW1i5YWZ4Ictgx3VciXPg11C6QWl8daRiWExk8kWFXp53h5pJde-Zg14Vm3CTDDWUIlkZtIgTnwlQuhORCDDXQIFgdYWDUxBt6pMEGG2G8UIPUIKBwRRpu8HzHHCA4QQUInEm9AwinuzHT7HjcDkLaOnA2OgwpgHDEhWu88QJunA08MAhGHNjmG3i84LvUR48tQs2CvSHHF2NYj71DbFhfhBM7l2HHF3KUYXTvWlY1w1N7OiTHGd-pVwMO3B10vhhyLPSyQ_r7QhveUBj1yIQiIkjQGxYyA4e8ASn0cRr08rCQCKYPawPRDxz684KfBW1oRXuBYOaQNp-9gQ5J014L6uCGNNChBaFxwR3CMAcZ7Mx6SfrCDGsoGDq0YSI2GJOPcnC_64jAhzbsXRBrMMQiPsaIBkFfGZDzhaQBUYgbKuJwzhcGNiCEDkhZWg2aFgYx9CaBbQoLGySymvBBLSvpgUEfFBAQ&s=e54bf44047420105dd85b2fb4a724281e90e0516b93e9af6278cd334fc30cfe41675269588
66.242.13.2302 Found 0 B URL HTTP/2 r-us.tsyndicate.com/do2/direct?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYxNGSMwVHGRpgWZsaQGdOCRhkxLHHYoAGjBY6QNGLIwDEGho0ZOUQ4nCMmDRmFOraIqBEDqA0cX2jkgHFDpoguDse4QRrjJwyHYeqMwWhDTI4xT8PYaFGDjI0aLXPYINMix82aYUqGMRjjBg2eOISKKEoGIxkYZWK4nTGjRYwcNMy0LDNDjE0bZcrYjAED5l6qMh4LNmhnoYwZNJ46hFNHjGm5OGqAhXNRxwwZMHIOhSNRB04cOfo6LIOHzpc5vDEydQpVKlWrWdvUntE0Nw6wZMwsbDjYjRvTp2_MuCHDYRs3HnXIwB189fn0fXHIoOGwTgyMaOhYnKPjxYszb7iABxt2pJGGHGTI4cIYb7TxwhxthCGHRRu9UMYYNYhhQw5m2NDTDTGEMcMYZpBxWhiRxUBDGOKVgYNPY9AAkkkl5lCGeGH4ZBBIZchgw0w1tEXGDSCaYcYPdcyBUBJk9HADDDmEkdIMJNUwgxkv1SCefHKZQQOVOKR0g5ZijFmVDJC1ZVINZZSIpYtiuBjkSHPJcFgMXNQBAww-tlFGG3HKwWQPXwRRRh0tUIFEG2oEkcQVWMSRxRVv2ICHo2fQAZMRZsBAxm_BjQncDTbAUAMWNMCRRBZUtNFEGHmMOAMUatSRgxVhaGHGHEbMYMcTa-BARRNraEHHGq3iCoeKbLzxxBlVnGFDrTTckIUcRoQBxRBNlJGFHnngYGIVNtDxxBtiZFGGGknAIQcWQ5QVBBpVwBCEGVjEoAcROUFxhRlN4AFDDHnQEeQUcpiRxRktCDFFE23QMcQdX0CbBBFSVJFGnnv6OMcbdcgxRhmDgtoXx3zaAIcMPQCHw6go-7hsD048EbPKM_QgGBkNYiRHGni84YYLbbAh2Bhh9LYFdVhlJPJCMLiwJ1U2OCSGdjpELYNsIowBRxtfuDtW1i5YWZ4Ictgx3VciXPg11C6QWl8daRiWExk8kWFXp53h5pJde-Zg14Vm3CTDDWUIlkZtIgTnwlQuhORCDDXQIFgdYWDUxBt6pMEGG2G8UIPUIKBwRRpu8HzHHCA4QQUInEm9AwinuzHT7HjcDkLaOnA2OgwpgHDEhWu88QJunA08MAhGHNjmG3i84LvUR48tQs2CvSHHF2NYj71DbFhfhBM7l2HHF3KUYXTvWlY1w1N7OiTHGd-pVwMO3B10vhhyLPSyQ_r7QhveUBj1yIQiIkjQGxYyA4e8ASn0cRr08rCQCKYPawPRDxz684KfBW1oRXuBYOaQNp-9gQ5J014L6uCGNNChBaFxwR3CMAcZ7Mx6SfrCDGsoGDq0YSI2GJOPcnC_64jAhzbsXRBrMMQiPsaIBkFfGZDzhaQBUYgbKuJwzhcGNiCEDkhZWg2aFgYx9CaBbQoLGySymvBBLSvpgUEfFBAQ&s=e54bf44047420105dd85b2fb4a724281e90e0516b93e9af6278cd334fc30cfe41675269588
IP 66.242.13.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /do2/direct?c=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQDpyFIuC8uVjxDEYxNGSMwVHGRpgWZsaQGdOCRhkxLHHYoAGjBY6QNGLIwDEGho0ZOUQ4nCMmDRmFOraIqBEDqA0cX2jkgHFDpoguDse4QRrjJwyHYeqMwWhDTI4xT8PYaFGDjI0aLXPYINMix82aYUqGMRjjBg2eOISKKEoGIxkYZWK4nTGjRYwcNMy0LDNDjE0bZcrYjAED5l6qMh4LNmhnoYwZNJ46hFNHjGm5OGqAhXNRxwwZMHIOhSNRB04cOfo6LIOHzpc5vDEydQpVKlWrWdvUntE0Nw6wZMwsbDjYjRvTp2_MuCHDYRs3HnXIwB189fn0fXHIoOGwTgyMaOhYnKPjxYszb7iABxt2pJGGHGTI4cIYb7TxwhxthCGHRRu9UMYYNYhhQw5m2NDTDTGEMcMYZpBxWhiRxUBDGOKVgYNPY9AAkkkl5lCGeGH4ZBBIZchgw0w1tEXGDSCaYcYPdcyBUBJk9HADDDmEkdIMJNUwgxkv1SCefHKZQQOVOKR0g5ZijFmVDJC1ZVINZZSIpYtiuBjkSHPJcFgMXNQBAww-tlFGG3HKwWQPXwRRRh0tUIFEG2oEkcQVWMSRxRVv2ICHo2fQAZMRZsBAxm_BjQncDTbAUAMWNMCRRBZUtNFEGHmMOAMUatSRgxVhaGHGHEbMYMcTa-BARRNraEHHGq3iCoeKbLzxxBlVnGFDrTTckIUcRoQBxRBNlJGFHnngYGIVNtDxxBtiZFGGGknAIQcWQ5QVBBpVwBCEGVjEoAcROUFxhRlN4AFDDHnQEeQUcpiRxRktCDFFE23QMcQdX0CbBBFSVJFGnnv6OMcbdcgxRhmDgtoXx3zaAIcMPQCHw6go-7hsD048EbPKM_QgGBkNYiRHGni84YYLbbAh2Bhh9LYFdVhlJPJCMLiwJ1U2OCSGdjpELYNsIowBRxtfuDtW1i5YWZ4Ictgx3VciXPg11C6QWl8daRiWExk8kWFXp53h5pJde-Zg14Vm3CTDDWUIlkZtIgTnwlQuhORCDDXQIFgdYWDUxBt6pMEGG2G8UIPUIKBwRRpu8HzHHCA4QQUInEm9AwinuzHT7HjcDkLaOnA2OgwpgHDEhWu88QJunA08MAhGHNjmG3i84LvUR48tQs2CvSHHF2NYj71DbFhfhBM7l2HHF3KUYXTvWlY1w1N7OiTHGd-pVwMO3B10vhhyLPSyQ_r7QhveUBj1yIQiIkjQGxYyA4e8ASn0cRr08rCQCKYPawPRDxz684KfBW1oRXuBYOaQNp-9gQ5J014L6uCGNNChBaFxwR3CMAcZ7Mx6SfrCDGsoGDq0YSI2GJOPcnC_64jAhzbsXRBrMMQiPsaIBkFfGZDzhaQBUYgbKuJwzhcGNiCEDkhZWg2aFgYx9CaBbQoLGySymvBBLSvpgUEfFBAQ&s=e54bf44047420105dd85b2fb4a724281e90e0516b93e9af6278cd334fc30cfe41675269588 HTTP/1.1
Host: r-us.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
vary: *
pragma: no-cache
expires: 0
x-api-version: 2
location: https://go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&sourceId=4248917&p2=898897&p1=NO&p3=
x-request-id: 3b19c32b83a3bff3
set-cookie: ts_uid=d41d8cd98f00b204e9800998ecf8427e; expires=Tue, 01 Aug 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=313048:2237372:23468:4248917:32041; expires=Wed, 01 Mar 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-2J7D3QW2PX>m=2oe1u0&_p=215975930&cid=619687007.1675269610&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675269610&sct=1&seg=0&dl=http%3A%2F%2Frixon.ml%2F&dt=WDH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-2J7D3QW2PX>m=2oe1u0&_p=215975930&cid=619687007.1675269610&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675269610&sct=1&seg=0&dl=http%3A%2F%2Frixon.ml%2F&dt=WDH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-2J7D3QW2PX>m=2oe1u0&_p=215975930&cid=619687007.1675269610&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675269610&sct=1&seg=0&dl=http%3A%2F%2Frixon.ml%2F&dt=WDH&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rixon.ml
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: http://rixon.ml
date: Wed, 01 Feb 2023 16:39:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&sref=TRM&TRM=dL_433774.470427&affiliateId=1&pid=86525768&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&sref=TRM&TRM=dL_433774.470427&affiliateId=1&pid=86525768&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&sref=TRM&TRM=dL_433774.470427&affiliateId=1&pid=86525768&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: __ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; uniattr=ST.0.T; uniattr_ref="http://rixon.ml/"; affiliateId=1; B-TAG=320665405_2F716B76543F430D9E6B3655D6F58253; BID=37950; PID=92628443; REFERER=http%3A%2F%2Frixon.ml%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_2F716B76543F430D9E6B3655D6F58253%26sref%3DTRM%26TRM%3DdL_457457.517775%26affiliateId%3D1%26pid%3D92628443%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&sref=TRM&TRM=dL_433774.470427&affiliateId=1&pid=86525768&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86525768-37950
set-cookie: JSESSIONID=node0ckb1jx8s0np4aj8chxc5x2a9919589.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="http://rixon.ml/"; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_6D4D23E11E36496188DB1222CF2EDDFD; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=86525768; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=http%3A%2F%2Frixon.ml%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_6D4D23E11E36496188DB1222CF2EDDFD%26sref%3DTRM%26TRM%3DdL_433774.470427%26affiliateId%3D1%26pid%3D86525768%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
referer: http://rixon.ml/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 01 Feb 2023 16:39:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A92628443-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A92628443-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_2F716B76543F430D9E6B3655D6F58253&sref=TRM&TRM=dL_457457.517775&affiliateId=1&pid=92628443&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A92628443-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: __ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; uniattr=ST.0.T; uniattr_ref="http://rixon.ml/"; affiliateId=1; B-TAG=320665405_2F716B76543F430D9E6B3655D6F58253; BID=37950; PID=92628443; REFERER=http%3A%2F%2Frixon.ml%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_2F716B76543F430D9E6B3655D6F58253%26sref%3DTRM%26TRM%3DdL_457457.517775%26affiliateId%3D1%26pid%3D92628443%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:92628443-37950&btag=320665405_2F716B76543F430D9E6B3655D6F58253&bid=37950&campaignId=2799402&pid=92628443
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 01 Feb 2023 16:39:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: __ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; uniattr=ST.0.T; uniattr_ref="http://rixon.ml/"; affiliateId=1; B-TAG=320665405_2F716B76543F430D9E6B3655D6F58253; BID=37950; PID=92628443; REFERER=http%3A%2F%2Frixon.ml%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_2F716B76543F430D9E6B3655D6F58253%26sref%3DTRM%26TRM%3DdL_457457.517775%26affiliateId%3D1%26pid%3D92628443%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86536170-37950
set-cookie: JSESSIONID=node0jyg36bzbgip5rphi8v6tsl4k920374.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="http://rixon.ml/"; Path=/; Domain=.unibet.nu; Expires=Fri, 31-Jan-2025 16:39:48 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_4F03CE830604485E9E0E444E5686127E; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=86536170; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=http%3A%2F%2Frixon.ml%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_4F03CE830604485E9E0E444E5686127E%26sref%3DTRM%26TRM%3DdL_433774.470760%26affiliateId%3D1%26pid%3D86536170%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
referer: http://rixon.ml/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 01 Feb 2023 16:39:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=J0MXhxqdId2v6ArEAQYU4TaTJvLQE4KLy1s2GQpHiW9UQbRBguR71Zbzm2xzbDHnuNoDuiBngp9ygDWwN4DTPbQWPvKCjZgsztfL--XjvQ913SVdDuyYii8ABrJlnq2Y1383cKx1zeX85_wTuhD1A8HFIPtYuH4QHhZPIbClYuKXXcaqXbXhEzKZG3yeUTMlXGXiSjMbmU4DCS5MoI4-8broEe-9wAZOrvGEaDxSWB8am79dNLdjwlAOd1zLhTUfiNIF7MFdDaUmhq-f3vfSdPWwZIbQBo1tpes44zsnUKVXoIEk-Gc3xprbaJ5evJj7WQQ2ZURxzfmnQoIUVAcSo4yWb5ORokTMahmKN0agXcRJyt4heexYDmHCJSd2LrGJDn6yADrtwR04zUNPvaSnC9HEKdBDZAwGy3e34BVU_FW29twVpUfJey1dAYVk-m9IJfnIHxCfG8YOEJ1tkhTbQdZTeZkNvcJ0e5OIUvyS0QVb4cWVrEZlHOMHs98qmj_1xskEFijor_RLFmmQRW_32ch8lAieLRBIz2ARan_cacv8J2QXI1lTUnlUeUUx9vXWGzfm0YqZmSfLKLHdRy6R-oNzndo0FU8ZIKFw3u1IbegydC7A4P2MRX3Q704L0DW6MLJhI2VVMLxfbMx-OstfUwez4RCBf65o1WlQGqSdJwMZ0JsvWpPStqmrHGF6Wkls4YedCTZevBhUBOn_enrCQ_BEJbZIVN4r
X-Request-Id: 8939cedf6846df57
Set-Cookie: ts_uid=5a45cb05-1623-4d48-a9dc-319444ec4992; expires=Tue, 01 Aug 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.adflyer.media/redirect?feed=466229&auth=H7UXus
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=466229&auth=H7UXus
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=466229&auth=H7UXus HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466229
Pragma: no-cache
tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475884 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:48 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=9dHBw8ylQE4I7DdAePmXQ08iG2aJyLc3oDyETieiiK_tYdkxkg7FiF-lSZl67Fwx3bMrmg9SsefwLVStDEhTt0zZ5w7CU2_CChDqfn_8VlBSEkZpDt2ik2cZuDUeWZCaFF2mcKdnkAPyyZSi1c3wD9pD_AR5RRNj2t67YF6djT5JVTRCXqrobjNie5EjJPdp3C30r_JVpdEl1GrNn7AyFwIMxOD8U56lYSjZdJDgwkdG6thM1fchr5JrPrLHT27_b2lI0VKjM6vmWwFytiYPdlR3FFEoefK70u9_FsyQiwFda-FJ4xFdXQZ8d-ZHlR_iNBFqH85FUHup3TBoAU8cG4uGYrA9IH-efqKXGw9xox2EMyfpXRENhE3yfKSIh46fpAU12EG6erUM0cMiaj7WT8-j2QNJeAwWcvr_idGU-AcZOvSkgDekuBwFzYB4XIrAdufbAfa49lMorh62NDTwEiL-XJBFXLkCU7x1WcLilsOHA_ul0U3dkf0BIqtFBXUYd-1j5JiWxEE3oL7rNw_mzVFubc1JxL9KeVRuEBCe2j9Lv_02bTSm4C4XWxyd73vGP93u_wsuLK9U055PPEOdJN2VppHdz73YwExqkBVjs-yB0SZfHsCusNXvV7SBejPZdJ-Cj1HUcFXwlTz2kLzqXlf_WWLjZrC7CHJtYla0DAns9pXlH9kzIwDkYbxCV3jFB9nFnoUhbShSiyrCUKsNz6-DA1TiV2n_
X-Request-Id: acd84568c152db98
Set-Cookie: ts_uid=48b60768-0b27-4b44-aca7-02d8671c01d2; expires=Tue, 01 Aug 2023 16:39:48 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=464209&auth=59BEQe HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://feed.us.adrunnr.com/12/?id=0ab8c2b2-a24f-11ed-ad54-577dc8418891
Pragma: no-cache
xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498003&auth=ZmYisy HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true
Pragma: no-cache
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86536170-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86536170-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_4F03CE830604485E9E0E444E5686127E&sref=TRM&TRM=dL_433774.470760&affiliateId=1&pid=86536170&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86536170-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: __ucbt=node0gow5nn4x1gcf1g9u209h3ofxi; uniattr=ST.0.T; uniattr_ref="http://rixon.ml/"; affiliateId=1; B-TAG=320665405_4F03CE830604485E9E0E444E5686127E; BID=37950; PID=86536170; REFERER=http%3A%2F%2Frixon.ml%2F; clientId=polopoly_desktop; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_4F03CE830604485E9E0E444E5686127E%26sref%3DTRM%26TRM%3DdL_433774.470760%26affiliateId%3D1%26pid%3D86536170%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:48 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86536170-37950&btag=320665405_4F03CE830604485E9E0E444E5686127E&bid=37950&campaignId=2799402&pid=86536170
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 01 Feb 2023 16:39:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
free-btc.org/?ref=adBTC
172.67.171.68302 Found 7 B IP 172.67.171.68:0
Hash 212b0306580d4f0044d18f9a3edcc832
f7e24306686cc19ef771a2b548bf72cc2c09cf20
538d6440534fa5f615e8a26932792a82a2e4a33a97886e2d815eab8fc216d415
GET /?ref=adBTC HTTP/1.1
Host: free-btc.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:48 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=f1f741c74ddd14b21b11c9045d9a4f04; path=/
ref=adBTC; expires=Fri, 03-Mar-2023 16:39:48 GMT; Max-Age=2592000
location: /
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfpZK%2BACqsMDyZVqCL1r0tu7B82SJ770Isz4EnJnhov0lcPc1h6T6HtlnZagqYSthqmdajo9lobKGxO%2BTVKBOaE0cjn66aW1wWIWfWz0cC6Lu5%2B%2FZ%2FDpZiB4tai8S7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20090b6f0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=464209&auth=59BEQe
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=464209&auth=59BEQe HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=qPuoffxV8w4_0&s=451000_464209
Pragma: no-cache
xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=444916&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444916&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=444916&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465930&auth=ztnrA6 HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://p.jwalf.com/ad/ad?p=198473&w=646286&d=229dd153ac5b5e5561f0-1643366430646286&s=358369.500268
Pragma: no-cache
xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415140&auth=6OUXF6 HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=TXiPq4fgmdA_0&s=470760_415140
Pragma: no-cache
xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415141&auth=nh76Hz HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=j0I3em-qsgg_0&s=470760_415141
Pragma: no-cache
xml.adflyer.media/redirect?feed=466229&auth=H7UXus
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=466229&auth=H7UXus
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=466229&auth=H7UXus HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466229
Pragma: no-cache
xml.zaimads.com/redirect?feed=475885&auth=wpRMce
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=475885&auth=wpRMce
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=475885&auth=wpRMce HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
Pragma: no-cache
xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415140&auth=6OUXF6
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415140&auth=6OUXF6 HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
e1.o.lencr.org/
23.36.77.32200 OK 9.9 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ce7e62d223dc526a42673756d81af513
4368a8640ca90ae1320396bf1a3af8a4d7f9c3c3
bf33519ceb47f8518bd6a063ba207fa366294a63f0d0a4d5af8ccd6a45c69161
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "461BB913405B679DA80B6DA70BA4C340BFABEE2CE1A8A7DD7E06BFC72DCCF3B1"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3650
Expires: Wed, 01 Feb 2023 17:40:39 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 152 kB IP 93.184.220.29:0
Size 152 kB (151513 bytes)
Hash a006cffc24848a1b594b9fc3bca44f46
53f7090456ff0451afed6d7f15890c0020354a39
809008432930907aa781e228dbf7f2822192e31db9797a91e66da08c5fbb74b5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5600
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:49 GMT
Last-Modified: Wed, 01 Feb 2023 15:06:30 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
198.134.116.16302 Found 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498002&auth=4QVAPl HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://dailybulletinz.com/
Pragma: no-cache
xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470362&auth=rqwsKo HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
Pragma: no-cache
xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=444917&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
resources.infolinks.com/js/infolinks_main.js
172.66.41.9200 OK 2.6 kB URL HTTP/2 resources.infolinks.com/js/infolinks_main.js
IP 172.66.41.9:0
Hash 89436fc072843659ca8df114797e22d5
aadc38d2990ada57b7e344efbfe74029e3bf8940
e8848949ccc327bb06bf81ef754de79cdec1028af02b0590a70fc0779374bd6a
GET /js/infolinks_main.js HTTP/1.1
Host: resources.infolinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:48 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 14:55:07 GMT
etag: W/"dcb-5f3a4a251e392"
cache-control: max-age=3600
expires: Wed, 01 Feb 2023 15:55:15 GMT
via: 1.1 google
cf-cache-status: HIT
age: 6273
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2011c8770b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 2.5 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13d69cc958b3ce38133c01e88b7efcd5
41532c7041a5212e8959f7da8849af2f1a689525
c5aa6107b564f79b3e0b2c3286f417e7f58bb61bde574c75059b34890931210c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9F22AAFEB7E46D6FFE719896C57AFED486A59AB553A9AD3B63EAE392434789C9"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16115
Expires: Wed, 01 Feb 2023 21:08:24 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5c135ee1cae135f1b604ab8ace3973a
abb0e6e3485e819260ea2e3e4e4dace8344bce1b
8e4467361167e62a957444c9915a04c1fa50c0e98ff200515885897a6b467b9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E4467361167E62A957444C9915A04C1FA50C0E98FF200515885897A6B467B9F"
Last-Modified: Tue, 31 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4995
Expires: Wed, 01 Feb 2023 18:03:04 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=ShxIKoc32Fxmnzgijdq_cPtS1s8V-Rxsx53Yar6-3cInXjOOjWr9PP4edrVlcMfB7HMkFU-i1zI-u4ETKER3hXfJNoRcYM9HmDBjbJuueBaZXteOLizBZfyUgTX1G9Cho0oB867e1s26b8rjITxcckf7hws_we_UifOtLNLOdbymHcoK4ijWhp6OoPML3CcD50i6RIpwfTthmUUKojoPXjGpRj2Gr-I5-o909GTzx92SQ4ipeBIaFgohR82IWYSHJuU0v2UG04CNMcc0k0Ze8q4Wz71RNpXK_gmF-kWPmt5dNcDmjcfPaRjZZLCO1R6HgRbaKdo0PXVJBkXmJG7TvbzKm5eaPgZukusyXJkNp1iW-fJSt8LT_nIQGEUGuuQDh1yQqXdtQDVH8SswUwsYuAXyhYDZsBmLDv83wXLpWRtKPPvSoJ06v0j7NRRORRWa_RG-zA_WykM_6_Rc-yL0q3_CGHPs0TzolgUMAgth9IAAbtc0DVfOqCsLXo59fDuaF1AaYeKAMrTVxmnO6tedXLm676Mha3k2rTUY-E65-VBiQmSH0cpevIyUMz5bFY876xF9TNaKATZPgNJCfPDsBDLdRhO3vYF7yWRPG411Zhf5k5rww8K2FrdnE6LmX-D07J2W7bRmAdo6Ztf4Do6c0R1c_lqrwB8PSL0ABPFzzZltDObOPWGw0kw2N84XFSU-evMpjovd2KDGwUhXqB2Qd6Y3dnaFJhew
X-Request-Id: 0abf2cc2ed1529b8
Set-Cookie: ts_uid=a19f21c7-0c66-4746-9b0a-65daa114349c; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
linkslot.ru/img/buyb.png
172.67.215.189200 OK 2.6 kB IP 172.67.215.189:0
File type PNG image data, 127 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 6623622f5954708d814fc46180f75b9f
7bd68ddbb91875e815e73fa937efc259e56fad47
5e9b14e8db47eb55c01f3982d1e63061c9ac23ecae71d5313e08169e9cfcce29
GET /img/buyb.png HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/png
content-length: 2585
last-modified: Fri, 29 May 2015 20:03:43 GMT
etag: "5568c61f-a19"
cache-control: max-age=14400
cf-cache-status: HIT
age: 25791941
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cwzUlebFvSr1pvFft6lmYrPx9gw15Qs4y%2BOxxR4PMGHEz9ge%2FztpOtNSI3heHVrwryTExkSkoEqWvGilSLsV3pavoTnBT5RrWCov5RGhweaqvQmtqaj0WnFSsHzy%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2013dc110afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
coinzillatag.com/lib/display.js
172.67.206.14200 OK 24 kB URL HTTP/2 coinzillatag.com/lib/display.js
IP 172.67.206.14:0
File type ASCII text, with very long lines (23577), with CRLF line terminators
Hash ea1a468b51e700531aa41a8f2534de8f
e6f453928319f83f2b1424dce26b08404fcaa836
38ee9f5193014eadc5efd4d96dcc7cb2cb4df0e929c3ecac53876d6e89f9fed1
GET /lib/display.js HTTP/1.1
Host: coinzillatag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 10:25:20 GMT
etag: W/"226e-5f2ebd0f4dea4-gzip"
cache-control: public, max-age=604800
expires: Wed, 01 Mar 2023 10:25:16 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 195245
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEb89tZnq9God7EDgGHaIJJh36974FqRTB4UwOtlLd9x2AiwO%2Bu%2BpQlHweqDdak2eWcmkRbn5LnvKSvjEpuKdsuF1fqP2UJvm3bY7LkcBogasiDShRcdyaGbYnd4hoazMSUd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20139c83fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471426 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
X-Request-Id: e2fe26ea18406d88
Set-Cookie: ts_uid=c26c67b0-300d-45d6-9988-ee78e8c3fbfe; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZMmbcUCijCwsRYwpuieFQRBmJMWzcqDGjRo0cOHJ06aMg; expires=Thu, 02 Feb 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
ts_direct_tag=313048:2237372:23468:4234807:38697; expires=Wed, 01 Mar 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fdc5f7f03550b494626965501de6effd
a5cdcdeec7173a44bcc213f338b3fed2789abcb3
78bfabcf417a8a70f9dd3bb6f21e69c3cd79426d5e1ae4f8cc4a0d02bbdcd245
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78BFABCF417A8A70F9DD3BB6F21E69C3CD79426D5E1AE4F8CC4A0D02BBDCD245"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14783
Expires: Wed, 01 Feb 2023 20:46:12 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=VEm9VnBbiek_0&s=459305_498003
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=VEm9VnBbiek_0&s=459305_498003
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=VEm9VnBbiek_0&s=459305_498003 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_459305_498003
xml.admidainsight.com/redirect?feed=464210&auth=GnyWj2
173.239.53.18200 OK 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=464210&auth=GnyWj2
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=464210&auth=GnyWj2 HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471451&auth=5aCfHU HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=laO-Qf4Zl0Y&campaignid=934057&siteid=430875.511059&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
Pragma: no-cache
tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=sPi1CdP9xpAKfXXblAgZca_HAO55kQ3cKQ9rV3EEeFUOvMMtf8EiBeY1uQLPkHYcppVQcgJZJlTF5pG-sP3nIhiwccjXUekXcvncgWaxiAbZNtv_j1mTPKI1RNZ-pcRKlCsMAjkOjqTO2ESozsxV-7YtZAyh3RP-TSjFLpg2bCgwxpq95_OiWFabwVWS_iOsQ074l7cl8gr9TRBtdnCKFTwu64JGGbepin1Ll16CDtMJMx5Xy26y1xJ1aktONdHGB-cwObmisYFffDLwxEHXNb8ezBljPSBo8QifHrvv3H74UlXyeONfgdcj0HoiZQkqfC9Zu1RB5bZgs6euMTqn1jeWFSr8uqpsy3NDg_rCg_UdbYMR9DYeASDjww8VgVcVLneMlWl3ef5qO4BzijUtAyYQrP0GLSetWr1zkHiPxnVoDV_030jrOwKs4mQwpL90sCvczxJrgmMEEMjeh2F1OHVUj4QkgtN-Y8cZUDWe7BPxRRbqMjJJYmfC3W6mEEF6-LquD4uj4335ANWqsMLf2QYVtnpDDLX89iaL6H-FM6EJkS_DQ8gHQ6VUWK8jDpFMrVVQqvW83DrIsBJydv_yLbEVlDm8t-YbZQxp7Zybxh2SDvyyxuPW_B7nzaL5lv1jppXUQLaCGjM85-VCkxdhIAh7IraWWL-Cq0izut4-csD0WJvBc47tb1W9YUiEiSk_JMH7fVRec-dIiJ7uCO771PSq7CxmWTal
X-Request-Id: b7ff8d9edc8bf41e
Set-Cookie: ts_uid=e7c443da-d2d5-4086-951e-3dde9a41abc5; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZmR3hNB1XB8_0&s=470760_444917
51.161.115.163302 Found 32 kB URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZmR3hNB1XB8_0&s=470760_444917
IP 51.161.115.163:0
Hash 44a69800d9eefc2668c52bb59f6705df
4d4302243eb8c3c27c465c8d8107fed91c58ff77
3b54611eb74bba0fe5e5a3e0ed43d83f3ad44f7a6f8f918d4e06a782c99cfaa2
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZmR3hNB1XB8_0&s=470760_444917 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_444917
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 8c58b4605f69f0696f0ce526895aa840
e98344d0c586015876b6b8235aecebb745151a70
a14fc3b65d0e0bae2643b5270844eaae645f4663c68c8af1b1ee2899f1a4613f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 06:28:17 GMT
Expires: Wed, 08 Feb 2023 06:28:16 GMT
Etag: "e98344d0c586015876b6b8235aecebb745151a70"
Cache-Control: max-age=567506,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792c2013bd6db51e-OSL
xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471451&auth=5aCfHU
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471451&auth=5aCfHU HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=-3MLQUlj9p0_0&s=391163_471451
Pragma: no-cache
xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=500770&auth=fclUlL HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://cngcpy.com/cuhdl?wh=MhDtUFf_qNAcFFuyiGiSolka
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ccc87ca5ebdf2f6849178be1fd1fe18b
4a44a6f1b1543bca932f4f0389f8e189cd8ec305
6fc3e1fcdafca5bb4174ced4cd32fe20ef9f867fc7542460497c555141e7b792
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FC3E1FCDAFCA5BB4174CED4CD32FE20EF9F867FC7542460497C555141E7B792"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3018
Expires: Wed, 01 Feb 2023 17:30:07 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=470362&auth=rqwsKo
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470362&auth=rqwsKo HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4423ba0d1e085020d8c772a1c5e7367a
e33d3aa06950b0f8c7c54e31e762e9e581165fba
8a6c9f004cd85e8bf016251fb3931d64093a5b699787f01d09ecd8edeb769ee2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A6C9F004CD85E8BF016251FB3931D64093A5B699787F01D09ECD8EDEB769EE2"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6754
Expires: Wed, 01 Feb 2023 18:32:23 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
xml.admidainsight.com/redirect?feed=464210&auth=GnyWj2
173.239.53.18200 OK 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=464210&auth=GnyWj2
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=464210&auth=GnyWj2 HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
198.134.116.18302 Found 1.1 kB URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d915fd4817fd1f8a1d4ddf67c3707a3b
a25d0984d3ab2cd0c8ff76e9452e8e2dc107174b
26b2712a8c0ea66c913132063b9f653a7144a1c0c751100afa1d00aca8350891
GET /redirect?feed=471425&auth=d7gllh HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471425
Pragma: no-cache
xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
198.134.116.18302 Found 770 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=471425&auth=d7gllh
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash a926b977fe486310b5076a17e4dc02ff
e791a9c34d28d563e129f362e1d68199c5df09f7
7998ab2fcc92de13da52ddfd991f1278f6f10a57157ce08272278e8465c7ce8f
GET /redirect?feed=471425&auth=d7gllh HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471425
Pragma: no-cache
tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/e7067c4584364aee9ca620c1c715da9a?extID=475885 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=ir6MvvKWlZLlVZhVLRus0YiIvMlXZedHZASlw5I1u-ewRTq1QGlhDYyegStMrQofv8aEj0ubbkQJweNwmH07QSK0kMQv1K1cQPILtoQzUQTSlqw_omvzKXAyQosCo-xXkBuYI7ZUi1EcXtJZTDTM4ByNNrMiq7ipOXppJ6XqMNUrRlsqO0XmnPT98b3Gmwnd_EAbbrjJnE8ZnAu_0roSbWRKqZxW6yFBlgBFJkHenncVQwwtar01AB2QKP9frTtG5w1kSCgej9Y5OdzppSwINw_gEd92gyjvjsrNy7A4eobuWyY5ltinnGkBSiZQ09J3e93tpElk8eCV-8HRE4JmjGrGumZ3EIn6QW8BlMEYpO16Mb5lv8oLcEM3yz4NiSDGUFat6awY_W896tOw4ZfhjYgULUwTihJkZQNYkCFxMun7861W9gnu2zfH1KONI0eumoheoswIM596dZmchFobZW8yd7UUD4oWJigoUoGHxZYPvdS3vGWwCnUPExgX0SnE8QF28rsuCrAPVsyWGNAVI3p-NrWfNg6gjmzHanJNfBRDA3Y9ycwn5UyMj_hFUJ_AqEg2G0YA-rSQUt2Bdx6PPvfzU5smmo0Ljgn9pY31VxJEtmmZF95CqP88JjmDp1Rq_3YRsADtCwqXIsM9-lxP7mGFnMFEoF0jL3aJ-puDPpRVsaGNKDS6fJjSBc83h-X8qER1OGNx22Lezv2dkLIV1lP-QdOLHiWK9RN1B1q1MBqug9bVzS93iwQa7jo
X-Request-Id: 2ce2492d73436867
Set-Cookie: ts_uid=0d2606a0-8a90-4eb6-bd43-920557a93a00; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 5cd0d97af63198a6c74f5df1efe7ae4d
017408d2b47f7c8cf4dde0f5b2ec5476bd426b8c
d3df354820920364be2794614360231e01b1e9674b8abb88174411c634ecdab7
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 20:23:13 GMT
Expires: Tue, 07 Feb 2023 20:23:12 GMT
Etag: "017408d2b47f7c8cf4dde0f5b2ec5476bd426b8c"
Cache-Control: max-age=600902,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1151
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792c2015aeebb511-OSL
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=TXiPq4fgmdA_0&s=470760_415140
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=TXiPq4fgmdA_0&s=470760_415140
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=TXiPq4fgmdA_0&s=470760_415140 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415140
xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415141&auth=nh76Hz HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
linkslot.ru/bancode.php?id=346655
172.67.215.189200 OK 5.3 kB URL HTTP/2 linkslot.ru/bancode.php?id=346655
IP 172.67.215.189:0
File type HTML document, ISO-8859 text, with very long lines (3020)
Hash e596c515a565f1e29f72911cc957f3f9
d496acbd4769b5b47d4d1d91a00c3686a0612f74
957c326944ba389b81a7b162a4cf9989269bcda621a4f73fba6b7288c60d603b
GET /bancode.php?id=346655 HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=windows-1251
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sBrTy949pyw8fHS6QBSpijWpX8yjuHrHfarTDM7QfmGmqTOW6Q7wmPXjuEiL1oevvuXN96N4l6KWCEDo4kiUKkBgHcViOwmHbgftBAScZA5IpjW0yvGWD8xjavjcRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20137b8f0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466229
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466229
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466229 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=cvY7l6OUgQSLgif3t1nuy44t7s5z3KYshSgM2pBuGTkOQqNKyAQ2dcYluNoHzhI6iQgEcX26P_16LtAFW8c1-Iv1sTHMWHKsiwiAmW0DTtHBvOz8k0XAx6t3L2sXD5JZdk-paMR4_mIMypltbcJFvMsVFdJIUbHyXmqDGiTL4vlBeSxmQNFijWTFYL-zutbLqaa4OTTzD27E73VcKVu2t1lSGAWsd1JEqtVKIwCJxrilD0Lm6AJJ2ExNDIkrGcQqCVb8CfhSKgb1EMQ1q-n4qfUhaDGfBE0ouwX7L-3mHqikGd-X8ekhs0iQoUF5WldOTqQfUr_bMixiKIX6bz0lXQcfojSulwg3zCOAibBPjHroUW39foCqJkFYrvbw22lvn65NWAAB4a6HMZEU7GsmxSM4e3hontu-Z0nQQp8k8dj0ANUQJaU3Jxz7wA4hSd9ddKfBd3cfY3RUL0yv1IWxt-poJXRecnadLpjBNmHOMlJtVAz981IH5dqDW-tPtezb4c6DyToUZ301zkbkZGiEmRkKwsk7RXkSn8eR_xP8PFIBASclnheWDeKO_WKHcFmjZbeZ9O-PhjWi8MwP5Pf3043-vajENoH9OJboNFaJd_K4jcnAboYyuR5dk7rr-HqNSoKsiSDJH1bFcG5_ZhQSyTe0G2IjM6NVUAPQwf_1qanl3uZMtrENYZ1Gr5-TdQ5OGy8J-Xye0hM1WU9_wsKIjmFa2CVPqnpkjITMTm9DuVKpc_A4HjqCAhlw8r--WBhW
X-Request-Id: e4adab6aae403863
Set-Cookie: ts_uid=0436957b-b11d-4613-a872-1ca34319a744; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498002&auth=4QVAPl
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498002&auth=4QVAPl HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
dailybulletinz.com/
104.21.20.56301 Moved Permanently 162 B IP 104.21.20.56:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://dailybulletinz.com/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bbfi1CPuruNPim0UmwVu2f5cezF8umn72tFoU1liP1e8WuyIe1yP2VA9%2FUuIyQN3N727fYiP8ULIxZO3XPlX6GP5m7mkAbu6ctA6yDzFDAecfrtKjJEcHqi1ohie1diBm%2FRq7%2Bk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 792c20156d5e1c12-OSL
alt-svc: h2=":443"; ma=60
track.trackingtraffo.com/pop/imp?auth=d12jux&c=gn5oGqENIrOD8iataulPIBBydgKLKkLO4l6LqwSAU6dpZY2TQhvEJOgUFmqUNWjkSWVsjsMgqDCo_Ov6moktPYbGci-6MrYQ6R2xUy4livzfBgdBVEh88tMN4uEf_VyejMUs6RRlX5sikoiAqmO8YHelh8_NfqMsAcpg75wNWI2G-oPa9nnzYQVhUEh_hTaiAtDunzaRS8gRtcPxGT7rGWdTwDWiaEtM0JDlDbOPTEbOod_Xa-MgFpc2PakXQMLPHUXRwB9I5mXHUBBK1q3iQkcgTqRcke7JGXo24-8qxMdy2cHzjAG8wmmYXS-q5KcOWuyA4DjLjVTIx7J66ZoXt4WKYBX1sfa2fTpO8nl1-9-HnTMEFBSeaW3W_PrYHc7LV16rtoY2_5-kMcI6hNHDWNA40oxyjlJsjxtWTGqmGrHPH2F0fzinOW7_B0CKzMNXL1DTNkduUGSkq8Nm9KKOqBbNZMDpiaH4OrUWIePyp79ZwANbRC_RNGbfvPhZH3N2m12ys04liAXqWMPu04RvZ3zKjGNKjuK6GwSUKmje7JWJAqXkirh3B96veVrzExnu50qWlaPFYMDhI9jY6oFfeLIoquisZP50-xU4Ky8m_igdwC8PI7YLrenrLN-yJogngmclUkloi0ARftWf4mE19lKywNKIQaK2ghF_WydZcOSD-2bU8WmeT-NsS_8Aws_jTgTdZuh3lQiuXcdrf6fEKMdgHASRvcSV
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=gn5oGqENIrOD8iataulPIBBydgKLKkLO4l6LqwSAU6dpZY2TQhvEJOgUFmqUNWjkSWVsjsMgqDCo_Ov6moktPYbGci-6MrYQ6R2xUy4livzfBgdBVEh88tMN4uEf_VyejMUs6RRlX5sikoiAqmO8YHelh8_NfqMsAcpg75wNWI2G-oPa9nnzYQVhUEh_hTaiAtDunzaRS8gRtcPxGT7rGWdTwDWiaEtM0JDlDbOPTEbOod_Xa-MgFpc2PakXQMLPHUXRwB9I5mXHUBBK1q3iQkcgTqRcke7JGXo24-8qxMdy2cHzjAG8wmmYXS-q5KcOWuyA4DjLjVTIx7J66ZoXt4WKYBX1sfa2fTpO8nl1-9-HnTMEFBSeaW3W_PrYHc7LV16rtoY2_5-kMcI6hNHDWNA40oxyjlJsjxtWTGqmGrHPH2F0fzinOW7_B0CKzMNXL1DTNkduUGSkq8Nm9KKOqBbNZMDpiaH4OrUWIePyp79ZwANbRC_RNGbfvPhZH3N2m12ys04liAXqWMPu04RvZ3zKjGNKjuK6GwSUKmje7JWJAqXkirh3B96veVrzExnu50qWlaPFYMDhI9jY6oFfeLIoquisZP50-xU4Ky8m_igdwC8PI7YLrenrLN-yJogngmclUkloi0ARftWf4mE19lKywNKIQaK2ghF_WydZcOSD-2bU8WmeT-NsS_8Aws_jTgTdZuh3lQiuXcdrf6fEKMdgHASRvcSV
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=gn5oGqENIrOD8iataulPIBBydgKLKkLO4l6LqwSAU6dpZY2TQhvEJOgUFmqUNWjkSWVsjsMgqDCo_Ov6moktPYbGci-6MrYQ6R2xUy4livzfBgdBVEh88tMN4uEf_VyejMUs6RRlX5sikoiAqmO8YHelh8_NfqMsAcpg75wNWI2G-oPa9nnzYQVhUEh_hTaiAtDunzaRS8gRtcPxGT7rGWdTwDWiaEtM0JDlDbOPTEbOod_Xa-MgFpc2PakXQMLPHUXRwB9I5mXHUBBK1q3iQkcgTqRcke7JGXo24-8qxMdy2cHzjAG8wmmYXS-q5KcOWuyA4DjLjVTIx7J66ZoXt4WKYBX1sfa2fTpO8nl1-9-HnTMEFBSeaW3W_PrYHc7LV16rtoY2_5-kMcI6hNHDWNA40oxyjlJsjxtWTGqmGrHPH2F0fzinOW7_B0CKzMNXL1DTNkduUGSkq8Nm9KKOqBbNZMDpiaH4OrUWIePyp79ZwANbRC_RNGbfvPhZH3N2m12ys04liAXqWMPu04RvZ3zKjGNKjuK6GwSUKmje7JWJAqXkirh3B96veVrzExnu50qWlaPFYMDhI9jY6oFfeLIoquisZP50-xU4Ky8m_igdwC8PI7YLrenrLN-yJogngmclUkloi0ARftWf4mE19lKywNKIQaK2ghF_WydZcOSD-2bU8WmeT-NsS_8Aws_jTgTdZuh3lQiuXcdrf6fEKMdgHASRvcSV HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=14a85337-f98d-49f1-9580-e72e314e964d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=415141&auth=nh76Hz
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415141&auth=nh76Hz HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U*sgh6KDYuc_0&s=470760_415140
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U*sgh6KDYuc_0&s=470760_415140
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U*sgh6KDYuc_0&s=470760_415140 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415140
xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.hueadsxml.com/redirect?feed=498003&auth=ZmYisy
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=498003&auth=ZmYisy HTTP/1.1
Host: xml.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
p.jwalf.com/ad/ad?p=198473&w=646286&d=229dd153ac5b5e5561f0-1643366430646286&s=358369.500268
54.205.43.136303 See Other 0 B URL HTTP/1.1 p.jwalf.com/ad/ad?p=198473&w=646286&d=229dd153ac5b5e5561f0-1643366430646286&s=358369.500268
IP 54.205.43.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=198473&w=646286&d=229dd153ac5b5e5561f0-1643366430646286&s=358369.500268 HTTP/1.1
Host: p.jwalf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Wed, 01 Feb 2023 16:39:49 GMT
Location: https://t.irtyd.com/hlprk5afnk?url_id=18234&aff_id=82044&offer_id=779&bo=2779,2778,2777,2776,2775&po=6533&model=NiceHotJob
Referrer-Policy: no-referrer
Server: nginx
Content-Length: 0
Connection: keep-alive
sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
173.239.53.18302 Found 0 B URL HTTP/1.1 sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467932&auth=YyhXqX HTTP/1.1
Host: sub.adzgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://eastfeukufu.xyz/redirect?tid=926093&subid=435706.469740
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=j0I3em-qsgg_0&s=470760_415141
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=j0I3em-qsgg_0&s=470760_415141
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=j0I3em-qsgg_0&s=470760_415141 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415141
xml.adflyer.media/redirect?feed=466228&auth=j0AZcQ
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=466228&auth=j0AZcQ
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=466228&auth=j0AZcQ HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466228
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=bZxiRCCdDuo_0&s=470427_470362
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=bZxiRCCdDuo_0&s=470427_470362
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=bZxiRCCdDuo_0&s=470427_470362 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: wn
Location: https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=470427_470362&pub_clickid=63da95d5493b4e09fd062173
track.trackingtraffo.com/pop/imp?auth=d12jux&c=ShxIKoc32Fxmnzgijdq_cPtS1s8V-Rxsx53Yar6-3cInXjOOjWr9PP4edrVlcMfB7HMkFU-i1zI-u4ETKER3hXfJNoRcYM9HmDBjbJuueBaZXteOLizBZfyUgTX1G9Cho0oB867e1s26b8rjITxcckf7hws_we_UifOtLNLOdbymHcoK4ijWhp6OoPML3CcD50i6RIpwfTthmUUKojoPXjGpRj2Gr-I5-o909GTzx92SQ4ipeBIaFgohR82IWYSHJuU0v2UG04CNMcc0k0Ze8q4Wz71RNpXK_gmF-kWPmt5dNcDmjcfPaRjZZLCO1R6HgRbaKdo0PXVJBkXmJG7TvbzKm5eaPgZukusyXJkNp1iW-fJSt8LT_nIQGEUGuuQDh1yQqXdtQDVH8SswUwsYuAXyhYDZsBmLDv83wXLpWRtKPPvSoJ06v0j7NRRORRWa_RG-zA_WykM_6_Rc-yL0q3_CGHPs0TzolgUMAgth9IAAbtc0DVfOqCsLXo59fDuaF1AaYeKAMrTVxmnO6tedXLm676Mha3k2rTUY-E65-VBiQmSH0cpevIyUMz5bFY876xF9TNaKATZPgNJCfPDsBDLdRhO3vYF7yWRPG411Zhf5k5rww8K2FrdnE6LmX-D07J2W7bRmAdo6Ztf4Do6c0R1c_lqrwB8PSL0ABPFzzZltDObOPWGw0kw2N84XFSU-evMpjovd2KDGwUhXqB2Qd6Y3dnaFJhew
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=ShxIKoc32Fxmnzgijdq_cPtS1s8V-Rxsx53Yar6-3cInXjOOjWr9PP4edrVlcMfB7HMkFU-i1zI-u4ETKER3hXfJNoRcYM9HmDBjbJuueBaZXteOLizBZfyUgTX1G9Cho0oB867e1s26b8rjITxcckf7hws_we_UifOtLNLOdbymHcoK4ijWhp6OoPML3CcD50i6RIpwfTthmUUKojoPXjGpRj2Gr-I5-o909GTzx92SQ4ipeBIaFgohR82IWYSHJuU0v2UG04CNMcc0k0Ze8q4Wz71RNpXK_gmF-kWPmt5dNcDmjcfPaRjZZLCO1R6HgRbaKdo0PXVJBkXmJG7TvbzKm5eaPgZukusyXJkNp1iW-fJSt8LT_nIQGEUGuuQDh1yQqXdtQDVH8SswUwsYuAXyhYDZsBmLDv83wXLpWRtKPPvSoJ06v0j7NRRORRWa_RG-zA_WykM_6_Rc-yL0q3_CGHPs0TzolgUMAgth9IAAbtc0DVfOqCsLXo59fDuaF1AaYeKAMrTVxmnO6tedXLm676Mha3k2rTUY-E65-VBiQmSH0cpevIyUMz5bFY876xF9TNaKATZPgNJCfPDsBDLdRhO3vYF7yWRPG411Zhf5k5rww8K2FrdnE6LmX-D07J2W7bRmAdo6Ztf4Do6c0R1c_lqrwB8PSL0ABPFzzZltDObOPWGw0kw2N84XFSU-evMpjovd2KDGwUhXqB2Qd6Y3dnaFJhew
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=ShxIKoc32Fxmnzgijdq_cPtS1s8V-Rxsx53Yar6-3cInXjOOjWr9PP4edrVlcMfB7HMkFU-i1zI-u4ETKER3hXfJNoRcYM9HmDBjbJuueBaZXteOLizBZfyUgTX1G9Cho0oB867e1s26b8rjITxcckf7hws_we_UifOtLNLOdbymHcoK4ijWhp6OoPML3CcD50i6RIpwfTthmUUKojoPXjGpRj2Gr-I5-o909GTzx92SQ4ipeBIaFgohR82IWYSHJuU0v2UG04CNMcc0k0Ze8q4Wz71RNpXK_gmF-kWPmt5dNcDmjcfPaRjZZLCO1R6HgRbaKdo0PXVJBkXmJG7TvbzKm5eaPgZukusyXJkNp1iW-fJSt8LT_nIQGEUGuuQDh1yQqXdtQDVH8SswUwsYuAXyhYDZsBmLDv83wXLpWRtKPPvSoJ06v0j7NRRORRWa_RG-zA_WykM_6_Rc-yL0q3_CGHPs0TzolgUMAgth9IAAbtc0DVfOqCsLXo59fDuaF1AaYeKAMrTVxmnO6tedXLm676Mha3k2rTUY-E65-VBiQmSH0cpevIyUMz5bFY876xF9TNaKATZPgNJCfPDsBDLdRhO3vYF7yWRPG411Zhf5k5rww8K2FrdnE6LmX-D07J2W7bRmAdo6Ztf4Do6c0R1c_lqrwB8PSL0ABPFzzZltDObOPWGw0kw2N84XFSU-evMpjovd2KDGwUhXqB2Qd6Y3dnaFJhew HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=cfcde045-8729-4299-b381-2142be5d255d&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
198.134.116.16200 OK 0 B URL HTTP/1.1 xml.adkmbc.com/redirect?feed=444917&auth=S1DA5g
IP 198.134.116.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=444917&auth=S1DA5g HTTP/1.1
Host: xml.adkmbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=qPuoffxV8w4_0&s=451000_464209
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=qPuoffxV8w4_0&s=451000_464209
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=qPuoffxV8w4_0&s=451000_464209 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: wn
Location: https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=451000_464209&pub_clickid=63da95d5c912fe0a3172a7e7
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 167f1b2bc1e92749c4717787684f6dfa
54f31c6e69f13295f905b6e509d55f935ca8e31e
e1ba8d7292131cece7509b3ace59948a359eee8dd7fb9c92e3f3b4b95ea45f92
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E1BA8D7292131CECE7509B3ACE59948A359EEE8DD7FB9C92E3F3B4B95EA45F92"
Last-Modified: Mon, 30 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Wed, 01 Feb 2023 21:56:02 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/8nOuo8o94fQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8nOuo8o94fQ
IP 142.250.74.131:0
Hash 27210358b4b3052c21575f6d6b28b936
c9b6a5748eb5281383e61b4bfb7bbec65a0600e5
63d42fe3bc6b8702856cceb86f70cd09307fbf1a8844d62c2ed1b6651d22e013
POST /s/gts1p5/8nOuo8o94fQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=VpXUH2Ck4kBxFYWe72CpokW2JYDmknXPwruMghqfdKejLj3YsPCfzz0Gmc_ZVbrophQNI4rm60zJpDoF5oAUVZI8YQLCzlciRILc9RA6jaj1E_UgfBiO5a9wP19vqoRZseEPiLFq78Xa9BZFDVbsHBNrviC_QoWw1iD3igw4aXWwm4AwJy4kT7Fr9hqNAYtPM_wBIfhJptfs3Sz2VrZ8tkY-QM9JNsObML3CDcrc3ClJDUFfKcVMPuK3i53bg9FAkM_c-YPTNxQk4UrTp2jokvYcFoehbRerHUE_rxBsfvINyBWhgb97RNIr2kkIEO4h-UUSPAsSzHkpZ0uDg_IoXTi4KFNIL_wgDZrjvpvNy4wJYaSgTiNYe99x5dSL4vmGbHzOhR5jO0NAKMFUtD44Sb_EUryD2Z5IBUPpOlPEd_7GEC1SXTOrUwQUEE9roT4v2W9IN-Xps_3AO6EvqpNAzXtJ_pbeDHRysX8LhP0CsirRBjOzToIxbZKPtX0qp5wtpbQG4CViSiQdkqP9R0EHOIrnmEQ9TPSGpLaUICkREWrUvJCIIDKgPbOVECtV9M1HZNMw3-EPbqmUz412uCjBQhEqP5THj_Q2OHE-u9lAAr7-BElCV-87_RTzTseqSuD8y__w0vQ90NbH_aK2NvLT1s9ARJ29dgblUi-k8xFmitjATDHhgzUOnGchhfxVeq7sgoZMgNrmrNsIdjPeQT2qnSztKCe7WwNkvBBusCwinB4PKmfBL66SXpqvSZSFpV_D
X-Request-Id: ad13cbc56ae1fa52
Set-Cookie: ts_uid=fbe49aa1-07a1-4840-bcac-5e98bf5b4393; expires=Tue, 01 Aug 2023 16:39:49 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471449&auth=bF2WC0 HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=B7CcP1geZvM_0&s=514185_471449
Pragma: no-cache
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 167f1b2bc1e92749c4717787684f6dfa
54f31c6e69f13295f905b6e509d55f935ca8e31e
e1ba8d7292131cece7509b3ace59948a359eee8dd7fb9c92e3f3b4b95ea45f92
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E1BA8D7292131CECE7509B3ACE59948A359EEE8DD7FB9C92E3F3B4B95EA45F92"
Last-Modified: Mon, 30 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Wed, 01 Feb 2023 21:56:02 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 167f1b2bc1e92749c4717787684f6dfa
54f31c6e69f13295f905b6e509d55f935ca8e31e
e1ba8d7292131cece7509b3ace59948a359eee8dd7fb9c92e3f3b4b95ea45f92
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E1BA8D7292131CECE7509B3ACE59948A359EEE8DD7FB9C92E3F3B4B95EA45F92"
Last-Modified: Mon, 30 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Wed, 01 Feb 2023 21:56:02 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
track.trackingtraffo.com/pop/imp?auth=d12jux&c=sPi1CdP9xpAKfXXblAgZca_HAO55kQ3cKQ9rV3EEeFUOvMMtf8EiBeY1uQLPkHYcppVQcgJZJlTF5pG-sP3nIhiwccjXUekXcvncgWaxiAbZNtv_j1mTPKI1RNZ-pcRKlCsMAjkOjqTO2ESozsxV-7YtZAyh3RP-TSjFLpg2bCgwxpq95_OiWFabwVWS_iOsQ074l7cl8gr9TRBtdnCKFTwu64JGGbepin1Ll16CDtMJMx5Xy26y1xJ1aktONdHGB-cwObmisYFffDLwxEHXNb8ezBljPSBo8QifHrvv3H74UlXyeONfgdcj0HoiZQkqfC9Zu1RB5bZgs6euMTqn1jeWFSr8uqpsy3NDg_rCg_UdbYMR9DYeASDjww8VgVcVLneMlWl3ef5qO4BzijUtAyYQrP0GLSetWr1zkHiPxnVoDV_030jrOwKs4mQwpL90sCvczxJrgmMEEMjeh2F1OHVUj4QkgtN-Y8cZUDWe7BPxRRbqMjJJYmfC3W6mEEF6-LquD4uj4335ANWqsMLf2QYVtnpDDLX89iaL6H-FM6EJkS_DQ8gHQ6VUWK8jDpFMrVVQqvW83DrIsBJydv_yLbEVlDm8t-YbZQxp7Zybxh2SDvyyxuPW_B7nzaL5lv1jppXUQLaCGjM85-VCkxdhIAh7IraWWL-Cq0izut4-csD0WJvBc47tb1W9YUiEiSk_JMH7fVRec-dIiJ7uCO771PSq7CxmWTal
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=sPi1CdP9xpAKfXXblAgZca_HAO55kQ3cKQ9rV3EEeFUOvMMtf8EiBeY1uQLPkHYcppVQcgJZJlTF5pG-sP3nIhiwccjXUekXcvncgWaxiAbZNtv_j1mTPKI1RNZ-pcRKlCsMAjkOjqTO2ESozsxV-7YtZAyh3RP-TSjFLpg2bCgwxpq95_OiWFabwVWS_iOsQ074l7cl8gr9TRBtdnCKFTwu64JGGbepin1Ll16CDtMJMx5Xy26y1xJ1aktONdHGB-cwObmisYFffDLwxEHXNb8ezBljPSBo8QifHrvv3H74UlXyeONfgdcj0HoiZQkqfC9Zu1RB5bZgs6euMTqn1jeWFSr8uqpsy3NDg_rCg_UdbYMR9DYeASDjww8VgVcVLneMlWl3ef5qO4BzijUtAyYQrP0GLSetWr1zkHiPxnVoDV_030jrOwKs4mQwpL90sCvczxJrgmMEEMjeh2F1OHVUj4QkgtN-Y8cZUDWe7BPxRRbqMjJJYmfC3W6mEEF6-LquD4uj4335ANWqsMLf2QYVtnpDDLX89iaL6H-FM6EJkS_DQ8gHQ6VUWK8jDpFMrVVQqvW83DrIsBJydv_yLbEVlDm8t-YbZQxp7Zybxh2SDvyyxuPW_B7nzaL5lv1jppXUQLaCGjM85-VCkxdhIAh7IraWWL-Cq0izut4-csD0WJvBc47tb1W9YUiEiSk_JMH7fVRec-dIiJ7uCO771PSq7CxmWTal
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=sPi1CdP9xpAKfXXblAgZca_HAO55kQ3cKQ9rV3EEeFUOvMMtf8EiBeY1uQLPkHYcppVQcgJZJlTF5pG-sP3nIhiwccjXUekXcvncgWaxiAbZNtv_j1mTPKI1RNZ-pcRKlCsMAjkOjqTO2ESozsxV-7YtZAyh3RP-TSjFLpg2bCgwxpq95_OiWFabwVWS_iOsQ074l7cl8gr9TRBtdnCKFTwu64JGGbepin1Ll16CDtMJMx5Xy26y1xJ1aktONdHGB-cwObmisYFffDLwxEHXNb8ezBljPSBo8QifHrvv3H74UlXyeONfgdcj0HoiZQkqfC9Zu1RB5bZgs6euMTqn1jeWFSr8uqpsy3NDg_rCg_UdbYMR9DYeASDjww8VgVcVLneMlWl3ef5qO4BzijUtAyYQrP0GLSetWr1zkHiPxnVoDV_030jrOwKs4mQwpL90sCvczxJrgmMEEMjeh2F1OHVUj4QkgtN-Y8cZUDWe7BPxRRbqMjJJYmfC3W6mEEF6-LquD4uj4335ANWqsMLf2QYVtnpDDLX89iaL6H-FM6EJkS_DQ8gHQ6VUWK8jDpFMrVVQqvW83DrIsBJydv_yLbEVlDm8t-YbZQxp7Zybxh2SDvyyxuPW_B7nzaL5lv1jppXUQLaCGjM85-VCkxdhIAh7IraWWL-Cq0izut4-csD0WJvBc47tb1W9YUiEiSk_JMH7fVRec-dIiJ7uCO771PSq7CxmWTal HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=7b1c63d8-5a25-45c0-bcee-4f418f86b1a7&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 167f1b2bc1e92749c4717787684f6dfa
54f31c6e69f13295f905b6e509d55f935ca8e31e
e1ba8d7292131cece7509b3ace59948a359eee8dd7fb9c92e3f3b4b95ea45f92
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E1BA8D7292131CECE7509B3ACE59948A359EEE8DD7FB9C92E3F3B4B95EA45F92"
Last-Modified: Mon, 30 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Wed, 01 Feb 2023 21:56:02 GMT
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&sourceId=4248917&p2=898897&p1=NO&p3=
104.18.59.150302 Found 0 B URL HTTP/2 go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&sourceId=4248917&p2=898897&p1=NO&p3=
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&sourceId=4248917&p2=898897&p1=NO&p3= HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:49 GMT
content-length: 0
location: https://go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4248917&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=2043684.21763; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSRSGTzNwtDfLbrsU9hEXAd53At; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:49 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2017e917b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=-3MLQUlj9p0_0&s=391163_471451
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=-3MLQUlj9p0_0&s=391163_471451
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=-3MLQUlj9p0_0&s=391163_471451 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_391163_471451
go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
104.18.59.150302 Found 0 B URL HTTP/2 go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3= HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:49 GMT
content-length: 0
location: https://go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=2043684.21763; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLE3nWT4HPwnBgY; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:49 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2017e918b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
95.101.11.40200 OK 10 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash f54e5331f7d782d475a884cce1db33fd
d5145e3ebcab1a21d4cdff8632c9901db93b962f
73c4aa8abb0450fbb7eef37c3afc3d6f11f0c2bc3f0a101323364b59298e4e2f
GET /landings/277386/1674482702/js/translates.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: FiqGu8oEmL2Bavi/DhkWGJAqG7uPxrrnc5cdSwVUXVuLPCkvw0gkdSbGvesL12HM5oZUL+2wiL0=
x-amz-request-id: 8HATEB5KA3Z5PKSF
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
95.101.11.40200 OK 252 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash 3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69
GET /landings/277386/1674482702/js/tn_pHash.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: QpQ/0pJwpH0R6jWqX/Wrw5u64aw6TH/75blPXjgWdfzKD+zTT3KvrQBeusLjtgcgPJIimVLxIuE=
x-amz-request-id: 8HAM790MB51EMFC2
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "3544c08851825a863747a126548d6993"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 252
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
95.101.11.40200 OK 688 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash ba7deda1bcbc1e2d5c127678e05b71a1
4707fef7ab43a522b3cf7f5c0db4c148c5a43701
303187afb2cbbbf6095724df7eaf8c7967bb019dc17e1224d9e2366ac7f381c5
GET /landings/277386/1674482702/js/function.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: G0HjIt7h/DEvYELWE1bc0BwRwyx4WvlZ+lzkVlVg2DMgl1h/VgoAg3rFSV9YRN8Vo3SCxSYkLlc=
x-amz-request-id: 8HAZXEY5N7C7BN72
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
95.101.11.40200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0e212ad4454c941c45c2e57df42c2b4f
fe9d7c484c2c0d7a6475692ef984c53a06c95406
e950a9e5e696f39d02028b27a4cd82fab1b6fd07fa34a238d3a3f7f5e90d95c3
GET /landings/277386/1674482702/js/title_tanslate.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: dq+2Ul1T5NtXgtogqYwCfUVFkFaWbd1kdEtlbxtzb1hVQAwSEw/ZEP6H+81+gy+3AJ7W3F7eR94=
x-amz-request-id: NYVG6MF6VKDT9ER2
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/css/popup.css?1675090482
95.101.11.40200 OK 635 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/css/popup.css?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type assembler source, ASCII text
Hash 4ed05a608a8ec589e8aa5b040f7bb878
c58649a707ba64aed8b285d3be9f6b06a85ea6cb
bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363
GET /landings/278385/1675090482/css/popup.css?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 4sqjVZgykmuI3bwXoZGEtHUplDY7mixijLDqnYiidLu73hhqWf6VefCaQUzCMupetYFZ6Naam+Q=
x-amz-request-id: A17XQF3BAK3SEZFJ
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/css/style.css?1675090482
95.101.11.40200 OK 3.7 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/css/style.css?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (308)
Hash 3a1d8302a36619ee799211987b8ab404
b9a63e7fea7ad6e0657230adc5c3e95daf35d3e6
088b089eca19c6cf494ee37ba11ce2bf7d2b5a85d061a9cd4a138621407a4a70
GET /landings/278385/1675090482/css/style.css?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: szN2uPpKWMDsTk15mMfVr1PbAhjOEVLdVRza1MaBh0T1bW9n7K84NPYWjaCPjmByTW61HvH87oM=
x-amz-request-id: A17N06BX64TYJAXF
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "842446440dee55df8ab77297f94ce467"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 3701
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/css/reviews.css?1675090482
95.101.11.40200 OK 1.2 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/css/reviews.css?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash 18d98ebdf13ddfde40d2398a92f5cc80
c41a3fc6cc49c061a97e403945d33aa60c55484b
c62a45a6a313c541db688c107b40b06d284a7e23eefec4da2d4cff6583c2cfea
GET /landings/278385/1675090482/css/reviews.css?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: aSfdO6bolUeYrh2WUhCiCWbEOemwu6d5eHIXXefffKmmBtwg25IJ9MSI+jc4mQrOm4g8BEHrB2Y=
x-amz-request-id: A17RCB68TEG3HFX2
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "5487d0ec527a492fe325ffc852779014"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 1192
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/js/vegas.js?1675090482
95.101.11.40200 OK 3.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/vegas.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (11568), with CRLF line terminators
Hash 156c4046496d16408b06eb605ce1ab09
0dde2c6bbb3cf64132989866bdc1161be62474e3
657aac4fd9cd122e452b9da290c486d115af6b8fe8d409f39ab1d1d3dff44144
GET /landings/278385/1675090482/js/vegas.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 6/uS0pTepuxFowqbqDFpoYPjUTgv1EmotnouEkToNgom1gWQkv7l9y99YVErdIGTKjAgY2QK+0U=
x-amz-request-id: A17J9P0A342VZTZJ
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/js/jquery-2.2.4.min.js?1675090482
95.101.11.40200 OK 30 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/jquery-2.2.4.min.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32065)
Hash 2fa28552f1ee4e1382ee43930b53afb8
803670da6a35378bf4eb73acc8e72fe4feb5ca30
ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
GET /landings/278385/1675090482/js/jquery-2.2.4.min.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: zRM6Io/tGClu3nfJqeVwKyga/Mo+ylU1MZueV4jnOSmmkCD2/xTYmG6aXq8Un0acS1sIlcr7R7A=
x-amz-request-id: A17G257PFZQDAE7N
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/js/function.js?1675090482
95.101.11.40200 OK 764 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/function.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash e633851f715f507948cc418842fa570e
e019464133ce094df306590b9c50b67d9281fb1b
b4d19ceb40a768f925cb76b0d7b004f2c49e15586cd701a1b0581f76d768bd4d
GET /landings/278385/1675090482/js/function.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 5w6zqb34AK9bgcXpnEySRd4XKaYYgAS7+cofmY40CeSSLhGdteNfBlg92zlP665bMCfyLKKzxu4=
x-amz-request-id: A17TQMAVRPCSF3BJ
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "3478fe25a564f18cb67109b98a8aadcf"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 764
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/js/translates-review.js?1675090482
95.101.11.40200 OK 16 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/translates-review.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash ec91618c4f7a13998c8731b2574f3692
44aa52ca4ff08ef277e150f1c2cf49ffb05ada8d
46f4f9a8791ff6f23f34ddd1ac7cb43d2d403aa445367c2c32ac3ddf563d236b
GET /landings/278385/1675090482/js/translates-review.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: SZ7FikWsJv3LujYzRhCmY6NeR+sLHYDoAEZWlTnkc5neSIXbu4/Gf10SUQedf2H7WRXLxKBE0K0=
x-amz-request-id: SX8V0VX9WMGG84CQ
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "f18718f224a9ed8012cc1b7570e3eedd"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 16483
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
track.trackingtraffo.com/pop/imp?auth=d12jux&c=2r5bAA_eYVgSCjrh9KqlDWcm8oa_ysidrLObJTSKJ1ywAIgWTrrh4018FYY0dBSo5r-xwReDpedkiQPm9dsHnxkL958ubGLX2NfbSwyP6UwhYxcDoIRhwuVcBIQFRICJwyu3-beoAEXh47ByFJAGO2MvnEb8SnL5ygaHVG93QWUroP55yf63JuWP4bgzW9G-1d23g-YEGqfDtJ_SOiWFp8YC0Ee-9JbPmwWl7qBXQkRcU-c1hIiV9f8H6BqIUP9SOVIQkIT3Nzp_QwsHCPmsUc0qZFb1GGwn5HtBeRiIG7DrZTpHd8rv50ZRuYZpyzQCAfzHTu7bCvuT7C6Joswn52__7lxXb13hqbr5KNlIy5SYwGdMKm5x3kHxog4xVocpAdvOZLN6YM-4Vi-eiYje2QE2F94S-YrwViBS8yPo-_K1ntNy-0Yn8obc1CpdN6wpTD_K1p_uMgK-pGcWblRqzdnFWN5dUzalPT3jBkNMPwzQIEMxsuxBeGsHMxcdM_nZm9rZ7g8mJlBLvmS07c_zNu_m_sFfsJ0VFt0HdFAfolA4zY_s3yMO3877t4vGY0k1LoiPU-YH88qpBvrNsykjtEtggz_aExg3PZI7glo90m9uy29PzLeMfMyrhogNlmHHituLpLSwIkNaziotw6oT_nmSe2JFn5l-ob6n6lGHy56ih-qcnHqRoRjGcU42aHnaUYRw4vRo14P64Y5uvxgKMMaevZsJIC13VqSsKNHSaaDDtm-crgyZ1_AwWKk
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=2r5bAA_eYVgSCjrh9KqlDWcm8oa_ysidrLObJTSKJ1ywAIgWTrrh4018FYY0dBSo5r-xwReDpedkiQPm9dsHnxkL958ubGLX2NfbSwyP6UwhYxcDoIRhwuVcBIQFRICJwyu3-beoAEXh47ByFJAGO2MvnEb8SnL5ygaHVG93QWUroP55yf63JuWP4bgzW9G-1d23g-YEGqfDtJ_SOiWFp8YC0Ee-9JbPmwWl7qBXQkRcU-c1hIiV9f8H6BqIUP9SOVIQkIT3Nzp_QwsHCPmsUc0qZFb1GGwn5HtBeRiIG7DrZTpHd8rv50ZRuYZpyzQCAfzHTu7bCvuT7C6Joswn52__7lxXb13hqbr5KNlIy5SYwGdMKm5x3kHxog4xVocpAdvOZLN6YM-4Vi-eiYje2QE2F94S-YrwViBS8yPo-_K1ntNy-0Yn8obc1CpdN6wpTD_K1p_uMgK-pGcWblRqzdnFWN5dUzalPT3jBkNMPwzQIEMxsuxBeGsHMxcdM_nZm9rZ7g8mJlBLvmS07c_zNu_m_sFfsJ0VFt0HdFAfolA4zY_s3yMO3877t4vGY0k1LoiPU-YH88qpBvrNsykjtEtggz_aExg3PZI7glo90m9uy29PzLeMfMyrhogNlmHHituLpLSwIkNaziotw6oT_nmSe2JFn5l-ob6n6lGHy56ih-qcnHqRoRjGcU42aHnaUYRw4vRo14P64Y5uvxgKMMaevZsJIC13VqSsKNHSaaDDtm-crgyZ1_AwWKk
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=2r5bAA_eYVgSCjrh9KqlDWcm8oa_ysidrLObJTSKJ1ywAIgWTrrh4018FYY0dBSo5r-xwReDpedkiQPm9dsHnxkL958ubGLX2NfbSwyP6UwhYxcDoIRhwuVcBIQFRICJwyu3-beoAEXh47ByFJAGO2MvnEb8SnL5ygaHVG93QWUroP55yf63JuWP4bgzW9G-1d23g-YEGqfDtJ_SOiWFp8YC0Ee-9JbPmwWl7qBXQkRcU-c1hIiV9f8H6BqIUP9SOVIQkIT3Nzp_QwsHCPmsUc0qZFb1GGwn5HtBeRiIG7DrZTpHd8rv50ZRuYZpyzQCAfzHTu7bCvuT7C6Joswn52__7lxXb13hqbr5KNlIy5SYwGdMKm5x3kHxog4xVocpAdvOZLN6YM-4Vi-eiYje2QE2F94S-YrwViBS8yPo-_K1ntNy-0Yn8obc1CpdN6wpTD_K1p_uMgK-pGcWblRqzdnFWN5dUzalPT3jBkNMPwzQIEMxsuxBeGsHMxcdM_nZm9rZ7g8mJlBLvmS07c_zNu_m_sFfsJ0VFt0HdFAfolA4zY_s3yMO3877t4vGY0k1LoiPU-YH88qpBvrNsykjtEtggz_aExg3PZI7glo90m9uy29PzLeMfMyrhogNlmHHituLpLSwIkNaziotw6oT_nmSe2JFn5l-ob6n6lGHy56ih-qcnHqRoRjGcU42aHnaUYRw4vRo14P64Y5uvxgKMMaevZsJIC13VqSsKNHSaaDDtm-crgyZ1_AwWKk HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=eaeb522a-4877-423f-89be-0ebc89cd7a26&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=3d94r7DBv5E_0&s=499756_471425
51.161.115.163302 Found 2.3 kB URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=3d94r7DBv5E_0&s=499756_471425
IP 51.161.115.163:0
Hash 81336501312afac74323a3a0c77b3e92
cc62111460a62a4043aca82c8fa42147cfa12502
562c9996afe8062da3a662721ffd30274607714a3a816bf1e8685657af5ff87a
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=3d94r7DBv5E_0&s=499756_471425 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: wn
Location: https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=499756_471425&pub_clickid=63da95d55ab5645a876df46b
track.trackingtraffo.com/pop/imp?auth=d12jux&c=ir6MvvKWlZLlVZhVLRus0YiIvMlXZedHZASlw5I1u-ewRTq1QGlhDYyegStMrQofv8aEj0ubbkQJweNwmH07QSK0kMQv1K1cQPILtoQzUQTSlqw_omvzKXAyQosCo-xXkBuYI7ZUi1EcXtJZTDTM4ByNNrMiq7ipOXppJ6XqMNUrRlsqO0XmnPT98b3Gmwnd_EAbbrjJnE8ZnAu_0roSbWRKqZxW6yFBlgBFJkHenncVQwwtar01AB2QKP9frTtG5w1kSCgej9Y5OdzppSwINw_gEd92gyjvjsrNy7A4eobuWyY5ltinnGkBSiZQ09J3e93tpElk8eCV-8HRE4JmjGrGumZ3EIn6QW8BlMEYpO16Mb5lv8oLcEM3yz4NiSDGUFat6awY_W896tOw4ZfhjYgULUwTihJkZQNYkCFxMun7861W9gnu2zfH1KONI0eumoheoswIM596dZmchFobZW8yd7UUD4oWJigoUoGHxZYPvdS3vGWwCnUPExgX0SnE8QF28rsuCrAPVsyWGNAVI3p-NrWfNg6gjmzHanJNfBRDA3Y9ycwn5UyMj_hFUJ_AqEg2G0YA-rSQUt2Bdx6PPvfzU5smmo0Ljgn9pY31VxJEtmmZF95CqP88JjmDp1Rq_3YRsADtCwqXIsM9-lxP7mGFnMFEoF0jL3aJ-puDPpRVsaGNKDS6fJjSBc83h-X8qER1OGNx22Lezv2dkLIV1lP-QdOLHiWK9RN1B1q1MBqug9bVzS93iwQa7jo
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=ir6MvvKWlZLlVZhVLRus0YiIvMlXZedHZASlw5I1u-ewRTq1QGlhDYyegStMrQofv8aEj0ubbkQJweNwmH07QSK0kMQv1K1cQPILtoQzUQTSlqw_omvzKXAyQosCo-xXkBuYI7ZUi1EcXtJZTDTM4ByNNrMiq7ipOXppJ6XqMNUrRlsqO0XmnPT98b3Gmwnd_EAbbrjJnE8ZnAu_0roSbWRKqZxW6yFBlgBFJkHenncVQwwtar01AB2QKP9frTtG5w1kSCgej9Y5OdzppSwINw_gEd92gyjvjsrNy7A4eobuWyY5ltinnGkBSiZQ09J3e93tpElk8eCV-8HRE4JmjGrGumZ3EIn6QW8BlMEYpO16Mb5lv8oLcEM3yz4NiSDGUFat6awY_W896tOw4ZfhjYgULUwTihJkZQNYkCFxMun7861W9gnu2zfH1KONI0eumoheoswIM596dZmchFobZW8yd7UUD4oWJigoUoGHxZYPvdS3vGWwCnUPExgX0SnE8QF28rsuCrAPVsyWGNAVI3p-NrWfNg6gjmzHanJNfBRDA3Y9ycwn5UyMj_hFUJ_AqEg2G0YA-rSQUt2Bdx6PPvfzU5smmo0Ljgn9pY31VxJEtmmZF95CqP88JjmDp1Rq_3YRsADtCwqXIsM9-lxP7mGFnMFEoF0jL3aJ-puDPpRVsaGNKDS6fJjSBc83h-X8qER1OGNx22Lezv2dkLIV1lP-QdOLHiWK9RN1B1q1MBqug9bVzS93iwQa7jo
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=ir6MvvKWlZLlVZhVLRus0YiIvMlXZedHZASlw5I1u-ewRTq1QGlhDYyegStMrQofv8aEj0ubbkQJweNwmH07QSK0kMQv1K1cQPILtoQzUQTSlqw_omvzKXAyQosCo-xXkBuYI7ZUi1EcXtJZTDTM4ByNNrMiq7ipOXppJ6XqMNUrRlsqO0XmnPT98b3Gmwnd_EAbbrjJnE8ZnAu_0roSbWRKqZxW6yFBlgBFJkHenncVQwwtar01AB2QKP9frTtG5w1kSCgej9Y5OdzppSwINw_gEd92gyjvjsrNy7A4eobuWyY5ltinnGkBSiZQ09J3e93tpElk8eCV-8HRE4JmjGrGumZ3EIn6QW8BlMEYpO16Mb5lv8oLcEM3yz4NiSDGUFat6awY_W896tOw4ZfhjYgULUwTihJkZQNYkCFxMun7861W9gnu2zfH1KONI0eumoheoswIM596dZmchFobZW8yd7UUD4oWJigoUoGHxZYPvdS3vGWwCnUPExgX0SnE8QF28rsuCrAPVsyWGNAVI3p-NrWfNg6gjmzHanJNfBRDA3Y9ycwn5UyMj_hFUJ_AqEg2G0YA-rSQUt2Bdx6PPvfzU5smmo0Ljgn9pY31VxJEtmmZF95CqP88JjmDp1Rq_3YRsADtCwqXIsM9-lxP7mGFnMFEoF0jL3aJ-puDPpRVsaGNKDS6fJjSBc83h-X8qER1OGNx22Lezv2dkLIV1lP-QdOLHiWK9RN1B1q1MBqug9bVzS93iwQa7jo HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=47a31d1f-df1d-408b-aded-b02667c00295&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
admediatex.net/serve/ads.php?a=3986&b=468x60&random=26670526&referr=
104.26.9.229200 OK 174 B URL HTTP/2 admediatex.net/serve/ads.php?a=3986&b=468x60&random=26670526&referr=
IP 104.26.9.229:0
Hash e3c1a37259e1b64e0f3b88317863005e
fe4a605a7b191c696a7073fa35948c5a7c3e5cff
f695af7c225ce7ef990d481f928819c01ede1375e7f96260f6d52b2bc747d34d
GET /serve/ads.php?a=3986&b=468x60&random=26670526&referr= HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gLOj%2B11%2F5qlmrBPy7VIopbXDrBrgpL3YZY9PQLh8y1dzJlIT4MVvnTf21aaU9ReVOKitMfJqzF7PeQ%2FaP9dFqexWRQhALYkIWrm1lMULvGfzV7YMfAvJYbMGkRgg1kfb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c200aaedd0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
xml.adflyer.media/redirect?feed=466228&auth=j0AZcQ
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=466228&auth=j0AZcQ
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=466228&auth=j0AZcQ HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466228
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=35OSAmtU4Yo_0&s=496490_467932
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=35OSAmtU4Yo_0&s=496490_467932
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=35OSAmtU4Yo_0&s=496490_467932 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_496490_467932
cdn-dimi.akamaized.net/landings/278385/1675090482/js/timer.js?1675090482
95.101.11.40200 OK 775 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/timer.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash e658602244106bd7ea3248b054a8ae56
0463a487b3760aaeb3c06ae9e7b5992d4a6e22ea
e09e7415d7bfff3f2a12c61c53053891943b83a512037e6a98aadb6a434f34e4
GET /landings/278385/1675090482/js/timer.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: C0nKpeMUb/nejappi0g68PE6qVrHFAV9b+pOttgLmi9jETgkzi9xQnWF1tv8PROMqL0dIf6BEHI=
x-amz-request-id: SX8R4YTNET2YX26J
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "8192bb60b620658087130819ac6840d3"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 775
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/js/title_tanslate.js?1675090482
95.101.11.40200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/title_tanslate.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0e212ad4454c941c45c2e57df42c2b4f
fe9d7c484c2c0d7a6475692ef984c53a06c95406
e950a9e5e696f39d02028b27a4cd82fab1b6fd07fa34a238d3a3f7f5e90d95c3
GET /landings/278385/1675090482/js/title_tanslate.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 1webNL5/JEJpJuY8zq4QbZb6xNQcOd8ahayfbYqlWHXM2br08s46A4Iy+hf6a5oBtw9P6bQBlCU=
x-amz-request-id: SX8TV4CSATP6RSNZ
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.forza.idescargarapk.com/ts_pro/all-sites.php?rd=1675269588&country=no
50.31.176.38200 OK 3.4 kB URL HTTP/2 www.forza.idescargarapk.com/ts_pro/all-sites.php?rd=1675269588&country=no
IP 50.31.176.38:0
Hash a898606d5da565b8612ed1d89e36d560
e3f8d6609cb2fb7b98da665323ba18609378cec0
96876c6f447e40ef58009bab096a0b6457bce3bc881c05cc1524db5c08c4e0a0
GET /ts_pro/all-sites.php?rd=1675269588&country=no HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:48 GMT
X-Firefox-Spdy: h2
xml.ezmob.com/redirect?feed=415010&auth=S9Ec57
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ezmob.com/redirect?feed=415010&auth=S9Ec57
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415010&auth=S9Ec57 HTTP/1.1
Host: xml.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://eastfeukufu.xyz/redirect?tid=926093&subid=463404.503375
Pragma: no-cache
s.clickiocdn.com/t/227790_wv.js
95.211.66.35200 OK 41 kB URL HTTP/2 s.clickiocdn.com/t/227790_wv.js
IP 95.211.66.35:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 429bafc85980b54c30fbeab807eefdab
0db4bbac516f3a90a008c356bba49905a70f4c96
b95a027c4a56150e2d2cacc8e9d45fdca7f91d5dc2de75e24d7d68a9a7ff8239
GET /t/227790_wv.js HTTP/1.1
Host: s.clickiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 18 Jan 2023 21:08:43 GMT
etag: W/"63c85fdb-1ada"
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800
access-control-allow-origin: *
iseu: eu
content-encoding: gzip
X-Firefox-Spdy: h2
sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
173.239.53.18302 Found 0 B URL HTTP/1.1 sub.adzgame.com/redirect?feed=467932&auth=YyhXqX
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467932&auth=YyhXqX HTTP/1.1
Host: sub.adzgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467932
Pragma: no-cache
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash baf87657a680d73771ccc4cd215ba9da
1f4cd0e9de0ca88aa4f5c6aa03ae55d8eda393f1
6534a2d2c26e701d0f78d670f8da5136eced5cc40013a6478618d7274ffa85b3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 19:46:39 GMT
Expires: Mon, 06 Feb 2023 19:46:38 GMT
Etag: "1f4cd0e9de0ca88aa4f5c6aa03ae55d8eda393f1"
Cache-Control: max-age=442608,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792c20182d29b51e-OSL
cdn-dimi.akamaized.net/landings/278385/1675090482/images/password.svg
95.101.11.40200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/password.svg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (330)
Hash f42aef7f97d4c9bdb074673081f38ac7
0231df782e371d139c826e091279acd9a07e691c
5fca7f589cd825e1f152e0a1677d6cbd0a3ee3ecde05905d572af87e8b453eac
GET /landings/278385/1675090482/images/password.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: GIXrX9zEb4xYRb0wSk2JaLYKLdifmgn5SR7UqiWOz/iP/1J1XlwO0AzFbyGfFDts4Xza+AkTc4I=
x-amz-request-id: 8AE2AGYNYWMRM87G
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "f42aef7f97d4c9bdb074673081f38ac7"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1339
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
95.101.11.40200 OK 3.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (11568), with CRLF line terminators
Hash 156c4046496d16408b06eb605ce1ab09
0dde2c6bbb3cf64132989866bdc1161be62474e3
657aac4fd9cd122e452b9da290c486d115af6b8fe8d409f39ab1d1d3dff44144
GET /landings/277386/1674482702/js/vegas.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 3fCL9hSsanILtohqydjSkQ8EBYZ3hIhIp+qsXvIrGulRx5g/S3FAlhQTlHd86goXoiU6Tk+uVhs=
x-amz-request-id: 8HATJ2V5SB333C24
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/5-eu.jpg
95.101.11.40200 OK 2.9 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/5-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 27109a247208262e6293950ca8f5450d
cea89616d15ad45a0f2b04082dff608abd96b800
86755df878f9f09c1b06deb1ac049db77b1931d3b0f650548fac960b3fedaa96
GET /landings/278385/1675090482/images/5-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 2GrPzeTkIZsjxg8HOk4CuJYE9Eo0D+j5t/q4t+pGsWRs6iL/ZI8hxvxSC8I7jrl5CkeZGkK1dX4=
x-amz-request-id: JGE64P8RJF7ZB15D
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "27109a247208262e6293950ca8f5450d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2879
Date: Wed, 01 Feb 2023 16:39:49 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/1.jpg
95.101.11.40200 OK 57 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/1.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash cd41e3e2c1156b62fc4645da34b10586
1e311a59c96cf4c3e18da194815deb9a63fba2ec
1b531f4a6a961037b801ecef8228a9b46efd2d3cff18bd872d32b91cd4585d79
GET /landings/278385/1675090482/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 5joxbXqhjqQ2L8zRiUMmi2io/ipcEjzCkT2P4my9slSFu0V3UjeFN1cBeTmAdqBS7c2LzzRSuBM=
x-amz-request-id: 8AED3CDPA27SE1TF
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "cd41e3e2c1156b62fc4645da34b10586"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 56762
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
95.101.11.40200 OK 30 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32065)
Hash 2fa28552f1ee4e1382ee43930b53afb8
803670da6a35378bf4eb73acc8e72fe4feb5ca30
ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
GET /landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: xjaHCpqdYols+5VxYqhSsHP1jgNtr0byCi0z6sflhGX76qKYDZefVeXvuenVoCuQIltpvD+rgGs=
x-amz-request-id: RQKX2D39C1YZ2J2J
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
95.101.11.40200 OK 635 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type assembler source, ASCII text
Hash 4ed05a608a8ec589e8aa5b040f7bb878
c58649a707ba64aed8b285d3be9f6b06a85ea6cb
bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363
GET /landings/277386/1674482702/css/popup.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 80LvPc6R8R1RNYijofODjoF25WBP04jqs7ZoNzvdV9mjGcrpfmgsLUIXhlSdvSh3ib3kG/Mdjok=
x-amz-request-id: RQKJY1XNAZTKJ186
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=laO-Qf4Zl0Y&campaignid=934057&siteid=430875.511059&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
50.31.176.38200 OK 6.7 kB URL HTTP/2 www.forza.idescargarapk.com/get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=laO-Qf4Zl0Y&campaignid=934057&siteid=430875.511059&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
IP 50.31.176.38:0
Hash ef4d6ebf2ddb2ea1c6fed1def80edfec
5ba67bd1a453a1d2afcf93c1768d74ef6189ffca
d493eca0252ef21433632f0673d8fa17cec1cc87ff2579f2fd9f74382e2dbeb4
GET /get.php?code=TkdXUDhMNFpITTFjUXB5YWpsN01TZz09&clickid=laO-Qf4Zl0Y&campaignid=934057&siteid=430875.511059&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002 HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
set-cookie: PHPSESSID=748232e0bbe85839901c7da1695b62d0; path=/; secure
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:48 GMT
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
95.101.11.40200 OK 3.0 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash 7b6cd1158523786c5e8ff92fa27acb8c
dc556e71d4138225f0a8f529d680794fe6d7c082
53dafd93c9ad7ffdf9b187663144875e7a21c4edfa1e72aec51d360293724b06
GET /landings/277386/1674482702/css/style.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: khmH7/LWDO1CLjDPGx6O6t/3f9A2gVCm71sdTrWygTzG5VT2I+ODMpqaWP4zjYRjUM9BwDcaiC4=
x-amz-request-id: RQKS4XN46SR6VC0D
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "c0e91ee9eeac065a145dea1b96ebfd1e"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 2985
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
95.101.11.40200 OK 9.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Hash 27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0
GET /landings/277386/1674482702/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 4NVYkgO62IdwQISX/Z7TQd5ztuE98LFTP6fJap6Kgu7btM2yVr7043wf6Ag03a9OMjU2Fu/ThBE=
x-amz-request-id: 2CZPEACKC9VDCZHE
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
track.trackingtraffo.com/pop/imp?auth=d12jux&c=cvY7l6OUgQSLgif3t1nuy44t7s5z3KYshSgM2pBuGTkOQqNKyAQ2dcYluNoHzhI6iQgEcX26P_16LtAFW8c1-Iv1sTHMWHKsiwiAmW0DTtHBvOz8k0XAx6t3L2sXD5JZdk-paMR4_mIMypltbcJFvMsVFdJIUbHyXmqDGiTL4vlBeSxmQNFijWTFYL-zutbLqaa4OTTzD27E73VcKVu2t1lSGAWsd1JEqtVKIwCJxrilD0Lm6AJJ2ExNDIkrGcQqCVb8CfhSKgb1EMQ1q-n4qfUhaDGfBE0ouwX7L-3mHqikGd-X8ekhs0iQoUF5WldOTqQfUr_bMixiKIX6bz0lXQcfojSulwg3zCOAibBPjHroUW39foCqJkFYrvbw22lvn65NWAAB4a6HMZEU7GsmxSM4e3hontu-Z0nQQp8k8dj0ANUQJaU3Jxz7wA4hSd9ddKfBd3cfY3RUL0yv1IWxt-poJXRecnadLpjBNmHOMlJtVAz981IH5dqDW-tPtezb4c6DyToUZ301zkbkZGiEmRkKwsk7RXkSn8eR_xP8PFIBASclnheWDeKO_WKHcFmjZbeZ9O-PhjWi8MwP5Pf3043-vajENoH9OJboNFaJd_K4jcnAboYyuR5dk7rr-HqNSoKsiSDJH1bFcG5_ZhQSyTe0G2IjM6NVUAPQwf_1qanl3uZMtrENYZ1Gr5-TdQ5OGy8J-Xye0hM1WU9_wsKIjmFa2CVPqnpkjITMTm9DuVKpc_A4HjqCAhlw8r--WBhW
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=cvY7l6OUgQSLgif3t1nuy44t7s5z3KYshSgM2pBuGTkOQqNKyAQ2dcYluNoHzhI6iQgEcX26P_16LtAFW8c1-Iv1sTHMWHKsiwiAmW0DTtHBvOz8k0XAx6t3L2sXD5JZdk-paMR4_mIMypltbcJFvMsVFdJIUbHyXmqDGiTL4vlBeSxmQNFijWTFYL-zutbLqaa4OTTzD27E73VcKVu2t1lSGAWsd1JEqtVKIwCJxrilD0Lm6AJJ2ExNDIkrGcQqCVb8CfhSKgb1EMQ1q-n4qfUhaDGfBE0ouwX7L-3mHqikGd-X8ekhs0iQoUF5WldOTqQfUr_bMixiKIX6bz0lXQcfojSulwg3zCOAibBPjHroUW39foCqJkFYrvbw22lvn65NWAAB4a6HMZEU7GsmxSM4e3hontu-Z0nQQp8k8dj0ANUQJaU3Jxz7wA4hSd9ddKfBd3cfY3RUL0yv1IWxt-poJXRecnadLpjBNmHOMlJtVAz981IH5dqDW-tPtezb4c6DyToUZ301zkbkZGiEmRkKwsk7RXkSn8eR_xP8PFIBASclnheWDeKO_WKHcFmjZbeZ9O-PhjWi8MwP5Pf3043-vajENoH9OJboNFaJd_K4jcnAboYyuR5dk7rr-HqNSoKsiSDJH1bFcG5_ZhQSyTe0G2IjM6NVUAPQwf_1qanl3uZMtrENYZ1Gr5-TdQ5OGy8J-Xye0hM1WU9_wsKIjmFa2CVPqnpkjITMTm9DuVKpc_A4HjqCAhlw8r--WBhW
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=cvY7l6OUgQSLgif3t1nuy44t7s5z3KYshSgM2pBuGTkOQqNKyAQ2dcYluNoHzhI6iQgEcX26P_16LtAFW8c1-Iv1sTHMWHKsiwiAmW0DTtHBvOz8k0XAx6t3L2sXD5JZdk-paMR4_mIMypltbcJFvMsVFdJIUbHyXmqDGiTL4vlBeSxmQNFijWTFYL-zutbLqaa4OTTzD27E73VcKVu2t1lSGAWsd1JEqtVKIwCJxrilD0Lm6AJJ2ExNDIkrGcQqCVb8CfhSKgb1EMQ1q-n4qfUhaDGfBE0ouwX7L-3mHqikGd-X8ekhs0iQoUF5WldOTqQfUr_bMixiKIX6bz0lXQcfojSulwg3zCOAibBPjHroUW39foCqJkFYrvbw22lvn65NWAAB4a6HMZEU7GsmxSM4e3hontu-Z0nQQp8k8dj0ANUQJaU3Jxz7wA4hSd9ddKfBd3cfY3RUL0yv1IWxt-poJXRecnadLpjBNmHOMlJtVAz981IH5dqDW-tPtezb4c6DyToUZ301zkbkZGiEmRkKwsk7RXkSn8eR_xP8PFIBASclnheWDeKO_WKHcFmjZbeZ9O-PhjWi8MwP5Pf3043-vajENoH9OJboNFaJd_K4jcnAboYyuR5dk7rr-HqNSoKsiSDJH1bFcG5_ZhQSyTe0G2IjM6NVUAPQwf_1qanl3uZMtrENYZ1Gr5-TdQ5OGy8J-Xye0hM1WU9_wsKIjmFa2CVPqnpkjITMTm9DuVKpc_A4HjqCAhlw8r--WBhW HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=3047df40-5147-4073-a172-4ac276613571&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 10f19f24447a3438c654fd3c00290fad
f76381d20a9abfe2fd99eeb5c1a411578235b6f7
ae726e8c0992c2da2078398caee586458ee4b8124d4414155b48213a66d60897
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF991835F51F"
x-ms-request-id: 1328b90b-701e-0024-5c81-31e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2016391fb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true
216.18.168.29302 Found 0 B URL HTTP/1.1 tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true
IP 216.18.168.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /show_std.php?id_site=13101&id_channel=60771&uf=true HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:50 GMT
content-length: 0
location: https://tfosrv.com/impression.php?channel_id=60771&id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547&site_id=13101&uuid=c5342549-eae5-4850-81ca-7cef1f732944
set-cookie: sppc_uuid=b50cd85f-f0f3-4ee3-b0b8-55cb374b3a6d; max-age=31536000; path=/; secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DA95D5-D812A81D01BB3E4D-46B600F
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=SNDUnWwwmsg_0&s=470427_470363
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=SNDUnWwwmsg_0&s=470427_470363
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=SNDUnWwwmsg_0&s=470427_470363 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470427_470363
tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471425
136.243.75.209302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471425
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/cb813667edbd4b3c81888edf24162044?extID=471425 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
X-Request-Id: 114c1231b45daa95
Set-Cookie: ts_uid=0335812d-ef87-4a0a-8adb-0073142dc934; expires=Tue, 01 Aug 2023 16:39:50 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZMmbcUCijCwsRYwpuieFQRBmJMWzcqDGjRo0cOWB06aMg; expires=Thu, 02 Feb 2023 16:39:50 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
ts_direct_tag=313048:2237372:23468:4234807:38697; expires=Wed, 01 Mar 2023 16:39:50 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
bbckdl.mfcewkrob.com/jquery.min.js
95.211.222.152200 OK 25 kB URL HTTP/2 bbckdl.mfcewkrob.com/jquery.min.js
IP 95.211.222.152:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash efb35224f5aeabff528df9dd7ec53158
16cb54787d7ad37aa1b22fc4cf9ac00279b90ee7
f2aede0541b756b71fb227ce05dd6ea2cd07dda6943eb549009376e9b4b5da0a
GET /jquery.min.js HTTP/1.1
Host: bbckdl.mfcewkrob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
last-modified: Thu, 10 Sep 2015 12:35:44 GMT
etag: W/"55f17920-731f"
expires: Sat, 11 Feb 2023 16:39:49 GMT
cache-control: max-age=864000
content-encoding: gzip
X-Firefox-Spdy: h2
track.trackingtraffo.com/pop/imp?auth=d12jux&c=J0MXhxqdId2v6ArEAQYU4TaTJvLQE4KLy1s2GQpHiW9UQbRBguR71Zbzm2xzbDHnuNoDuiBngp9ygDWwN4DTPbQWPvKCjZgsztfL--XjvQ913SVdDuyYii8ABrJlnq2Y1383cKx1zeX85_wTuhD1A8HFIPtYuH4QHhZPIbClYuKXXcaqXbXhEzKZG3yeUTMlXGXiSjMbmU4DCS5MoI4-8broEe-9wAZOrvGEaDxSWB8am79dNLdjwlAOd1zLhTUfiNIF7MFdDaUmhq-f3vfSdPWwZIbQBo1tpes44zsnUKVXoIEk-Gc3xprbaJ5evJj7WQQ2ZURxzfmnQoIUVAcSo4yWb5ORokTMahmKN0agXcRJyt4heexYDmHCJSd2LrGJDn6yADrtwR04zUNPvaSnC9HEKdBDZAwGy3e34BVU_FW29twVpUfJey1dAYVk-m9IJfnIHxCfG8YOEJ1tkhTbQdZTeZkNvcJ0e5OIUvyS0QVb4cWVrEZlHOMHs98qmj_1xskEFijor_RLFmmQRW_32ch8lAieLRBIz2ARan_cacv8J2QXI1lTUnlUeUUx9vXWGzfm0YqZmSfLKLHdRy6R-oNzndo0FU8ZIKFw3u1IbegydC7A4P2MRX3Q704L0DW6MLJhI2VVMLxfbMx-OstfUwez4RCBf65o1WlQGqSdJwMZ0JsvWpPStqmrHGF6Wkls4YedCTZevBhUBOn_enrCQ_BEJbZIVN4r
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=J0MXhxqdId2v6ArEAQYU4TaTJvLQE4KLy1s2GQpHiW9UQbRBguR71Zbzm2xzbDHnuNoDuiBngp9ygDWwN4DTPbQWPvKCjZgsztfL--XjvQ913SVdDuyYii8ABrJlnq2Y1383cKx1zeX85_wTuhD1A8HFIPtYuH4QHhZPIbClYuKXXcaqXbXhEzKZG3yeUTMlXGXiSjMbmU4DCS5MoI4-8broEe-9wAZOrvGEaDxSWB8am79dNLdjwlAOd1zLhTUfiNIF7MFdDaUmhq-f3vfSdPWwZIbQBo1tpes44zsnUKVXoIEk-Gc3xprbaJ5evJj7WQQ2ZURxzfmnQoIUVAcSo4yWb5ORokTMahmKN0agXcRJyt4heexYDmHCJSd2LrGJDn6yADrtwR04zUNPvaSnC9HEKdBDZAwGy3e34BVU_FW29twVpUfJey1dAYVk-m9IJfnIHxCfG8YOEJ1tkhTbQdZTeZkNvcJ0e5OIUvyS0QVb4cWVrEZlHOMHs98qmj_1xskEFijor_RLFmmQRW_32ch8lAieLRBIz2ARan_cacv8J2QXI1lTUnlUeUUx9vXWGzfm0YqZmSfLKLHdRy6R-oNzndo0FU8ZIKFw3u1IbegydC7A4P2MRX3Q704L0DW6MLJhI2VVMLxfbMx-OstfUwez4RCBf65o1WlQGqSdJwMZ0JsvWpPStqmrHGF6Wkls4YedCTZevBhUBOn_enrCQ_BEJbZIVN4r
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=J0MXhxqdId2v6ArEAQYU4TaTJvLQE4KLy1s2GQpHiW9UQbRBguR71Zbzm2xzbDHnuNoDuiBngp9ygDWwN4DTPbQWPvKCjZgsztfL--XjvQ913SVdDuyYii8ABrJlnq2Y1383cKx1zeX85_wTuhD1A8HFIPtYuH4QHhZPIbClYuKXXcaqXbXhEzKZG3yeUTMlXGXiSjMbmU4DCS5MoI4-8broEe-9wAZOrvGEaDxSWB8am79dNLdjwlAOd1zLhTUfiNIF7MFdDaUmhq-f3vfSdPWwZIbQBo1tpes44zsnUKVXoIEk-Gc3xprbaJ5evJj7WQQ2ZURxzfmnQoIUVAcSo4yWb5ORokTMahmKN0agXcRJyt4heexYDmHCJSd2LrGJDn6yADrtwR04zUNPvaSnC9HEKdBDZAwGy3e34BVU_FW29twVpUfJey1dAYVk-m9IJfnIHxCfG8YOEJ1tkhTbQdZTeZkNvcJ0e5OIUvyS0QVb4cWVrEZlHOMHs98qmj_1xskEFijor_RLFmmQRW_32ch8lAieLRBIz2ARan_cacv8J2QXI1lTUnlUeUUx9vXWGzfm0YqZmSfLKLHdRy6R-oNzndo0FU8ZIKFw3u1IbegydC7A4P2MRX3Q704L0DW6MLJhI2VVMLxfbMx-OstfUwez4RCBf65o1WlQGqSdJwMZ0JsvWpPStqmrHGF6Wkls4YedCTZevBhUBOn_enrCQ_BEJbZIVN4r HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=97519ef7-11e8-437d-be64-12ac14ff0ebb&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 525 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 6ba4cd6c7b606963e92ea9fabc0ef79a
24fb38fe991c00692ce1fc741efa5213e64a66ce
1e4ace86882c3a6b91101e77bfcaaae377b30c139bc850984438b7873bd555fa
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99174612EA"
x-ms-request-id: 82c2bcc2-201e-0029-1081-312c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2016493bb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
track.trackingtraffo.com/pop/imp?auth=d12jux&c=0L9NVO40BTVPMTEw_N-lVDmnc8v8mSQ-SgVyPnzHAhydsJ30qu1Ll2oIRty2Y6zx9ohdl4rGNZTXopW5rQnDVg8WkMa0Mz2KjECuFwtRGIw16sJsoxRoI6cM-onJ-FwjXdl9dApZKHuSid5qDGUIDYkYfAZO29jrhiTHaYZWIeLYxo45X187wFg8kYfn-MvwxNiAONEIW7p4R6OaP8Br3l--rkJ_9qd1A7erAt6n1AyucZsNb1Z6gv16B7Pgt2PKgQ8SBlPedduSVJUTtVcnsKonAZT3trS9CIBeUdU7CpaPZbvmP5agYreRiVB2KkXMBDbnMErLGvYVonS82aXuaEMsnsG5E8t7N9sLr1TGpWeiQL4uIijcNVMwQSMXX5VBHy_RVOJyEZ3QxH00D0kmxRalUANi_E4L84j0yOoIABvzXUDNpRPvLN1lGs-ay2ATbzdW0QoqlMbyTih5QLHKjsDmuLA3yQypqmx2K5TnQ8Rd5QeFCwp3sXICaESrznJPliri1LjnVA5RLF7gDrKaGCZmqiIGYRDD3cx9rQOLb37d055_eM0aXOdIQfPYSsn8EALQj4kgfHaVIsyIeCdfyhn1pfx_gLO-LtAalkVXfGkccle8wdXWoEPHcoFgwfNh_mPU1LqR_oHg2KLtza8GEHOUbNPzbiemdCxGp2fspeLFFcKC21ujTVzOw3jUYZgxYV-OnF1ysd0x2UQUkl3NNdvgcRly97DuFr-s9m5gWoN9FrgOzoTL8KTstkU
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=0L9NVO40BTVPMTEw_N-lVDmnc8v8mSQ-SgVyPnzHAhydsJ30qu1Ll2oIRty2Y6zx9ohdl4rGNZTXopW5rQnDVg8WkMa0Mz2KjECuFwtRGIw16sJsoxRoI6cM-onJ-FwjXdl9dApZKHuSid5qDGUIDYkYfAZO29jrhiTHaYZWIeLYxo45X187wFg8kYfn-MvwxNiAONEIW7p4R6OaP8Br3l--rkJ_9qd1A7erAt6n1AyucZsNb1Z6gv16B7Pgt2PKgQ8SBlPedduSVJUTtVcnsKonAZT3trS9CIBeUdU7CpaPZbvmP5agYreRiVB2KkXMBDbnMErLGvYVonS82aXuaEMsnsG5E8t7N9sLr1TGpWeiQL4uIijcNVMwQSMXX5VBHy_RVOJyEZ3QxH00D0kmxRalUANi_E4L84j0yOoIABvzXUDNpRPvLN1lGs-ay2ATbzdW0QoqlMbyTih5QLHKjsDmuLA3yQypqmx2K5TnQ8Rd5QeFCwp3sXICaESrznJPliri1LjnVA5RLF7gDrKaGCZmqiIGYRDD3cx9rQOLb37d055_eM0aXOdIQfPYSsn8EALQj4kgfHaVIsyIeCdfyhn1pfx_gLO-LtAalkVXfGkccle8wdXWoEPHcoFgwfNh_mPU1LqR_oHg2KLtza8GEHOUbNPzbiemdCxGp2fspeLFFcKC21ujTVzOw3jUYZgxYV-OnF1ysd0x2UQUkl3NNdvgcRly97DuFr-s9m5gWoN9FrgOzoTL8KTstkU
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=0L9NVO40BTVPMTEw_N-lVDmnc8v8mSQ-SgVyPnzHAhydsJ30qu1Ll2oIRty2Y6zx9ohdl4rGNZTXopW5rQnDVg8WkMa0Mz2KjECuFwtRGIw16sJsoxRoI6cM-onJ-FwjXdl9dApZKHuSid5qDGUIDYkYfAZO29jrhiTHaYZWIeLYxo45X187wFg8kYfn-MvwxNiAONEIW7p4R6OaP8Br3l--rkJ_9qd1A7erAt6n1AyucZsNb1Z6gv16B7Pgt2PKgQ8SBlPedduSVJUTtVcnsKonAZT3trS9CIBeUdU7CpaPZbvmP5agYreRiVB2KkXMBDbnMErLGvYVonS82aXuaEMsnsG5E8t7N9sLr1TGpWeiQL4uIijcNVMwQSMXX5VBHy_RVOJyEZ3QxH00D0kmxRalUANi_E4L84j0yOoIABvzXUDNpRPvLN1lGs-ay2ATbzdW0QoqlMbyTih5QLHKjsDmuLA3yQypqmx2K5TnQ8Rd5QeFCwp3sXICaESrznJPliri1LjnVA5RLF7gDrKaGCZmqiIGYRDD3cx9rQOLb37d055_eM0aXOdIQfPYSsn8EALQj4kgfHaVIsyIeCdfyhn1pfx_gLO-LtAalkVXfGkccle8wdXWoEPHcoFgwfNh_mPU1LqR_oHg2KLtza8GEHOUbNPzbiemdCxGp2fspeLFFcKC21ujTVzOw3jUYZgxYV-OnF1ysd0x2UQUkl3NNdvgcRly97DuFr-s9m5gWoN9FrgOzoTL8KTstkU HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=85418b41-dd84-4130-b914-7f10cca2e640&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
104.18.59.150302 Found 0 B URL HTTP/2 go.xlviirdr.com/smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3=
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff?userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&sourceId=4234807&p2=898897&p1=NO&p3= HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLE3nWT4HPwnBgY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:50 GMT
content-length: 0
location: https://go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
set-cookie: _var=2043684.21763; Path=/; HttpOnly; SameSite=Strict
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792c2019fc17b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd3451bd74bcc43db291507eacc698dd
64231494724b11c90d11fdd0cbf2954dba749c25
2cc45dbfa6186106b2ca84a658373c5dbcad31f4edca24ae86879ac8d7f72322
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC45DBFA6186106B2CA84A658373C5DBCAD31F4EDCA24AE86879AC8D7F72322"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18267
Expires: Wed, 01 Feb 2023 21:44:17 GMT
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
track.trackingtraffo.com/pop/imp?auth=d12jux&c=9dHBw8ylQE4I7DdAePmXQ08iG2aJyLc3oDyETieiiK_tYdkxkg7FiF-lSZl67Fwx3bMrmg9SsefwLVStDEhTt0zZ5w7CU2_CChDqfn_8VlBSEkZpDt2ik2cZuDUeWZCaFF2mcKdnkAPyyZSi1c3wD9pD_AR5RRNj2t67YF6djT5JVTRCXqrobjNie5EjJPdp3C30r_JVpdEl1GrNn7AyFwIMxOD8U56lYSjZdJDgwkdG6thM1fchr5JrPrLHT27_b2lI0VKjM6vmWwFytiYPdlR3FFEoefK70u9_FsyQiwFda-FJ4xFdXQZ8d-ZHlR_iNBFqH85FUHup3TBoAU8cG4uGYrA9IH-efqKXGw9xox2EMyfpXRENhE3yfKSIh46fpAU12EG6erUM0cMiaj7WT8-j2QNJeAwWcvr_idGU-AcZOvSkgDekuBwFzYB4XIrAdufbAfa49lMorh62NDTwEiL-XJBFXLkCU7x1WcLilsOHA_ul0U3dkf0BIqtFBXUYd-1j5JiWxEE3oL7rNw_mzVFubc1JxL9KeVRuEBCe2j9Lv_02bTSm4C4XWxyd73vGP93u_wsuLK9U055PPEOdJN2VppHdz73YwExqkBVjs-yB0SZfHsCusNXvV7SBejPZdJ-Cj1HUcFXwlTz2kLzqXlf_WWLjZrC7CHJtYla0DAns9pXlH9kzIwDkYbxCV3jFB9nFnoUhbShSiyrCUKsNz6-DA1TiV2n_
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=9dHBw8ylQE4I7DdAePmXQ08iG2aJyLc3oDyETieiiK_tYdkxkg7FiF-lSZl67Fwx3bMrmg9SsefwLVStDEhTt0zZ5w7CU2_CChDqfn_8VlBSEkZpDt2ik2cZuDUeWZCaFF2mcKdnkAPyyZSi1c3wD9pD_AR5RRNj2t67YF6djT5JVTRCXqrobjNie5EjJPdp3C30r_JVpdEl1GrNn7AyFwIMxOD8U56lYSjZdJDgwkdG6thM1fchr5JrPrLHT27_b2lI0VKjM6vmWwFytiYPdlR3FFEoefK70u9_FsyQiwFda-FJ4xFdXQZ8d-ZHlR_iNBFqH85FUHup3TBoAU8cG4uGYrA9IH-efqKXGw9xox2EMyfpXRENhE3yfKSIh46fpAU12EG6erUM0cMiaj7WT8-j2QNJeAwWcvr_idGU-AcZOvSkgDekuBwFzYB4XIrAdufbAfa49lMorh62NDTwEiL-XJBFXLkCU7x1WcLilsOHA_ul0U3dkf0BIqtFBXUYd-1j5JiWxEE3oL7rNw_mzVFubc1JxL9KeVRuEBCe2j9Lv_02bTSm4C4XWxyd73vGP93u_wsuLK9U055PPEOdJN2VppHdz73YwExqkBVjs-yB0SZfHsCusNXvV7SBejPZdJ-Cj1HUcFXwlTz2kLzqXlf_WWLjZrC7CHJtYla0DAns9pXlH9kzIwDkYbxCV3jFB9nFnoUhbShSiyrCUKsNz6-DA1TiV2n_
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=9dHBw8ylQE4I7DdAePmXQ08iG2aJyLc3oDyETieiiK_tYdkxkg7FiF-lSZl67Fwx3bMrmg9SsefwLVStDEhTt0zZ5w7CU2_CChDqfn_8VlBSEkZpDt2ik2cZuDUeWZCaFF2mcKdnkAPyyZSi1c3wD9pD_AR5RRNj2t67YF6djT5JVTRCXqrobjNie5EjJPdp3C30r_JVpdEl1GrNn7AyFwIMxOD8U56lYSjZdJDgwkdG6thM1fchr5JrPrLHT27_b2lI0VKjM6vmWwFytiYPdlR3FFEoefK70u9_FsyQiwFda-FJ4xFdXQZ8d-ZHlR_iNBFqH85FUHup3TBoAU8cG4uGYrA9IH-efqKXGw9xox2EMyfpXRENhE3yfKSIh46fpAU12EG6erUM0cMiaj7WT8-j2QNJeAwWcvr_idGU-AcZOvSkgDekuBwFzYB4XIrAdufbAfa49lMorh62NDTwEiL-XJBFXLkCU7x1WcLilsOHA_ul0U3dkf0BIqtFBXUYd-1j5JiWxEE3oL7rNw_mzVFubc1JxL9KeVRuEBCe2j9Lv_02bTSm4C4XWxyd73vGP93u_wsuLK9U055PPEOdJN2VppHdz73YwExqkBVjs-yB0SZfHsCusNXvV7SBejPZdJ-Cj1HUcFXwlTz2kLzqXlf_WWLjZrC7CHJtYla0DAns9pXlH9kzIwDkYbxCV3jFB9nFnoUhbShSiyrCUKsNz6-DA1TiV2n_ HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=33447dec-a1cd-40ce-a3a4-68935d04f06d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
track.trackingtraffo.com/pop/imp?auth=d12jux&c=VpXUH2Ck4kBxFYWe72CpokW2JYDmknXPwruMghqfdKejLj3YsPCfzz0Gmc_ZVbrophQNI4rm60zJpDoF5oAUVZI8YQLCzlciRILc9RA6jaj1E_UgfBiO5a9wP19vqoRZseEPiLFq78Xa9BZFDVbsHBNrviC_QoWw1iD3igw4aXWwm4AwJy4kT7Fr9hqNAYtPM_wBIfhJptfs3Sz2VrZ8tkY-QM9JNsObML3CDcrc3ClJDUFfKcVMPuK3i53bg9FAkM_c-YPTNxQk4UrTp2jokvYcFoehbRerHUE_rxBsfvINyBWhgb97RNIr2kkIEO4h-UUSPAsSzHkpZ0uDg_IoXTi4KFNIL_wgDZrjvpvNy4wJYaSgTiNYe99x5dSL4vmGbHzOhR5jO0NAKMFUtD44Sb_EUryD2Z5IBUPpOlPEd_7GEC1SXTOrUwQUEE9roT4v2W9IN-Xps_3AO6EvqpNAzXtJ_pbeDHRysX8LhP0CsirRBjOzToIxbZKPtX0qp5wtpbQG4CViSiQdkqP9R0EHOIrnmEQ9TPSGpLaUICkREWrUvJCIIDKgPbOVECtV9M1HZNMw3-EPbqmUz412uCjBQhEqP5THj_Q2OHE-u9lAAr7-BElCV-87_RTzTseqSuD8y__w0vQ90NbH_aK2NvLT1s9ARJ29dgblUi-k8xFmitjATDHhgzUOnGchhfxVeq7sgoZMgNrmrNsIdjPeQT2qnSztKCe7WwNkvBBusCwinB4PKmfBL66SXpqvSZSFpV_D
88.214.195.156302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/pop/imp?auth=d12jux&c=VpXUH2Ck4kBxFYWe72CpokW2JYDmknXPwruMghqfdKejLj3YsPCfzz0Gmc_ZVbrophQNI4rm60zJpDoF5oAUVZI8YQLCzlciRILc9RA6jaj1E_UgfBiO5a9wP19vqoRZseEPiLFq78Xa9BZFDVbsHBNrviC_QoWw1iD3igw4aXWwm4AwJy4kT7Fr9hqNAYtPM_wBIfhJptfs3Sz2VrZ8tkY-QM9JNsObML3CDcrc3ClJDUFfKcVMPuK3i53bg9FAkM_c-YPTNxQk4UrTp2jokvYcFoehbRerHUE_rxBsfvINyBWhgb97RNIr2kkIEO4h-UUSPAsSzHkpZ0uDg_IoXTi4KFNIL_wgDZrjvpvNy4wJYaSgTiNYe99x5dSL4vmGbHzOhR5jO0NAKMFUtD44Sb_EUryD2Z5IBUPpOlPEd_7GEC1SXTOrUwQUEE9roT4v2W9IN-Xps_3AO6EvqpNAzXtJ_pbeDHRysX8LhP0CsirRBjOzToIxbZKPtX0qp5wtpbQG4CViSiQdkqP9R0EHOIrnmEQ9TPSGpLaUICkREWrUvJCIIDKgPbOVECtV9M1HZNMw3-EPbqmUz412uCjBQhEqP5THj_Q2OHE-u9lAAr7-BElCV-87_RTzTseqSuD8y__w0vQ90NbH_aK2NvLT1s9ARJ29dgblUi-k8xFmitjATDHhgzUOnGchhfxVeq7sgoZMgNrmrNsIdjPeQT2qnSztKCe7WwNkvBBusCwinB4PKmfBL66SXpqvSZSFpV_D
IP 88.214.195.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=d12jux&c=VpXUH2Ck4kBxFYWe72CpokW2JYDmknXPwruMghqfdKejLj3YsPCfzz0Gmc_ZVbrophQNI4rm60zJpDoF5oAUVZI8YQLCzlciRILc9RA6jaj1E_UgfBiO5a9wP19vqoRZseEPiLFq78Xa9BZFDVbsHBNrviC_QoWw1iD3igw4aXWwm4AwJy4kT7Fr9hqNAYtPM_wBIfhJptfs3Sz2VrZ8tkY-QM9JNsObML3CDcrc3ClJDUFfKcVMPuK3i53bg9FAkM_c-YPTNxQk4UrTp2jokvYcFoehbRerHUE_rxBsfvINyBWhgb97RNIr2kkIEO4h-UUSPAsSzHkpZ0uDg_IoXTi4KFNIL_wgDZrjvpvNy4wJYaSgTiNYe99x5dSL4vmGbHzOhR5jO0NAKMFUtD44Sb_EUryD2Z5IBUPpOlPEd_7GEC1SXTOrUwQUEE9roT4v2W9IN-Xps_3AO6EvqpNAzXtJ_pbeDHRysX8LhP0CsirRBjOzToIxbZKPtX0qp5wtpbQG4CViSiQdkqP9R0EHOIrnmEQ9TPSGpLaUICkREWrUvJCIIDKgPbOVECtV9M1HZNMw3-EPbqmUz412uCjBQhEqP5THj_Q2OHE-u9lAAr7-BElCV-87_RTzTseqSuD8y__w0vQ90NbH_aK2NvLT1s9ARJ29dgblUi-k8xFmitjATDHhgzUOnGchhfxVeq7sgoZMgNrmrNsIdjPeQT2qnSztKCe7WwNkvBBusCwinB4PKmfBL66SXpqvSZSFpV_D HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Location: https://newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=b3758a5f-820e-4633-9e0d-8ae0aea71a91&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.106200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 07:28:22 GMT
expires: Fri, 26 Jan 2024 07:28:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 551488
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vzvnjw.delicatedates.net/c/da57dc555e50572d?s1=103756&s2=1514503&j1=1
52.19.101.114200 OK 7.0 kB URL HTTP/2 vzvnjw.delicatedates.net/c/da57dc555e50572d?s1=103756&s2=1514503&j1=1
IP 52.19.101.114:0
Hash 90bdb1bbbdc728861425fe6cf4c86e70
071f1a9c9c7c9c0621e6ea3b89541ead5d1f801a
33627fe6b7aea3ada5addfabad125f3ce4baa7e4c4203e7a260e3dda976d57fb
GET /c/da57dc555e50572d?s1=103756&s2=1514503&j1=1 HTTP/1.1
Host: vzvnjw.delicatedates.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=63da57ae00024ba1; Path=/; Expires=Sun, 02 Apr 2023 16:39:49 GMT; Secure; SameSite=None
unique_id2=63da885f0004dee8; Path=/; Expires=Tue, 02 May 2023 16:39:49 GMT; Secure; SameSite=None
63da885f0004dee8_c=1; Path=/; Expires=Tue, 02 May 2023 16:39:49 GMT; Secure; SameSite=None
ref_token=83444_15966_103756; Path=/; Expires=Fri, 03 Mar 2023 16:39:49 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 01 Feb 2023 16:39:49 GMT; Secure; SameSite=None
63da885f0004dee8_sl=[277386]; Path=/; Expires=Wed, 15 Feb 2023 16:39:49 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
clickiocdn.com/utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&cnt=1
95.211.66.34200 OK 42 B URL HTTP/2 clickiocdn.com/utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&cnt=1
IP 95.211.66.34:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&cnt=1 HTTP/1.1
Host: clickiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/gif
content-length: 42
access-control-allow-origin: *
cache-control: no-cache
x-error: limit exceeded
x-error-host: mnams02
iseu: eu
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd3451bd74bcc43db291507eacc698dd
64231494724b11c90d11fdd0cbf2954dba749c25
2cc45dbfa6186106b2ca84a658373c5dbcad31f4edca24ae86879ac8d7f72322
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC45DBFA6186106B2CA84A658373C5DBCAD31F4EDCA24AE86879AC8D7F72322"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18267
Expires: Wed, 01 Feb 2023 21:44:17 GMT
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465930&auth=ztnrA6 HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://feed.us.adrunnr.com/12/?id=0b84c4cb-a24f-11ed-ad54-577dc8418891
Pragma: no-cache
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=B7CcP1geZvM_0&s=514185_471449
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=B7CcP1geZvM_0&s=514185_471449
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=B7CcP1geZvM_0&s=514185_471449 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: wn
Location: https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=514185_471449&pub_clickid=63da95d69f4d0110690d011a
xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
174.137.133.18200 OK 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471449&auth=bF2WC0 HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470362 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://s.click.aliexpress.com/e/_AkUaK1?dp=-67YVwJ6sqV9FOdN3qfzrI0dUYZusTiTFb-NH0QMXOE8aARbfvt-Oi95xFPKlZhNArNL9BqP3XCphcvDsUr0Xd_j6IFXUv35NM97v4pdpZPkuznxBH83SBH4hCWdSzLleKEflw_gUIDRUi
X-Request-Id: 52483efcba542658
Set-Cookie: ts_uid=db67d96b-e962-4821-8f9d-2ced1db91c16; expires=Tue, 01 Aug 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=402170:2696143:42071:4210626:37729; expires=Wed, 01 Mar 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
cdn-dimi.akamaized.net/landings/278385/1675090482/images/logo.png
95.101.11.40200 OK 41 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/logo.png
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037
GET /landings/278385/1675090482/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: j/C5Er8VvyM0bf7R5jrRqaezLhwR4l7mTxLNzFQRPV42XUJYdYiyUXa1llwUGWD/tZ2uTxkm3Co=
x-amz-request-id: SX8R6AK464BR6775
Last-Modified: Mon, 30 Jan 2023 14:54:44 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
vzvnjw.delicatedates.net/ortb
52.19.101.114200 OK 29 B URL HTTP/2 vzvnjw.delicatedates.net/ortb
IP 52.19.101.114:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a
OPTIONS /ortb HTTP/1.1
Host: vzvnjw.delicatedates.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/278385/1675090482/images/logo-white.png
95.101.11.40200 OK 9.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/logo-white.png
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Hash 27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0
GET /landings/278385/1675090482/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: I1TfQk2KxIY65lpfNFC1iEVWaIKl7ADNHdBOaSzofAGi/y07X4D1pd/6W7EsaQ40x9n0VGBDxnM=
x-amz-request-id: JGE1FWQKXTBF5FEV
Last-Modified: Mon, 30 Jan 2023 14:54:44 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/icon-city.svg
95.101.11.40200 OK 839 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/icon-city.svg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (735)
Hash 5f5ead641bc30316f498592eec2016a1
3195aa33596ba190a6584ccb75124dd9d9c13261
f028477ede528af987acd2bea73c8e462ea4cd6cf1137aae5085c85a82d93409
GET /landings/278385/1675090482/images/icon-city.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: UYqwBHvbSL8A/ztwzZa1MBLM0G1mAkyqU5Q+iKHI5HqmgCNIFf/5y8UcPt4MamLZkNzDlsuiD20=
x-amz-request-id: JGEBD3JDT7Q7YV2M
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "5f5ead641bc30316f498592eec2016a1"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 839
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/unlock.svg
95.101.11.40200 OK 2.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/unlock.svg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (944)
Hash a732e1e06affb4575c050fdb0131e5ca
da4f4f204a4d22c7424274a91520e0ea993c48c7
e17f481e5fe197e600ffe6cf53a94a4e49a73b6b817ff560cd92c3dd501d603f
GET /landings/278385/1675090482/images/unlock.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 4QlMTmpYtn0i4t2TFW7BVJPjlUyHg/yEEOm1I+uRvB4KvsbgmWIOrs5wk6WFIFlWrIpA7N2gT58=
x-amz-request-id: JGE57EEQM3813AJZ
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "a732e1e06affb4575c050fdb0131e5ca"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 2378
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/shield.svg
95.101.11.40200 OK 1.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/shield.svg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (310)
Hash 0c7a0dfd64cf020cd8a6dc0c3df1dbdf
f705635388aebebae1223d828c38233067f28ab1
856fdb53067254df9495660a355e5ed91936803b567867f1053ce5fb97107888
GET /landings/278385/1675090482/images/shield.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: FViqJMXKY50CT7lKb4NvtbNEJKOB0+PA6lhFlME/5vVB8aQG9wrNvwNem53n27h19ynrWILdROQ=
x-amz-request-id: SX8RA912MYQS8XGR
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "0c7a0dfd64cf020cd8a6dc0c3df1dbdf"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1539
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/1-eu.jpg
95.101.11.40200 OK 4.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/1-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 6e6d0b84c81d847e24671a711115a781
20dc2d359e437dc10ceefea4d3c7b5189c2e58d0
515974c9245ead07b3332ca22fa1581622118c75955941452140a602646aa553
GET /landings/278385/1675090482/images/1-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: T/qqFqAHeEw9dUx9XppE21ILoXrAVEBmfPln9KzV+rehdSvb5M1iuynQ85888yT3WfRA+aroyos=
x-amz-request-id: JGE52TM0HH9790KJ
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "6e6d0b84c81d847e24671a711115a781"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 4292
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465930&auth=ztnrA6
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465930&auth=ztnrA6 HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=gNf0c2Wi8qU_0&s=500268_465930
Pragma: no-cache
cdn-dimi.akamaized.net/landings/278385/1675090482/images/3-eu.jpg
95.101.11.40200 OK 3.9 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/3-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 80x80, components 3\012- data
Hash 1dc512dcb0850f22cfa72c789578085c
933e9c5648e782c9f9a1504d2248f0acb4b9950b
7a27ad3bbf259cc02f80f496c19e6033d958362c1b5075c1957bb502f2666d00
GET /landings/278385/1675090482/images/3-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: FW7rYXQT2p3pDGADoRihlU1kDkAmdOSiR6EBlgdHSmBIhz5u28Vp3Yui4PtYM/lAms7zygwGhqQ=
x-amz-request-id: 8AECHH0X1H607ETE
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "1dc512dcb0850f22cfa72c789578085c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 3946
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
xml.ezmob.com/redirect?feed=415010&auth=S9Ec57
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ezmob.com/redirect?feed=415010&auth=S9Ec57
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415010&auth=S9Ec57 HTTP/1.1
Host: xml.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dGPds8c3yL4_0&s=439438_415010
Pragma: no-cache
cdn-dimi.akamaized.net/landings/278385/1675090482/images/2-eu.jpg
95.101.11.40200 OK 2.0 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/2-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 66b6dc51bd19c799dcadf1dbeb628d9c
ff7fe6049e944186764bfc5041d624ec11f8d362
d3c1502509ae60909fe60c46cc58c41c1a9fe53ee7aeffb92d37a074ba8550f0
GET /landings/278385/1675090482/images/2-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: S6sA/4cFcMiFylIkJbD1uPPRVoVlpiD2CYWkEJCxD/9r3JIfeeohuiR8T43LTNxEwH82vfzBfC4=
x-amz-request-id: 8AE1T86WR6DCHN24
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "66b6dc51bd19c799dcadf1dbeb628d9c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2009
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/4-eu.jpg
95.101.11.40200 OK 2.6 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/4-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash cb3aff7c886e4f72a98172b873b5e62d
33de244dcb4db4abe54b6508ae8d1546eb279aa5
d22825c9a1ff2c18506f0c2c3abaf3bb77f8352ba7bd410d50d35f20adbab08e
GET /landings/278385/1675090482/images/4-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: tPxBkJcq6xBmQ2FZG/xFrwcKsXJdEeU94h9FqG0Oyrj2JeVFSW1S7QajS1ddvapM+vCFLkNHQFw=
x-amz-request-id: 8AE6Y1ZYPWAJRQA8
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "cb3aff7c886e4f72a98172b873b5e62d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2586
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/6-eu.jpg
95.101.11.40200 OK 3.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/6-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 9a6870069cb979e16b239f9ed485fb3c
c1dc7f3620c8cc391648c550f91b269b04d3c612
3e280ac6e0be5142f62957076a5c99e792eb61533e23f33b165aea4d522de818
GET /landings/278385/1675090482/images/6-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: vVvC1Cq0tDMHMHhWUbv+5i2t8t8EPCYFer+z8chInJgoh3wZA4+Hx+gXqpZMoy2FMcHV8K+ORiU=
x-amz-request-id: 8AE24PXCDPCB8XQD
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "9a6870069cb979e16b239f9ed485fb3c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 3256
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/7-eu.jpg
95.101.11.40200 OK 2.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/7-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 8155d8ecc7dc2d9b29cf99ab85c3d2a8
ba784563c7787760b318af24ea274ad6df2c5b89
7e368b2c331e65b43d9e6977dde473b4ee4ed25f0253e0d086ca676438b97d27
GET /landings/278385/1675090482/images/7-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: onRJZ+i2+RbbvHDka/qxOrzuXIAaZeFefLM4AuG9q/OL7D8xUTVXtLsezUGLE2e0U5r+38OpH/M=
x-amz-request-id: 8AE6F0HQDRQ3WG03
Last-Modified: Mon, 30 Jan 2023 14:54:46 GMT
ETag: "8155d8ecc7dc2d9b29cf99ab85c3d2a8"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2282
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/8-eu.jpg
95.101.11.40200 OK 2.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/8-eu.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 41bbda91cef3f22db1d45d66f7ca0961
e2f8f56674e0180063a4f8287931dc0b273baf8e
d0f8fe31f17be4afd352a60628de61eef59ee08ac0ecddac9cfe4e4a504f4f0e
GET /landings/278385/1675090482/images/8-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Txdim0ahqTs48DYuqVB0sTfIHqWh2iRs8HpiYXwRgdVpg85VB4CHKq2kDmbCmsgB2kaGO5bBlvc=
x-amz-request-id: 8AE9RY8E5XPM40CN
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "41bbda91cef3f22db1d45d66f7ca0961"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2458
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e9f9f775ffe8571c9928fd4da960a24e
d48d0e064290838fdf90b08a86c2016b21766b34
d9adb666e61be35efd935eeddd15f64be53b6f7da2b40a33a6057ba21b953504
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D9ADB666E61BE35EFD935EEDDD15F64BE53B6F7DA2B40A33A6057BA21B953504"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3776
Expires: Wed, 01 Feb 2023 17:42:46 GMT
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
95.101.11.40200 OK 62 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x1280, components 3\012- data
Hash 765620bf3d6dcdb5495b70409b6b4ba8
f4a00a38ca93130e5e0398deea0ba2f928e2172b
e0d65a21b743f7fe6de2f4bd57316546e7f30c7810740d68322a44dfe3004373
GET /landings/277386/1674482702/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: DN/ORRP+ZmDWf54gqqjva5kfXpE0IEdc5OmLslwaG4rypLe6K1X+EkheHORoB9fh8l6AEmhiBfI=
x-amz-request-id: 2CZV0H2VF4M0ESRB
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "765620bf3d6dcdb5495b70409b6b4ba8"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 62164
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png
95.101.11.40200 OK 41 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037
GET /landings/277386/1674482702/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 02hWy+55nn2hjgmuzIX+qFZv7tf0gekStDnHwqj1lTX1LDMx1d99LmCru/qleUrZNFj9lw8/Wig=
x-amz-request-id: 8HAQ2FF8TB4MKBX7
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn.tubecorp.com/vs/vs.js?_=1675269609122
45.133.44.24200 OK 15 kB URL HTTP/2 cdn.tubecorp.com/vs/vs.js?_=1675269609122
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (43236)
Hash b6442ec7ee7bb3bec3544b44f13cc44f
64e268e2e62a8a7066ba7dc089882298e752e4a4
da93acd0b37848feb191a919b35aeb3eae02a39fb534c890b7989d8074c96cc1
GET /vs/vs.js?_=1675269609122 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.20.1
last-modified: Fri, 26 Feb 2021 08:59:15 GMT
etag: W/"6038b863-b46b"
cache-control: max-age=3600
x-request-id: e07a8c5e4f2b0b8b4d0d7fdeb26353fa
content-encoding: gzip
expires: Wed, 01 Feb 2023 17:39:47 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
95.101.11.40200 OK 29 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Hash 2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3
GET /landings/277386/1674482702/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: ZHNkCqMI6lJFP29YICvc5aappBqk8femCbBz6gZHHmd8Jur5NhTb45zmogK8t9pOJQWMpEupTCA=
x-amz-request-id: 2CZKQK8HN6176NWT
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e663f038ad396e19fb5d757355b150f3
6905336912f5327b0371bb35f223dd2aca936756
17bde5e10f6a3f5a315c97521067435c913f91595fe4add75060e1e1fa8c2ee6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17BDE5E10F6A3F5A315C97521067435C913F91595FE4ADD75060E1E1FA8C2EE6"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Wed, 01 Feb 2023 18:34:21 GMT
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
tfosrv.com/impression.php?channel_id=60771&id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547&site_id=13101&uuid=c5342549-eae5-4850-81ca-7cef1f732944
216.18.168.29302 Found 0 B URL HTTP/1.1 tfosrv.com/impression.php?channel_id=60771&id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547&site_id=13101&uuid=c5342549-eae5-4850-81ca-7cef1f732944
IP 216.18.168.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /impression.php?channel_id=60771&id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547&site_id=13101&uuid=c5342549-eae5-4850-81ca-7cef1f732944 HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: sppc_uuid=b50cd85f-f0f3-4ee3-b0b8-55cb374b3a6d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:50 GMT
content-length: 0
location: https://trafforsrv.com/click.php?id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547
set-cookie: sppc_uuid=c5342549-eae5-4850-81ca-7cef1f732944; max-age=31536000; path=/; secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DA95D6-D812A81D01BB3E4D-46B606D
runative-syndicate.com/api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467932
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467932
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467932 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=-6ccApYmyHiA1EjHFVoXBB-NVEfKpHCkDKd6xzkqSG3oW5SMT0ztoTqtEt4vu1q0ZymUYywtQupLYuRrdN2l3RTF6O2iwUwQy3Alrt7eahAOM3OPqg_gUIDRUi&sourceId=460140&p1=4133032
X-Request-Id: fdeb5cc30ba22723
Set-Cookie: ts_uid=89f139f3-ebc2-40f2-a680-0ec1f7becead; expires=Tue, 01 Aug 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=460140:2954798:18498:4133032:34394; expires=Wed, 01 Mar 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465920&auth=3zQPqj HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=fO5idNFIbjE_0&s=437177_465920
Pragma: no-cache
xml.adflyer.media/redirect?feed=470363&auth=oBKank
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=470363&auth=oBKank
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470363&auth=oBKank HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470363
Pragma: no-cache
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_496490_467932
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_496490_467932
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_496490_467932 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 43198c241b3b4c776bef72bcf9dfe764
cb4dbf3d84b86c99e679e2569c0dd3cb8c713454
f24941fa427616de1be9819488e14054563f0cb3c555ba9b47092f9bff2316b8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=163396
Date: Wed, 01 Feb 2023 16:39:50 GMT
Etag: "63da6126-1d7"
Expires: Fri, 03 Feb 2023 14:03:06 GMT
Last-Modified: Wed, 01 Feb 2023 12:55:02 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: C7qEffeeWCZWwJG5VmFue3lOiuO84jY6o9fYrMya-TL2Zy9dd0h2ng==
Age: 4084
www.forza.idescargarapk.com/ts_pro/cerdashd.com.php
50.31.176.38200 OK 1.9 kB URL HTTP/2 www.forza.idescargarapk.com/ts_pro/cerdashd.com.php
IP 50.31.176.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1257), with CRLF line terminators
Hash a2fd2dd81fc757d949630b9ddf8269c2
e2cc802d9eb0d87cffac9e285c66f362ee880291
30533f7da3b6fbda025f687c8786e5b58f676cfb72726cf7445d697294a07bb5
GET /ts_pro/cerdashd.com.php HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:48 GMT
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470427_470363
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470427_470363
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470427_470363 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e663f038ad396e19fb5d757355b150f3
6905336912f5327b0371bb35f223dd2aca936756
17bde5e10f6a3f5a315c97521067435c913f91595fe4add75060e1e1fa8c2ee6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17BDE5E10F6A3F5A315C97521067435C913F91595FE4ADD75060E1E1FA8C2EE6"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Wed, 01 Feb 2023 18:34:21 GMT
Date: Wed, 01 Feb 2023 16:39:50 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash d5ac05cc384fc7833f0a25f0032ef1d0
30f5ebce5d804d2e31be22c8d7050c8c5e485a07
a05be79535c197e6ccc0b22fd4500688f1bd68d0460f669ce935f2ea42e69867
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 01 Feb 2023 16:39:50 GMT
Etag: "63d97eac-1d7"
Last-Modified: Wed, 01 Feb 2023 16:23:56 GMT
Server: ECS (dcb/7EA5)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XaalBGeYEfs8q2sVXIxd7XV8jXWmTwwyyxVMquhOUUHSO2VSh4momw==
Age: 955
feed.us.adrunnr.com/12/?id=0b84c4cb-a24f-11ed-ad54-577dc8418891
34.234.118.172307 Temporary Redirect 0 B URL HTTP/2 feed.us.adrunnr.com/12/?id=0b84c4cb-a24f-11ed-ad54-577dc8418891
IP 34.234.118.172:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /12/?id=0b84c4cb-a24f-11ed-ad54-577dc8418891 HTTP/1.1
Host: feed.us.adrunnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Wed, 01 Feb 2023 16:39:50 GMT
content-length: 0
location: https://trk.suprclicks.com/82464d51-0c69-45bf-8f1f-a7e73c8a358d?pid=77b7f54e&cost=0.0007&browser=Firefox&carrier=&cid=0b84c4c7-a24f-11ed-ad54-77b86c798490
set-cookie: __sess=0c119c21-a24f-11ed-ad54-577dc8418891; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=adrunnr.com; Secure; SameSite=None
X-Firefox-Spdy: h2
feed.us.adrunnr.com/12/?id=0ab8c2b2-a24f-11ed-ad54-577dc8418891
34.234.118.172307 Temporary Redirect 0 B URL HTTP/2 feed.us.adrunnr.com/12/?id=0ab8c2b2-a24f-11ed-ad54-577dc8418891
IP 34.234.118.172:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /12/?id=0ab8c2b2-a24f-11ed-ad54-577dc8418891 HTTP/1.1
Host: feed.us.adrunnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Wed, 01 Feb 2023 16:39:50 GMT
content-length: 0
location: https://trk.suprclicks.com/82464d51-0c69-45bf-8f1f-a7e73c8a358d?pid=bacad6bb&cost=0.0007&browser=Firefox&carrier=&cid=0ab8c2b1-a24f-11ed-ad54-77b86c798490
set-cookie: __sess=0c119c1f-a24f-11ed-ad54-577dc8418891; Expires=Thu, 01 Jan 2099 00:00:00 GMT; Domain=adrunnr.com; Secure; SameSite=None
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_459305_498003
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_459305_498003
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_459305_498003 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 4.7 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash 81f29bd4ae310141e577e7534a7d6bc9
5015d181f9f90f1901779ef94783600862df1e53
27305a4fcee7c3070aecc794c0dd5228bd90faa7e195f1e10d9dc046630bff77
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99183CF8FA"
x-ms-request-id: d4160c8c-201e-0016-7481-31e4d5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201bb948b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466228
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466228
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=466228 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://s.click.aliexpress.com/e/_AkUaK1?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi
X-Request-Id: b2f25ddc9240c4f4
Set-Cookie: ts_uid=a01f30ce-2250-4c29-9c5b-0fc470690429; expires=Tue, 01 Aug 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=402170:2696143:42071:4210626:37729; expires=Wed, 01 Mar 2023 16:39:50 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 998 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash 38d25b02ea0e155154f08367c1a10f26
3e36ffc0dbf947336e693bb70ad6ffb00625230a
0fc83d5a786d7b9f5c0d74e4d2ce4918273e15b0f64a05430ab31560b6367c78
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915A7459F"
x-ms-request-id: e677fb13-901e-0061-5581-313141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201ba93fb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dGPds8c3yL4_0&s=439438_415010
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dGPds8c3yL4_0&s=439438_415010
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dGPds8c3yL4_0&s=439438_415010 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: wn
Location: https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=439438_415010&pub_clickid=63da95d6b69c41669a37ca86
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 14bbeb2310b556c8f896632dae1a43ae
4d447c80b0f1a8b75b1969eacd7a569f06bbb224
cb768cf2599bf0f010578f2dcff90e1872c00a4fd94f24f623df42d600726c9d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:50 GMT
Server: ECS (amb/6BA4)
Content-Length: 280
appsha-pnd.ctengine.io/js/script.js?wkey=0ndt7tVOXY
109.109.136.213200 OK 2.4 kB URL HTTP/2 appsha-pnd.ctengine.io/js/script.js?wkey=0ndt7tVOXY
IP 109.109.136.213:0
ASN #205072 Layershift Limited
File type ASCII text, with very long lines (5764), with no line terminators
Hash d1b9cbf504315cf8ce7dcdd4ec04a853
97372809ee62be22bc8dd4e521b3674f3ce5edb6
f269286bd4dbdb020df9ed0fbd4b7f47693c49de098e69fd91c937f02778f592
GET /js/script.js?wkey=0ndt7tVOXY HTTP/1.1
Host: appsha-pnd.ctengine.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: route=b69b7737fc9de3bcfcefb724b85e82b2; Path=/
SRVGROUP=common; path=/; Secure; HttpOnly
content-encoding: gzip
X-Firefox-Spdy: h2
xml.adflyer.media/redirect?feed=470363&auth=oBKank
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.adflyer.media/redirect?feed=470363&auth=oBKank
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470363&auth=oBKank HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470363
Pragma: no-cache
fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.74200 OK 849 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.74:0
Hash 0c58d7dfaea2c175234432ddb150da00
af7ac22285763d283b9a76154b0b69f2deb9d249
63da34660094f0509e762563058a86c37d5fba3a8745ad3b381f1d098fa3288b
GET /css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 16:39:46 GMT
date: Wed, 01 Feb 2023 16:39:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dhek-E7cyQk_0&s=507239_415011
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dhek-E7cyQk_0&s=507239_415011
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=dhek-E7cyQk_0&s=507239_415011 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_507239_415011
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e0d5cef290e64147859d24dfab033f8d
1b64cb1c126247bd2c4e8b6fcf8e47d6326a1b96
9582d5a0c46f3f52cc725d71627a37565c47c0a89da08704c80df92b28e7d5b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3441
Cache-Control: max-age=88591
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:50 GMT
Etag: "63d93f75-118"
Expires: Thu, 02 Feb 2023 17:16:21 GMT
Last-Modified: Tue, 31 Jan 2023 16:19:01 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/css/style.min.css
49.12.123.158200 OK 22 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/css/style.min.css
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (22358), with no line terminators
Hash ad720c3f05024a37361dfeb614dfa2fd
49a33c73b6f5d04c82dee7c8872f157383958411
71f46ed2adaf4c7893d961ab5623df15e61f64dde49b2ca2ac7d3e1a65e790af
GET /landers/20bet_welcome_football_en/20bet_EN%202/css/style.min.css HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/css
content-length: 22358
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-5756"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/20bet.svg
49.12.123.158200 OK 5.3 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/20bet.svg
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- HTML document, Unicode text, UTF-8 text, with very long lines (722)
Hash f1c66610f7f03afacc4a4a706dc35b69
ce510dadfedd0a6c9a075a407b988023b8ab9e8d
0fbcd3231e4dc8a9fff2a8e97b3457b170e4b4d2f3324c8acea227c542a2800b
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/20bet.svg HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
content-length: 5337
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-14d9"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_444917
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_444917
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_444917 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 12 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ed99a186c8eba768ad7fac2bed9e4a0f
a6704696d1975d33b98322905c7925f4ade58992
f5145a039deebbf7ffd6349a809352e806767d78642dbf001885ee209336df50
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915D02464"
x-ms-request-id: 9ee27f41-c01e-000e-3881-313bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164947b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=14a85337-f98d-49f1-9580-e72e314e964d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
49.12.123.158302 Found 280 B URL HTTP/2 newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=14a85337-f98d-49f1-9580-e72e314e964d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
Hash e0d5cef290e64147859d24dfab033f8d
1b64cb1c126247bd2c4e8b6fcf8e47d6326a1b96
9582d5a0c46f3f52cc725d71627a37565c47c0a89da08704c80df92b28e7d5b2
GET /click.php?key=qcopnrbsgld1lpyq4gqz&clickid=14a85337-f98d-49f1-9580-e72e314e964d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456 HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591
set-cookie: uclick=177sa23vir; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vir-177sa23vir-slvc-0-2t1mwj-52a8wj-52a8vr-1eb48e; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 44 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
Hash 4d1dcda6e8200f9cfccbcb3d0f0a4af1
4f4274ed1234065bd76669818119e16a0facc307
f480b1beea26892e50a4e8217941ffe381bcd83f8ded42ef10d939af9a97ef1b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914DE94BB"
x-ms-request-id: 580bcb77-701e-0034-8081-3121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20170a79b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 998 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash 38d25b02ea0e155154f08367c1a10f26
3e36ffc0dbf947336e693bb70ad6ffb00625230a
0fc83d5a786d7b9f5c0d74e4d2ce4918273e15b0f64a05430ab31560b6367c78
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915A7459F"
x-ms-request-id: e677fb13-901e-0061-5581-313141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20163911b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
sub.adzgame.com/redirect?feed=467930&auth=c99tDL
173.239.53.18302 Found 0 B URL HTTP/1.1 sub.adzgame.com/redirect?feed=467930&auth=c99tDL
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467930&auth=c99tDL HTTP/1.1
Host: sub.adzgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=bYGBX6UXu8k_0&s=496490_467930
Pragma: no-cache
xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
173.239.53.18200 OK 0 B URL HTTP/1.1 xml.admidainsight.com/redirect?feed=500770&auth=fclUlL
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=500770&auth=fclUlL HTTP/1.1
Host: xml.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83f91804a684ed3e0910efe7e1c0772c
ddbcb06bc696aecf70c34ee39553d83bf1f6f383
0120989514067d0256b184616c9f292d7bffc23d81b46838e12716e5a3721bff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0120989514067D0256B184616C9F292D7BFFC23D81B46838E12716E5A3721BFF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8869
Expires: Wed, 01 Feb 2023 19:07:40 GMT
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/8nOuo8o94fQ
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/8nOuo8o94fQ
IP 142.250.74.131:0
Hash 27210358b4b3052c21575f6d6b28b936
c9b6a5748eb5281383e61b4bfb7bbec65a0600e5
63d42fe3bc6b8702856cceb86f70cd09307fbf1a8844d62c2ed1b6651d22e013
POST /s/gts1p5/8nOuo8o94fQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.forza.idescargarapk.com/ts_pro/venecholanas.com.php
50.31.176.38200 OK 34 kB URL HTTP/2 www.forza.idescargarapk.com/ts_pro/venecholanas.com.php
IP 50.31.176.38:0
Hash 27a5628c79b2fa5f6f8ee47d416ee88a
baade45fed33acb2dd6d79042fe8dcf826351fd3
3d4c6e1fc74ac0b6628a230c9e8eb2d5907b5295bde6165143d9839d9161dc11
GET /ts_pro/venecholanas.com.php HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:49 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:49 GMT
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/js/main.min.js
49.12.123.158200 OK 724 B URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/js/main.min.js
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (724), with no line terminators
Hash 53a490370c08205c39d0fb3f8a902308
19b5ec46e5ccd7ff136f1d012d239d5d10e6b6a4
b0b515e84bda37b3bca536ff5e080d68c3d5e4c94ed98eba564437b8cd873f59
GET /landers/20bet_welcome_football_en/20bet_EN%202/js/main.min.js HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
content-length: 724
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-2d4"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIjIuvyCEskjFfvo40OZpRGptN766XycdOiQHXVvKrtsxEr3jj5kuBlEl3LfEimHy6vr75FagMHmbmQeUGrbOwkNcuQNGXlnRw8MKv6hEyAgNugxrE5w_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
location: https://stripchat.com/girls/teens?affiliateId=010223v8zvro89tud8uav0pr7lj4i7ilsxitko0is00966thnrqpw3j9tpbh3dkg&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: stripbotVariationName-StripcashTest16=NullWidget; Path=/; Domain=go.xlivrdr.com; Expires=Fri, 03 Mar 2023 16:39:51 GMT; Max-Age=2592000; Secure; SameSite=None
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLE5G9VTQhCKWfN; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:51 GMT; HttpOnly
server: cloudflare
cf-ray: 792c201fca81b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/socker.png
49.12.123.158200 OK 57 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/socker.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 730 x 579, 8-bit colormap, non-interlaced\012- data
Hash 20afb35060c967daeebb00cd151fe3b3
1337e9db04afdc2c0b3806fb8e551d5abb344fda
40ab51e989bcc85dee96d13095bdd96f1bda40fb188cc08c69a06ca042702adb
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/socker.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 57321
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-dfe9"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42348075897605X4pIDW7Msr8geu1mtHruKjL950o-V_VAq_p9QBIx7dGtdtVnPcR-LtSifki07dybnVUsN0tSMbTkRGAglanhCu9rSeDCIkF7kvcrlkwvwphRdTN4HfhDPg_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
location: https://stripchat.com/girls/teens?affiliateId=010223ioi9vn3ojkken3f2auz7uoqb5t7bzfp8vf995ch3ii3jkptt2ryqqgblb0&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: stripbotVariationName-StripcashTest16=NullWidget; Path=/; Domain=go.xlivrdr.com; Expires=Fri, 03 Mar 2023 16:39:51 GMT; Max-Age=2592000; Secure; SameSite=None
__cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFfES5QmovSMHW; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:51 GMT; HttpOnly
server: cloudflare
cf-ray: 792c201fca7db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 3.0 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash 52a2e0d6800a5cac6833ac7bcdcba3fd
17be5e20b1ed6106bf866110ac09992df195ba1d
9e3e2f4a8aa88db2bd428ad5be7f119b8ea1f61f9aea45cbebd9dd841aa2bda2
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99173FAB3F"
x-ms-request-id: af16bb2e-701e-0046-1c81-312685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164938b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=7b1c63d8-5a25-45c0-bcee-4f418f86b1a7&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
49.12.123.158302 Found 19 B URL HTTP/2 newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=7b1c63d8-5a25-45c0-bcee-4f418f86b1a7&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
Hash fa78429a4ac2ad0d027a04db4bb4db9d
0f1ca8d4a900b509742282199c6e04d030ca3138
f90c19217d325e5afefc242645e4b0c7dcf8c127b7eb8aaa155bebc3ef67baf2
GET /click.php?key=qcopnrbsgld1lpyq4gqz&clickid=7b1c63d8-5a25-45c0-bcee-4f418f86b1a7&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456 HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=623e7177sa23vk277a
set-cookie: uclick=177sa23vk2; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vk2-177sa23vk2-slvc-0-2t1mwj-52a8wj-52a8vr-cab869; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 2.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 87314db431fd805b238bcf2161debada
42115e2985b485e14f5444098429d293be61cb64
ca253b25573234d997978fcf80425ea04d964724f638f455b1bebb96de20b330
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99184AD9A4"
x-ms-request-id: fa9ed380-a01e-0027-7f81-3105c6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164926b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 56 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
Hash 6a90cc6fc1ebb324f7a17d139ab27cda
f22b640785bff8830f33197c3ae7cca5514468ae
45e662de9d5ad0f5784287a110e30aeb3efa16d5da7b836c364dca7b9cea55de
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 202034
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2016390eb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/bottom-logo.png
49.12.123.158200 OK 32 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/bottom-logo.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1648 x 185, 8-bit/color RGBA, non-interlaced\012- data
Hash 04a97e2ab82d9899c0238d8eef90e9dd
e1d3d914dc4da50069c8e05b69b4818eba3a3fca
ad1545260d07358ea1fea897b00fe12d0052a2046a6607007bd324a8265b72ff
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/bottom-logo.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 31704
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-7bd8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3446b28fc5970335c985e48769168bfb
0bd4b3a1cbf8a72f88fffecd1850e94d1d0ce026
ba12b8cc3604e0597befa213d45989b3b043fecb425091dcd6c3e5f9b3cc2820
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5964
Cache-Control: max-age=155163
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Etag: "63da39a6-117"
Expires: Fri, 03 Feb 2023 11:45:54 GMT
Last-Modified: Wed, 01 Feb 2023 10:06:30 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3446b28fc5970335c985e48769168bfb
0bd4b3a1cbf8a72f88fffecd1850e94d1d0ce026
ba12b8cc3604e0597befa213d45989b3b043fecb425091dcd6c3e5f9b3cc2820
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5953
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Last-Modified: Wed, 01 Feb 2023 15:00:38 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
eastfeukufu.xyz/redirect?tid=926093&subid=435706.469740
54.230.111.13302 Found 0 B URL HTTP/2 eastfeukufu.xyz/redirect?tid=926093&subid=435706.469740
IP 54.230.111.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=926093&subid=435706.469740 HTTP/1.1
Host: eastfeukufu.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://snzzv.heparlorne.com/HEFEDAP?tag_id=926093&sub_id1=435706.469740&sub_id2=1993355499426491842&cookie_id=34005c53-b53a-40d7-9c36-59547cbc469f&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D435706.469740&geo=NO
date: Wed, 01 Feb 2023 16:39:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=34005c53-b53a-40d7-9c36-59547cbc469f
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hUy3XTijZB1eq2wYcSgeF6YLx8832KYuL7ZJt07WxNB1AAufjZEbIQ==
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-1.png
49.12.123.158200 OK 3.8 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-1.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 95 x 91, 8-bit colormap, non-interlaced\012- data
Hash 4eaf45478fcecafea6e48df16714b414
b590ef440d2c5fd7974ad1a3dc2d61de7c0191d8
29ab016d8a0cd40560b48820c54ff8f8e557cd5ea2e061faba2231ac206cce1e
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/icon-1.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 3792
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-ed0"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-2.png
49.12.123.158200 OK 3.9 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-2.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 111 x 111, 8-bit colormap, non-interlaced\012- data
Hash c196e569a02612678a6530d99769f939
25d338c8862eb232af9b51ca5c254ddf0321411a
45433f54d0a8a072e9b4ce37b32aca3f3fe074ecdd6b7c3e75404b7d8ec5d536
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/icon-2.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 3885
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-f2d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-3.png
49.12.123.158200 OK 4.5 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/icon-3.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 112 x 102, 8-bit colormap, non-interlaced\012- data
Hash 0fedd5a047a3aee807bdbb9b83614b94
dbac7a0f5d17d11397b688f286a56ab3b99ccc7f
2b15405cceda8d7f227161b40dc3623c65f77f15819fddcbd911f019f8c3ef4d
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/icon-3.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 4541
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-11bd"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=85418b41-dd84-4130-b914-7f10cca2e640&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
49.12.123.158200 OK 8.4 kB URL HTTP/2 newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=85418b41-dd84-4130-b914-7f10cca2e640&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
Hash 31dba4d61f8a778386f5381a4b0714d9
640a197250681ad1bd2996fe302cffd16a2b9480
6e97c4487ed33a9673293d82776b14301efd7aacf68ef427325c4080bf0dfc2b
GET /click.php?key=ton7p9rlyxwdhpui7in5&clickid=85418b41-dd84-4130-b914-7f10cca2e640&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=177sa23v7s; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23v7s-177sa23v7s-17sc6o-0-q5a83y-tw3zdz-wf1ni4-46b49e; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/payments-1.png
49.12.123.158200 OK 5.1 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/payments-1.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 665 x 52, 8-bit colormap, non-interlaced\012- data
Hash 702d2dbcd4b8d9db4c4a3adfc7faf6db
a5143badb8e72e84dd35164b0b5b776f1e3eb4b1
f4a847e087f27af8b8063b7ef68c4bdd7b67593d391027a2ca9b6fa91db52d7e
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/payments-1.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 5116
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-13fc"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/payments-2.png
49.12.123.158200 OK 5.3 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/payments-2.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 739 x 40, 8-bit colormap, non-interlaced\012- data
Hash 310d03756010487eb510321dbf67239d
c1dc2082953bbec17f258651cafc879274b569ef
d379c0b1e034f30c513a36ec00361d7a29edf3e1b8b76049c57f596f95a59874
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/payments-2.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 5292
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-14ac"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4248917&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4248917&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=_Aeu-THmjAIWXqYWo6xAIgtbcFf0d42489175897605X4pIYTmMay3c3Pju9VaZfsF3vOk8TMkZtkTmVap14loOgUg6ju47YrFaPCMeYzy8d2U6tOobYejIprXC6bAhU0AfX1zD41PWfMx01yt55SrfYg-BSMmtCw_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4248917&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
location: https://stripchat.com/girls/teens?affiliateId=0102234gc5343fr2ra39j3rf0btg7zqwxf8l5it2nilz79ytgiul1pztzf5wio6q&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4248917&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: stripbotVariationName-StripcashTest16=NullWidget; Path=/; Domain=go.xlivrdr.com; Expires=Fri, 03 Mar 2023 16:39:51 GMT; Max-Age=2592000; Secure; SameSite=None
__cflb=02DiuDfsBaY2bRYJiCfFHYpfgnRfzoh6L5Jt2TUkMWX7A; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:51 GMT; HttpOnly
server: cloudflare
cf-ray: 792c20206b9fb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eastfeukufu.xyz/redirect?tid=926093&subid=463404.503375
54.230.111.13302 Found 0 B URL HTTP/2 eastfeukufu.xyz/redirect?tid=926093&subid=463404.503375
IP 54.230.111.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=926093&subid=463404.503375 HTTP/1.1
Host: eastfeukufu.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://kemgm.heparlorne.com/PBKQAIZ?tag_id=926093&sub_id1=463404.503375&sub_id2=8000496244570220743&cookie_id=bbec12dd-39bc-45fe-aaac-120d44eca959&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D463404.503375&geo=NO
date: Wed, 01 Feb 2023 16:39:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=bbec12dd-39bc-45fe-aaac-120d44eca959
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2BvNnEI3ZGUH4IOIxISoSxStMky1gkZ3DMloV8u9rpNYDxJD_jzaZw==
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/phone.png
49.12.123.158200 OK 631 B URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/phone.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 20 x 24, 8-bit colormap, non-interlaced\012- data
Hash 80175bba047a6026ff7616a0c7232f86
e5b96e9f44d30a962276f23f17c01dba4f56dcb0
cef39248e276a87a39155fa5f416b96be479ebbca2e15d30ea9b7cb3ff9a0df2
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/phone.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 631
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-277"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/shield.png
49.12.123.158200 OK 593 B URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/shield.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 20 x 24, 8-bit colormap, non-interlaced\012- data
Hash d1ec26002cca9339eeabf47bb59b4a19
077bc31261913a16b23725b1f6e467dbc4db3c3e
59fb9d4f97d655bf1c79bf66bdd6e09de78042a6e8a27c58f4d379ee958a0079
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/shield.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 593
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-251"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/smoke-2.png
49.12.123.158200 OK 120 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/smoke-2.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1690 x 387, 8-bit colormap, non-interlaced\012- data
Size 120 kB (119619 bytes)
Hash 50da46da4a7e73b6beb2c10d7f625788
1ad315073187cbffe5b463ab534e34ebf73a841d
7a12a558c6c321d60f45d3d0176b77a7c8e865afb422f2e5f8d841c42ad3820f
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/smoke-2.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 119619
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-1d343"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/glow-1.png
49.12.123.158200 OK 96 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/glow-1.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1459 x 1411, 8-bit/color RGBA, non-interlaced\012- data
Hash 8afbe2548cd24b2890f214e5237a78db
a5a6e7bb6dceec777a8690841ea4ae3829ad83dd
8f6c54dec6d9eff190a4d6b3b4e8c9029bfc445af0754cab1509d7191dd7db1a
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/glow-1.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 95785
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-17629"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/glow-2.png
49.12.123.158200 OK 120 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/glow-2.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1481 x 1411, 8-bit/color RGBA, non-interlaced\012- data
Size 120 kB (120509 bytes)
Hash e7a47136efd09963f7dea4d866f9c40c
e36229ee7205f3238e14e057f65c89bec7e47de0
c3be6a86bbc36f7a66ce2c238c06a149c3bdaa447b8d5e2cbf42df014a194549
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/glow-2.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 120509
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-1d6bd"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/main-1.png
49.12.123.158200 OK 337 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/main-1.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 961 x 1165, 8-bit/color RGBA, non-interlaced\012- data
Size 337 kB (336784 bytes)
Hash 05ed580b6a391875d5e22bc6433cd5c1
9e8ffebd9f0a64bd9e491219ebe4f9fbff0e1dee
c9e4b09e4fc5d092582b3c53025ded58a5b377149e0cb75e5915e8813b8a17d5
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/main-1.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 336784
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-52390"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0904ed90b911a8a11e764f04d383378
dc06b8188e6b3a34c3ba4736229851dbf4e177ed
0b600e85e594f2914a485539242d85d7b13be56339165dc5129fd286a82d4bd4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B600E85E594F2914A485539242D85D7B13BE56339165DC5129FD286A82D4BD4"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21547
Expires: Wed, 01 Feb 2023 22:38:58 GMT
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415140
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415140
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_470760_415140 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_507239_415011
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_507239_415011
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_507239_415011 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/main-2.png
49.12.123.158200 OK 286 kB URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/main-2.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 990 x 722, 8-bit/color RGBA, non-interlaced\012- data
Size 286 kB (286309 bytes)
Hash 0379a118e328ceb7f2ccd1165a9d6ac2
b0c5e47219ef71a2c3989fa24fa0f4ed9dd4b3f4
ff439e2f5f7022661aac61f8a92e09cbf567b4438355c2b77b8682855215d4a1
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/main-2.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 286309
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-45e65"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
t.irtyd.com/hlprk5afnk?url_id=18234&aff_id=82044&offer_id=779&bo=2779,2778,2777,2776,2775&po=6533&model=NiceHotJob
52.207.71.232303 See Other 360 B URL HTTP/2 t.irtyd.com/hlprk5afnk?url_id=18234&aff_id=82044&offer_id=779&bo=2779,2778,2777,2776,2775&po=6533&model=NiceHotJob
IP 52.207.71.232:0
File type HTML document, ASCII text, with very long lines (360), with no line terminators
Hash 63bbca4819c484984b2befef404a08f8
6f75a1bf5d8997c203c9a0c1f0d84f17960b07a2
e9b10983910aa6d1918f5576f33289d4f15240d07222c00fc75c27d696aefdff
GET /hlprk5afnk?url_id=18234&aff_id=82044&offer_id=779&bo=2779,2778,2777,2776,2775&po=6533&model=NiceHotJob HTTP/1.1
Host: t.irtyd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 303 See Other
server: nginx/1.17.10
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/html; charset=utf-8
content-length: 360
location: https://www.myfreecams.com/?cam=30352&track=102bbdce42e9703e0453b8e9622002&skip_oapopup=1&r=0&bo=2779%2C2778%2C2777%2C2776%2C2775#NiceHotJob
set-cookie: aff_ran_url_779=18234; Path=/; Expires=Thu, 02 Feb 2023 16:39:51 GMT; Secure
enc_aff_session_779=ENC0397893be8019041137da146cf18258aac2253023166450bc3dd379df82764ddb497cb2c2def5649417ece9fe2751c2e4d5ae83e2974571549ed7b4bccfb0011abc804e460aeda70077a21fc160015ba51210e943685071d7e3f9a9bf3d244971125d47b4c567ac2aeba34a4c9cd7a21ab1d28ac5814ef3bd208572c2607af38260b91651e; Path=/; Expires=Thu, 25 Jul 2030 07:39:51 GMT; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Sat, 27 Dec 2025 03:19:51 GMT; Secure
tracking_id: 102bbdce42e9703e0453b8e9622002
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
216.58.211.3200 OK 8.6 kB URL HTTP/2 www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (25088)
Hash 73069e532b7039778d3a7128c997c61a
c523bbf1ac7f4e612c8ade75434c42fbca885adc
b6d7aec09aad2bb78dfbad4c9530fd03c0f33aed8385c3ee57c10b1fe959c4d5
GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 10:15:17 GMT
expires: Thu, 01 Feb 2024 10:15:17 GMT
cache-control: public, max-age=31536000
age: 23074
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=5l8ED286jQmjZwhmphy1VA4BVM0b8824234807922676itAEueea81thCFQg8gwVGrhEE6sslK_SgbC6qG9t8yDhzHxOR0h1Ay3h6mjeVH0NrKcS6ZP9W0aLOdrEXhuAWvmgDVSBdA_CKtC6Mw0xLGG2OtQQIwhs9Ww_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=5l8ED286jQmjZwhmphy1VA4BVM0b8824234807922676itAEueea81thCFQg8gwVGrhEE6sslK_SgbC6qG9t8yDhzHxOR0h1Ay3h6mjeVH0NrKcS6ZP9W0aLOdrEXhuAWvmgDVSBdA_CKtC6Mw0xLGG2OtQQIwhs9Ww_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/goToTheTag?campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&campaignType=smartpop&creativeId=77029bfa3d9bd08465af810ebaa80a85d09918b1634d6ee66831c3e75354abc3&iterationId=28495&masterSmartpopId=0&memberId=5l8ED286jQmjZwhmphy1VA4BVM0b8824234807922676itAEueea81thCFQg8gwVGrhEE6sslK_SgbC6qG9t8yDhzHxOR0h1Ay3h6mjeVH0NrKcS6ZP9W0aLOdrEXhuAWvmgDVSBdA_CKtC6Mw0xLGG2OtQQIwhs9Ww_gUIDRUi&p1=NO&p2=898897&p3=&ruleId=0&smartpopId=2815&sourceId=4234807&tagNames=girls%2Fteens&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01&variationId=21763 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: stripbotVariationName-StripcashTest16=NullWidget; __cflb=0H28uukSkGJRy5UBr1MAvzNuwf2BatFfES5QmovSMHW
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
location: https://stripchat.com/girls/teens?affiliateId=010223cyei5j6xf1wgb21wvaylvsnhx6yxdl4m5uwuov9sskj4vs2gg1lluglcmt&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
set-cookie: stripbotVariationName-StripcashTest16=NullWidget; Path=/; Domain=go.xlivrdr.com; Expires=Fri, 03 Mar 2023 16:39:51 GMT; Max-Age=2592000; Secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792c20218dbeb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
216.58.211.3200 OK 10 kB URL HTTP/2 www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (35547)
Hash fa9987a23f5a9d865766e952511baa30
f2e620b99ee61a01671ba6a9e22ca75d58a1b52d
655daa1e20bf3aff16bc8462339dfea48c7ea5d3dd3505937015af3586d15fb7
GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 03:51:35 GMT
expires: Sun, 28 Jan 2024 03:51:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
age: 391696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0904ed90b911a8a11e764f04d383378
dc06b8188e6b3a34c3ba4736229851dbf4e177ed
0b600e85e594f2914a485539242d85d7b13be56339165dc5129fd286a82d4bd4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0B600E85E594F2914A485539242D85D7B13BE56339165DC5129FD286A82D4BD4"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21547
Expires: Wed, 01 Feb 2023 22:38:58 GMT
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465920&auth=3zQPqj HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=429491
Pragma: no-cache
welcome.unibet.com/widget/betslip/betslip.js
104.18.25.188200 OK 14 kB URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.25.188:0
File type ASCII text, with very long lines (693)
Hash 25b899b2cf08de473113b8856a70a0ae
ff5cbe55038ded4f1089d3113b69a8d0d4653416
d4fea983081040f17412125e7a9923af5bc761e50d78d826f77b59298d53cc1f
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 202035
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201b4894b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_437177_465920
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_437177_465920
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_437177_465920 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470363
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470363
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/3b23ed13ee1e4ff6b1b4d242c65d3463?extID=470363 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://s.click.aliexpress.com/e/_AkUaK1?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi
X-Request-Id: cc312cd76f8c8515
Set-Cookie: ts_uid=578d4d4b-bd55-4955-8d4d-9278421ad26b; expires=Tue, 01 Aug 2023 16:39:51 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=402170:2696143:42071:4210626:37729; expires=Wed, 01 Mar 2023 16:39:51 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
dailybulletinz.com/wp-content/uploads/2022/01/cropped-DailyBulletinz_Final_Logo-e1643362191446.png
104.21.20.56200 OK 4.1 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2022/01/cropped-DailyBulletinz_Final_Logo-e1643362191446.png
IP 104.21.20.56:0
File type PNG image data, 200 x 85, 8-bit/color RGBA, non-interlaced\012- data
Hash 7f1643e39c65f80bd487afc47ec2a6d0
532dfc516c5d31c33720a883166d60fbe803f5c8
a3e5865d5897bd7a209ba77f5f38285803c6b7e10d4374067fdb92413b09590a
GET /wp-content/uploads/2022/01/cropped-DailyBulletinz_Final_Logo-e1643362191446.png HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/png
content-length: 4093
last-modified: Thu, 24 Feb 2022 12:38:31 GMT
etag: "62177c47-ffd"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PZ2LEDQ%2FO7s5w7%2BG5f5vmz9LMhPIFv8NbSzrCJthgjfBOW6MFnkYqY%2FBEqp6kFFGwP8C0f9RdgBdbwUOlhXWBFwWjkdS2iYwzB93qFkZU8GYtiTkeNxHaPOpvGqBpz3L0edyP2o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20224c600afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/bucket-list-1024x900.jpg
104.21.20.56200 OK 74 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/bucket-list-1024x900.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x900, components 3\012- data
Hash 321da163a677f8557cd9d2be97e51f47
44deea4333a33f2b567a7891417bc05ebf79e03f
0967831847a4e463d9eafa0361e6ae6d2f279a46e445148b3e3fcd1eab001f2d
GET /wp-content/uploads/2021/11/bucket-list-1024x900.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 73485
last-modified: Thu, 24 Feb 2022 12:44:42 GMT
etag: "62177dba-11f0d"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WabS114HUGLjx0BYHr1F6TYYR2eHoC81PS0bWfKX4X8u4IEpT0AC1kAdhNEQgSjBa4w8W6ju0jH5rHxMHx02gl55uJ9pXVcrCnrzhjLTxvagNtLy4DVWDCu%2BYsvsQDsd8BIGxa0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20225c670afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Life-goals-1024x900.jpg
104.21.20.56200 OK 109 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Life-goals-1024x900.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1024x900, components 3\012- data
Size 109 kB (108569 bytes)
Hash 576a589905eb09e5a67e4ff6c55c05ab
c92b49b3b18a6ee4f69338b7df68c18229855ef6
b623432f3a3646c8b7ba436e843f26f957b242bfdac6515cf3634276d1faf2e7
GET /wp-content/uploads/2021/11/Life-goals-1024x900.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 108569
last-modified: Tue, 16 Nov 2021 11:08:22 GMT
etag: "61939126-1a819"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NUb5S7z%2BZRI5m1kydT6i4ofAo6rA4nOG1JJk%2FLx22LQtUrn%2FuWNp5Dh0rw1usZ%2FlOVgKeLI3aDMUViva2Gfz7Ry%2FkCFQwBS1MuiHbCS4CRUXcbU2CllX2p%2BXrW%2FEYzAIYKYIG1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20225c680afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint-1024x900.jpg
104.21.20.56200 OK 92 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint-1024x900.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1024x900, components 3\012- data
Hash 8bf2e31b3c37f79970b5744bdc155a8a
29e2828a82065440237c848457a837fcea420e97
0b48b9f4e3b972db816f1043e03b207ca22344ce23302aa78ba674669a7cfb25
GET /wp-content/uploads/2021/11/cabon-footprint-1024x900.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 91850
last-modified: Thu, 24 Feb 2022 12:43:35 GMT
etag: "62177d77-166ca"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OWZn8HTdzLPIOOM3BmpmcEsx4K4GCzKdUvnYpkXImcxMa5pj%2FPfapfwP7uVzfmC43VR9XGf%2Fi5Y0kEe2u35TSqmPLfTN2q18Cj0YJT7HoF%2FnWyJIUwufmOmn7YobFqeOs6ZCFgA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20225c690afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Life-1024x900.jpg
104.21.20.56200 OK 107 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Life-1024x900.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1024x900, components 3\012- data
Size 107 kB (106932 bytes)
Hash 04316c0928bc4e3095d628c510bb3f1a
458a2643ada6966495469bec02a03d9bc0f4ad95
43292bec6e71e5ac6cb38e0811852da84c86e249f74c860bbbad9c1d8b35227e
GET /wp-content/uploads/2021/11/Life-1024x900.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 106932
last-modified: Tue, 16 Nov 2021 11:42:59 GMT
etag: "61939943-1a1b4"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmCh9iZjGVhsuGHzwkBQ%2B16n5JYSkGsIKEDbuFfn1MB%2FYzWsK6pY%2BrhunjiGKIP1v0btq7kSaqTb2T3CejCdhgeDVjQKPzPb0OOSDb7Go1uQ3UtZ%2Fr8VDPnb9OP69Xz5Z8g5dBk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20226c780afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/
104.21.20.56200 OK 184 kB IP 104.21.20.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55804)
Size 184 kB (183614 bytes)
Hash 39ca5496fc2d64be8641300663354b97
ee240191a682f1129819d1b6d679974482566576
dcc3e50a66f2c3b442ab3dee8ba5fbe90b562243e246b81afd14550a9a1301a1
GET / HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33, PleskLin
link: <https://dailybulletinz.com/wp-json/>; rel="https://api.w.org/", <https://dailybulletinz.com/wp-json/wp/v2/pages/129>; rel="alternate"; type="application/json", <https://dailybulletinz.com/>; rel=shortlink
vary: Accept-Encoding
x-cache-status: UPDATING
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2FDhGbj2vo2k3ex%2BU9owZO6sbifE9Srr27%2FNgPUF%2BRzOsXnOaTxiL%2BjUxjpd%2F0naGdJ1mJEb8J5TEHAiNjXp22an0vg6zW%2FOT1D2RmMcBsMTTJCXHcsNlBoH5iplGUdWjCaDU0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201f39720afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Investment-305x207.jpg
104.21.20.56200 OK 13 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Investment-305x207.jpg
IP 104.21.20.56:0
Hash fc84aa6ce152312c21783f0618b41486
fd618e2bf8b445e656a5b61fdab426cae0f5bcdb
899a636b1eedc90bbb0a65230faf7aacbb1735632d4b67be815dc583c4da8f80
GET /wp-content/uploads/2021/11/Investment-305x207.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 13384
last-modified: Thu, 24 Feb 2022 12:44:05 GMT
etag: "62177d95-3448"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4P9JaVnpybzUyo4Cl5276ZTTvYjxSeiSXlmjjdolDFuFlNYnXh0DCHSF6atvZpPreXErEzuuDNlQPgrV9Zc%2Fat61cBORy0bO8v%2FLIP7q2NkGMeGsI7vvf7uywqyMBR2TtxiVzVA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20228caa0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e9f9f775ffe8571c9928fd4da960a24e
d48d0e064290838fdf90b08a86c2016b21766b34
d9adb666e61be35efd935eeddd15f64be53b6f7da2b40a33a6057ba21b953504
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D9ADB666E61BE35EFD935EEDDD15F64BE53B6F7DA2B40A33A6057BA21B953504"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3775
Expires: Wed, 01 Feb 2023 17:42:46 GMT
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
dailybulletinz.com/wp-content/uploads/2021/11/Power-305x207.jpg
104.21.20.56200 OK 10 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Power-305x207.jpg
IP 104.21.20.56:0
Hash eb1dd784ffda6dc5223a9f602696d3b5
873f61e932326107a8e42fd458f0cc05b74ea905
6c317e9b55b326159dbae39840caf103515185d820baf6cb18ef12d1888d1133
GET /wp-content/uploads/2021/11/Power-305x207.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 10406
last-modified: Thu, 24 Feb 2022 12:43:27 GMT
etag: "62177d6f-28a6"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBU1UrpOqr72EEp8nntdA15aP8vziVhBZfL8j4jo6b2fLoODkHvpUcBfG0ypE306gZpYqaV1LB2Lsi2bpC3FRGv39b3AbZnVsS8gE%2BmeBqbEz8lZi89PJXKZ9M1rjf36o6JQNtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20229cb10afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/yoga-150x150.jpg
104.21.20.56200 OK 4.6 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/yoga-150x150.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Hash 1c754aa5b3fb69aacac071610febd629
c2db24ef4f5b9c712fac31ea4ad54b1e69f03741
b40b7a4ecfb4e68c573bbddcf3a7dc777f4aaa95bef19db71ec9da5f41fac538
GET /wp-content/uploads/2021/11/yoga-150x150.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 4560
last-modified: Thu, 24 Feb 2022 12:42:12 GMT
etag: "62177d24-11d0"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6mMkB%2BJ%2FgAy702dfE1oP4FgPNXIsFK1lt9bQQSAAZLhDQK%2BLHPezz627NCr2JmfL6%2FMceMN3OaqwguL7XkyC8hD6Iuohwh6qQ4zMT%2Bf%2BrtkC%2Bpxh5BHyX1lW72bl9S%2FlwXFL4A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022acc30afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/sleep-150x150.jpg
104.21.20.56200 OK 5.7 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/sleep-150x150.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Hash 5c199ea30a2ee11e6249d450dc61e09a
0453ab77d8934507ef112c76a03a30cf1dffb03e
4da9b49a9f7d81ac99caf2b24ecc0a924ae4819ce7c3f2fed480bc73be1f1328
GET /wp-content/uploads/2021/11/sleep-150x150.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 5720
last-modified: Thu, 24 Feb 2022 12:42:50 GMT
etag: "62177d4a-1658"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZA7Lasd5CjKl9vXTc%2FhFt9ixRXkeMVLF9tts5a4Q6h41eKpqpS9fduhrk%2F4%2F7RGg%2BHpDD03sEiPIvHsTHcE1SVPLgQQMUJiZw%2FsoKoWXd1bJ%2B%2BP2%2FeHBCHr%2FdPkpU7mpqrcupYU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022bcca0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Life-150x150.jpg
104.21.20.56200 OK 5.4 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Life-150x150.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Hash d66d22a55bf77c1106e5ea07036748ae
7eaf58693613d474bbed194d59cba44f159e178c
f494d5257ca75d0e00fddb8ada4a840467d9d5f87f5a839946a84bf80c62f07c
GET /wp-content/uploads/2021/11/Life-150x150.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 5357
last-modified: Thu, 24 Feb 2022 12:43:21 GMT
etag: "62177d69-14ed"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hb%2BOkOxdBgRcw%2B8xWE0PjFdMRCnrg0mawuFTPaZgOob%2Fs5fRQ0E%2FtJwjRe84x7X1h%2BuBhIEeH1yc7RqoijVlJiF89R4i87JQ6OAn0j8FQz1O3i02ar3sfnvc0bnh8pXMbHNRz8w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022ccd60afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.click.aliexpress.com/e/_AkUaK1?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi
104.110.21.5302 Found 0 B URL HTTP/2 s.click.aliexpress.com/e/_AkUaK1?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi
IP 104.110.21.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/_AkUaK1?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi HTTP/1.1
Host: s.click.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Tengine
x-application-context: global-traffic-holmes-f:7001
access-control-allow-methods: GET, POST, OPTION
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
location: https://best.aliexpress.com?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi&aff_fcid=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&terminal_id=b0ffd317b1c8434f935ee75a1d61f126&afSmartRedirect=y
content-language: en-US
eagleeye-traceid: 2103255b16752695914484193e3c73
timing-allow-origin: *
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1%22%2C%22affiliateKey%22%3A%22_AkUaK1%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%223407682764%22%2C%22tagtime%22%3A1675269591456%7D&acs_rt=b0ffd317b1c8434f935ee75a1d61f126; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
acs_usuc_t=x_csrf=msjqh5wdjz94&acs_rt=b0ffd317b1c8434f935ee75a1d61f126; Domain=.aliexpress.com; Path=/
aeu_cid=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
xman_t=Hk6nAYLZtO8FZwl1MRuUYgkcSg7Lu+mwQxhBHhNlaSbdlUPfa0uK7/OULj6P84iD; Domain=.aliexpress.com; Expires=Tue, 02-May-2023 16:39:51 GMT; Path=/; HttpOnly
xman_f=RkgSFeWkshatxN4EXSayh7hlwYfuPnqZKN7iGc18w0ih834QPsJ5qibjO8pRGL+IHfKflPK9647iCAvESpoMHbgOWblraJ9npit5aP8W8yLwzl1puwFPEg==; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/; HttpOnly
traffic_se_co=%7B%7D; Domain=aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None
af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint-150x150.jpg
104.21.20.56200 OK 4.0 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint-150x150.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Hash 9bc6ea8c048cb32ca51204901044ccf2
ffb3ac0f115a110024617109c618552256fadf14
8da052c97a23f98f00ac2794e6f40cb5f3501941d187c559eab0904ed9fa0196
GET /wp-content/uploads/2021/11/cabon-footprint-150x150.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 4005
last-modified: Thu, 24 Feb 2022 12:43:41 GMT
etag: "62177d7d-fa5"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJRd8Pou6mJA4O%2BqfXiMVLp%2FbkAY57%2BUjl%2BLu2fdirLr7qNgtojx8uU%2BxxjAmeu7%2BKw0Pw6KeGFrASCz6O0V%2FPxiHq%2F8p5%2BLkdI1Da6H2b5f3z0eLOhWvP8%2F2MioSUrXn9U49WE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022dce60afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bbckdl.mfcewkrob.com/v/ZlDTxRPb5Nyfarapng7emAu7Y7if6Q
95.211.222.152200 OK 20 kB URL HTTP/2 bbckdl.mfcewkrob.com/v/ZlDTxRPb5Nyfarapng7emAu7Y7if6Q
IP 95.211.222.152:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with very long lines (48633), with CRLF, LF line terminators
Hash ab928beb43fa12d631e930c22b012253
f0daaeb641ae00f812fe9c22ca3355edeef20f6e
15bdbe16f6b36814aee92bec7d2bf8e0ba50bd77c5814e2021f5d8824413fde8
GET /v/ZlDTxRPb5Nyfarapng7emAu7Y7if6Q HTTP/1.1
Host: bbckdl.mfcewkrob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/javascript;charset=utf-8
x-powered-by: PHP/7.0.33-0+deb9u12
vw-charset: utf-8
cache-control: no-transform
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465352
104.19.147.8200 OK 66 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465352
IP 104.19.147.8:0
Hash e19ab47980f7acb32c0ab4862d2b6313
582d0c25a5f35446a676708092e55887e2f8840a
8e3c729fc45c776fa68b29dc83c6691d08c1f6d7c0c59b775d42229d039535f1
GET /pages/scripts/0012/9242.js?465352 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2021ceadb50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 814 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
File type ASCII text, with very long lines (536)
Hash 6326972407d53d5a89b145352d2b5d68
b73ab993571729f2a4ed41aeca5e91e4ca6649e9
31ac0426eae11a5062c508ed98162c0236e6145f8d198a2712cfc1f7b59337b7
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/free-internet.jpg
104.21.20.56200 OK 106 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/free-internet.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 106 kB (106067 bytes)
Hash d3b6fb5748435706dccd94718eaff3a7
73dc7f8045d19a8a7cb11f2d362472f8f527b32f
0e1a95ddd9841393b2bf872241528d7326536ebbfb7f13cfeed0e428dbbda5be
GET /wp-content/uploads/2021/11/free-internet.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 106067
last-modified: Tue, 16 Nov 2021 13:28:29 GMT
etag: "6193b1fd-19e53"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ntiS7YbaH9XchxsDRQ3W1o39DNJ5HijDlGocOVsorJotwkEc1T%2FD20EI8jo34oQZdZBkNLD2nfVC4or1lYr4SZOcCBxqpPFPXDNGstgzaV4Rh6wsJdSgnosFNkJxuJpP%2FipH4A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022dcea0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8304 Not Modified 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 31 Jan 2023 16:04:37 GMT
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 01 Feb 2023 16:39:51 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2023590fb50c-OSL
X-Firefox-Spdy: h2
s.click.aliexpress.com/e/_AkUaK1?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi
104.110.21.5302 Found 0 B URL HTTP/2 s.click.aliexpress.com/e/_AkUaK1?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi
IP 104.110.21.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/_AkUaK1?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi HTTP/1.1
Host: s.click.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
server: Tengine
x-application-context: global-traffic-holmes-f:7001
access-control-allow-methods: GET, POST, OPTION
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
location: https://best.aliexpress.com?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi&aff_fcid=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&terminal_id=82b92302185f4a25b6dd1f1d34fb41d9&afSmartRedirect=y
content-language: en-US
eagleeye-traceid: 2101f49b16752695914764530ef0eb
timing-allow-origin: *
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1%22%2C%22affiliateKey%22%3A%22_AkUaK1%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%223407682764%22%2C%22tagtime%22%3A1675269591481%7D&acs_rt=82b92302185f4a25b6dd1f1d34fb41d9; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
acs_usuc_t=x_csrf=1are7f4reeso5&acs_rt=82b92302185f4a25b6dd1f1d34fb41d9; Domain=.aliexpress.com; Path=/
aeu_cid=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
xman_t=gyu3ybyeHamMb7DGXGTd6FIOw4/nTAtNUBPcvNjfbp4ESXdDaUm/HnTmsnMPEF7m; Domain=.aliexpress.com; Expires=Tue, 02-May-2023 16:39:51 GMT; Path=/; HttpOnly
xman_f=RC44mS8gwip3zJGYh/7Hclm4ZWF0XxBCBSLL3Mprcpkz+R//0d3mY11cWWYefWiez1zX1pX7vs1hoRuWHZzFh2Qxl6Yib9vVVJOHOO30ofCSiOD76a2RNQ==; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/; HttpOnly
traffic_se_co=%7B%7D; Domain=aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:58 GMT; Path=/
af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None
af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/pexels-viktoria-alipatova-4038866.jpg
104.21.20.56200 OK 249 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/pexels-viktoria-alipatova-4038866.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 249 kB (249070 bytes)
Hash 5add2179a45058fb06e2addd71be607e
d73b7ba130e3e14fec83ef026ed269463b3c43ea
f70f4b7f7649df364f607cdc433a9460027cabddbec284671ef6e8f21a75aea5
GET /wp-content/uploads/2021/11/pexels-viktoria-alipatova-4038866.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 249070
last-modified: Tue, 16 Nov 2021 11:02:44 GMT
etag: "61938fd4-3ccee"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kaOqd5u8JCYPKtVZnzp3QDZy5XK6kqqCAM%2BhdEuXURbrmXMSInpaxLMqyCdncXr7y1aIRrSM4pbMP0gaZxUeNdjF3of%2FcP%2FzPxwEMoXpCsqQu3WNi6KtXNKQArHkcj4GUUhOFzE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022dceb0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.bmcdn5.com/js/63cbdbd0a8bd43bc8d220c1a.js?v=1675269611078
172.64.110.35200 OK 4.6 kB URL HTTP/2 cdn.bmcdn5.com/js/63cbdbd0a8bd43bc8d220c1a.js?v=1675269611078
IP 172.64.110.35:0
File type ASCII text, with very long lines (9377), with no line terminators
Hash 90d988f4b46d5cc76253a79ab6d586f8
70991210feddff8c5b625b922155448da587fbe9
b0b6175560652cec96177baea3ca581eb555210db7297d4393d1abcfb120730a
GET /js/63cbdbd0a8bd43bc8d220c1a.js?v=1675269611078 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FfJj3UYm3mHfLJfgHU4jjTvEBm9u0Bn5IS85IWVMoV9mi74jTsnBFSUqvSMKwfpVlQDbei%2BxtyOC%2FbntK9KUbk%2BMbKfesMGLQPyOoRCc5QoUU2k8%2BgCn5Y3%2B%2FUzasFLM9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2017fab475d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Creative-apps.jpg
104.21.20.56200 OK 113 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Creative-apps.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 113 kB (113251 bytes)
Hash a0b10f7c458470b903e0b8c219689aa7
7ef32388add912d3c7592d58264adb68fe911afa
7c1466f4dc6aae5d16d6a8979aafbd975b6a3988ba9eceef0e6283c165dfc598
GET /wp-content/uploads/2021/11/Creative-apps.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 113251
last-modified: Tue, 16 Nov 2021 10:10:45 GMT
etag: "619383a5-1ba63"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVLTY2Gd7QEtF47okCLyYO7iBfl0fJuYNxxnzUmyhl9IeA1YzVhtEfkkpvV9iC4U6amk7xfQ6dCXobufG8A%2Fsu9XBI3CYMBmkvGhyfPd7RgUUMzAzJ9%2FkHVgRE%2FHdoAtjYLImO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022dced0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.ezmob.com/redirect?feed=415011&auth=oDmKQb
198.134.116.18302 Found 0 B URL HTTP/1.1 xml.ezmob.com/redirect?feed=415011&auth=oDmKQb
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=415011&auth=oDmKQb HTTP/1.1
Host: xml.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=404147
Pragma: no-cache
dailybulletinz.com/wp-content/uploads/2021/11/Healthy-weight.jpg
104.21.20.56200 OK 133 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Healthy-weight.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 133 kB (133362 bytes)
Hash 3c7a056da887c48ea850302e7d84bf68
8af7425ddec2a40041d5aac2e2909b912a98c033
36cefb453a31d4194c058a939ec0a475905b24ed5148cd04053fb7f82a5f22bf
GET /wp-content/uploads/2021/11/Healthy-weight.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 133362
last-modified: Wed, 17 Nov 2021 06:07:13 GMT
etag: "61949c11-208f2"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hmu4TG6N1Up7eQ1f4GlBf6nEoUEo4LPkNk4Zug5r7E7b6J2ltrzMY%2FCGclGl4IONwK8IgLptjbsks4AIlPAbnmd4QPejsBW6B7%2BBUMt%2FhgrtoexHR2%2F31pS9pkqJjmoMJJVsrpw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022ecfd0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465352
104.19.147.8304 Not Modified 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465352
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?465352 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 31 Jan 2023 16:04:37 GMT
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 01 Feb 2023 16:39:51 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2023c98ab50c-OSL
X-Firefox-Spdy: h2
sub.adzgame.com/redirect?feed=467930&auth=c99tDL
173.239.53.18302 Found 0 B URL HTTP/1.1 sub.adzgame.com/redirect?feed=467930&auth=c99tDL
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467930&auth=c99tDL HTTP/1.1
Host: sub.adzgame.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZnBiqz5QQ-A_0&s=517684_467930
Pragma: no-cache
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash dc0e3e26b3759c4433c8f28a0720b3ba
36fd32ff900a8ea4edfda88d84cb3f7094fc2f13
148d0547fe30ccc7fbd988a437a679dc64acebb98709832590f763b20d1e5aeb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 06:38:43 GMT
Expires: Sun, 05 Feb 2023 06:38:42 GMT
Etag: "36fd32ff900a8ea4edfda88d84cb3f7094fc2f13"
Cache-Control: max-age=308930,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792c20231c70b51e-OSL
trk.suprclicks.com/82464d51-0c69-45bf-8f1f-a7e73c8a358d?pid=bacad6bb&cost=0.0007&browser=Firefox&carrier=&cid=0ab8c2b1-a24f-11ed-ad54-77b86c798490
18.158.88.249302 Found 0 B URL HTTP/2 trk.suprclicks.com/82464d51-0c69-45bf-8f1f-a7e73c8a358d?pid=bacad6bb&cost=0.0007&browser=Firefox&carrier=&cid=0ab8c2b1-a24f-11ed-ad54-77b86c798490
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /82464d51-0c69-45bf-8f1f-a7e73c8a358d?pid=bacad6bb&cost=0.0007&browser=Firefox&carrier=&cid=0ab8c2b1-a24f-11ed-ad54-77b86c798490 HTTP/1.1
Host: trk.suprclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://record.rizk.com/_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=wtv0l9o3saqnvoam2trdkj5m
pragma: no-cache
set-cookie: 82464d51-0c69-45bf-8f1f-a7e73c8a358d-v4=hOknXJWAvPp809mr0VflINw6SFDYd77rJy8EPRaQspc; Max-Age=86400; Expires=Thu, 02-Feb-2023 16:39:51 GMT; Domain=trk.suprclicks.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=3eE94Szgdxs24tEVlAGB3%2FkR2VpkD4mpmPx3mVO%2Fb2%2F2Vz9bxbrW1byzlHE3Ev9%2FNmVisOI6D0zPxeYnli6IiJIdVhspbFIyDLNyZlvHh6BNStz4EV4%2BMEU7kaGy3OZ4omuwAyUD5av23KimGMs3gw%3D%3D; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:39:51 GMT; Domain=trk.suprclicks.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
174.137.133.18200 OK 0 B URL HTTP/1.1 xml.mediacpc.com/redirect?feed=471449&auth=bF2WC0
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=471449&auth=bF2WC0 HTTP/1.1
Host: xml.mediacpc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Pragma: no-cache
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:92628443-37950&btag=320665405_2F716B76543F430D9E6B3655D6F58253&bid=37950&campaignId=2799402&pid=92628443
104.18.25.188200 OK 167 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:92628443-37950&btag=320665405_2F716B76543F430D9E6B3655D6F58253&bid=37950&campaignId=2799402&pid=92628443
IP 104.18.25.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2392)
Size 167 kB (166868 bytes)
Hash d7c13f508f2fd21b0290f51ca4f80547
daa744ea184426e89d00a09a8cc9a1d3f5af421d
3bf3b12895f92b25851e62e31b2e5194b916e24dc9da60353097129d4c8adc6a
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:92628443-37950&btag=320665405_2F716B76543F430D9E6B3655D6F58253&bid=37950&campaignId=2799402&pid=92628443 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: b1ae45b9-401e-003f-445b-36daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=320665405_2F716B76543F430D9E6B3655D6F58253;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 792c20142e35b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.83.142.19307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.83.142.19:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 9f90690b-3214-4bc1-aa49-8be39872967f
Set-Cookie: uuid2=6177289124105809571; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:39:51 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41
95.101.10.185307 Temporary Redirect 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://20betlp.com/bonus-wheel-en/?btag=655020_5A3348EC375547BEBB837B2FE1578522&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&subid=d1ba2177sa23vgha41
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a174581%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269591676)%5c%2f%22%2c%22CookieTag%22%3a%221971174581451240919C2023211639%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221087573195%7c1%22%7d%5d; domain=.20bet.partners; expires=Fri, 01-Feb-3022 16:39:51 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=22, origin; dur=59
X-Firefox-Spdy: h2
my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379870&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid=
18.158.88.249302 Found 0 B URL HTTP/2 my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379870&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid=
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379870&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid= HTTP/1.1
Host: my.okueroskynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&fullscreen=1
pragma: no-cache
set-cookie: d65cf81f-7fce-4b74-a76f-b50cfca5bef2-v4=HVGdV0JQQO7RcobiJ0gAqFEqM5fGFVJJywfqm4dhw1o; Max-Age=86400; Expires=Thu, 02-Feb-2023 16:39:51 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=gQ1xhTInnP5XC4cjsLz6sAu%2BVS0xAgL3p%2BRz2L2axnlk1EXPKJwEBZgfrJ2NtsZE9V1WIx09jhnvhondAblV%2FW0jX%2F8cVobv5CTGkQc4Fb9sdaIn2EnVAAcBEBhOhYylv8s0oMPA0LBmEH7VODV%2F%2BQ%3D%3D; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:39:51 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=3047df40-5147-4073-a172-4ac276613571&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
49.12.123.158200 OK 2.0 kB URL HTTP/2 newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=3047df40-5147-4073-a172-4ac276613571&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 3796fe1a195751053ff56f17dc8e97dd
405ddd8ec870276d03266d870318e85bf1d7ca09
69e1c62c681013e3d2756ff6426ddddf5ced975f0394ce547582a5a59fa10cf4
GET /click.php?key=ton7p9rlyxwdhpui7in5&clickid=3047df40-5147-4073-a172-4ac276613571&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=177sa23vb4; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vb4-177sa23vb4-17sc6o-0-q5a83y-tw3zdz-wf1ni4-e40e9b; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bmcdn5.com/trl/63cbe66e5b376e6290f5d621/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDo0NjhweDtoZWlnaHQ6NjBweCI%2BPHNwYW4gY2xhc3M9InRvcC1pZGVudGl0eSI%2BPC9zcGFuPiA8YSBjbGFzcz0iYm90dG9tLWlkZW50aXR5IiBocmVmPSJodHRwczovL2JpdG1lZGlhLmlvLz91dG1fc291cmNlPWljb24iIHRhcmdldD0iX2JsYW5rIj48L2E%2BPGRpdiBjbGFzcz0ibWFpbi1jb250ZW50Ij48YSBjbGFzcz0ibGluayIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pbz9yPWtwZ3NxNzVnJnV0bV9jYW1wYWlnbj03ODAzOTkyNTc5NzcmdXRtX21lZGl1bT1iY2smdXRtX3NvdXJjZT1ibWJjayIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgYWx0PSJCaXRtZWRpYSBSZWZlcnJhbCIgY2xhc3M9ImxpbmstaW1hZ2UiIHNyYz0iLy9zdGF0aWMuYm1jZG41LmNvbS9pbWcvci9yX3c0NjhoNjAuZ2lmP3Y9djEuMjUuMTUiLz48L2E%2BPC9kaXY%2BPC9kaXY%2BPC9ib2R5PjwvaHRtbD4%3D&badType=bitmedia_referral_ad&version=1675269612322
172.64.110.35200 OK 56 kB URL HTTP/2 cdn.bmcdn5.com/trl/63cbe66e5b376e6290f5d621/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDo0NjhweDtoZWlnaHQ6NjBweCI%2BPHNwYW4gY2xhc3M9InRvcC1pZGVudGl0eSI%2BPC9zcGFuPiA8YSBjbGFzcz0iYm90dG9tLWlkZW50aXR5IiBocmVmPSJodHRwczovL2JpdG1lZGlhLmlvLz91dG1fc291cmNlPWljb24iIHRhcmdldD0iX2JsYW5rIj48L2E%2BPGRpdiBjbGFzcz0ibWFpbi1jb250ZW50Ij48YSBjbGFzcz0ibGluayIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pbz9yPWtwZ3NxNzVnJnV0bV9jYW1wYWlnbj03ODAzOTkyNTc5NzcmdXRtX21lZGl1bT1iY2smdXRtX3NvdXJjZT1ibWJjayIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgYWx0PSJCaXRtZWRpYSBSZWZlcnJhbCIgY2xhc3M9ImxpbmstaW1hZ2UiIHNyYz0iLy9zdGF0aWMuYm1jZG41LmNvbS9pbWcvci9yX3c0NjhoNjAuZ2lmP3Y9djEuMjUuMTUiLz48L2E%2BPC9kaXY%2BPC9kaXY%2BPC9ib2R5PjwvaHRtbD4%3D&badType=bitmedia_referral_ad&version=1675269612322
IP 172.64.110.35:0
Hash eef2f7655b1eb44199f4da82f109abdc
ff192dbe21ee582ec289d81a4a650934ce21f44a
c4d3354be3b8bbb53f95603481534f4439d80dbc8d5c6f00df403a7a72f7fe48
GET /trl/63cbe66e5b376e6290f5d621/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDo0NjhweDtoZWlnaHQ6NjBweCI%2BPHNwYW4gY2xhc3M9InRvcC1pZGVudGl0eSI%2BPC9zcGFuPiA8YSBjbGFzcz0iYm90dG9tLWlkZW50aXR5IiBocmVmPSJodHRwczovL2JpdG1lZGlhLmlvLz91dG1fc291cmNlPWljb24iIHRhcmdldD0iX2JsYW5rIj48L2E%2BPGRpdiBjbGFzcz0ibWFpbi1jb250ZW50Ij48YSBjbGFzcz0ibGluayIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pbz9yPWtwZ3NxNzVnJnV0bV9jYW1wYWlnbj03ODAzOTkyNTc5NzcmdXRtX21lZGl1bT1iY2smdXRtX3NvdXJjZT1ibWJjayIgdGFyZ2V0PSJfYmxhbmsiPjxpbWcgYWx0PSJCaXRtZWRpYSBSZWZlcnJhbCIgY2xhc3M9ImxpbmstaW1hZ2UiIHNyYz0iLy9zdGF0aWMuYm1jZG41LmNvbS9pbWcvci9yX3c0NjhoNjAuZ2lmP3Y9djEuMjUuMTUiLz48L2E%2BPC9kaXY%2BPC9kaXY%2BPC9ib2R5PjwvaHRtbD4%3D&badType=bitmedia_referral_ad&version=1675269612322 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:50 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6R7uXp5kSYwRoYgZ0WFm7AX0X30L%2FvRitLXWMj5C1AgHaXb6b5PaWkkApuw6bp%2FPGi8bNDfnDkOU2ZI%2F252IlzPDEDLTPFXv5PEnXgx9zE0zylUQhGw8%2BrxZpsUEyOjeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201a3dc575d8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145
95.101.10.185307 Temporary Redirect 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://20betlp.com/bonus-wheel-en/?btag=655020_4D77F023C22A4F0485B9896BBD69A328&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&subid=edc81177sa23vqe145
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a174581%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269591716)%5c%2f%22%2c%22CookieTag%22%3a%221971174581451240919C2023211639%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221087573197%7c1%22%7d%5d; domain=.20bet.partners; expires=Fri, 01-Feb-3022 16:39:51 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=59, origin; dur=56
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Power-400x600.jpg
104.21.20.56200 OK 37 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Power-400x600.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x600, components 3\012- data
Hash 9f809ed6bce41fd39d460df292678892
4e20be803f495bc97009983d6585284b44865919
61e7450fb58d35f5dd04b11873972be86f8c3da2032daac85bd6cdb92ff0298a
GET /wp-content/uploads/2021/11/Power-400x600.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 37023
last-modified: Thu, 24 Feb 2022 12:43:26 GMT
etag: "62177d6e-909f"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEG%2B0fxs%2FhpsUEfzbjZnf30t%2FX%2BSRYFcsopEwRV52VreiKhCMGMXpX5mfiWFfwYDXj2M19m21YOnICAIexAbuLluHufvRy06vqhir3dlBsJ4Ba%2FqcM%2FaVpYOZdWOiNJzjwIAh%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022fd0a0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=623e7177sa23vk277a
95.101.10.185307 Temporary Redirect 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=623e7177sa23vk277a
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=623e7177sa23vk277a HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://20betlp.com/bonus-wheel-en/?btag=655020_CB03BEE8BBBC460D92A75EB4DD2ADD14&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&subid=623e7177sa23vk277a
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a174581%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269591716)%5c%2f%22%2c%22CookieTag%22%3a%221971174581451240919C2023211639%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221087573198%7c1%22%7d%5d; domain=.20bet.partners; expires=Fri, 01-Feb-3022 16:39:51 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=58, origin; dur=58
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8304 Not Modified 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 31 Jan 2023 16:04:37 GMT
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 01 Feb 2023 16:39:51 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2024cb5ab50c-OSL
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Spa.jpg
104.21.20.56200 OK 139 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Spa.jpg
IP 104.21.20.56:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1200x900, components 3\012- data
Size 139 kB (138689 bytes)
Hash 709af65640e9681ef192eaa20b4e5752
4ada0fd49c917cf2ab301aa0ca465daa956aec2f
9dae5c5a6a752200eaa5abb874d0256026c30004d2956d43b1fbccbf960798fb
GET /wp-content/uploads/2021/11/Spa.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 138689
last-modified: Tue, 16 Nov 2021 09:12:14 GMT
etag: "619375ee-21dc1"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DE5LMfFWLPflcXLZ3hyyTd0OiyVUNaIuIJzU96riGZhg8qsGlfyY5DE%2B7OqZWtCjCBiRm6WHxhjI0klJLPcdw3RFwPmHo%2BWTLfbQB%2FvuPBSMmjGomAYn4WX5t%2Fi1oG41BPnLBGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2022ed090afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591
95.101.10.185307 Temporary Redirect 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://20betlp.com/bonus-wheel-en/?btag=655020_1AEE8F69EC8C403EBE22F6CDDC267A6A&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&subid=46a92177sa23vir591
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a174581%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269591758)%5c%2f%22%2c%22CookieTag%22%3a%221971174581451240919C2023211639%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221087573201%7c1%22%7d%5d; domain=.20bet.partners; expires=Fri, 01-Feb-3022 16:39:51 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=64, origin; dur=104
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465352
104.19.147.8304 Not Modified 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465352
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?465352 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 31 Jan 2023 16:04:37 GMT
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 01 Feb 2023 16:39:51 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2024cb5cb50c-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 909345addac6f911606ba6a4f4e871c7
7113ee3d36c9b4708d6cfe12f9cedeb70a2a2f20
cc0875f21605f4749edade23126bf1b47cc965c37d2c075fa4c37116ab20dc93
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3747
Cache-Control: max-age=127034
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Etag: "63d9d46e-116"
Expires: Fri, 03 Feb 2023 03:57:05 GMT
Last-Modified: Wed, 01 Feb 2023 02:54:38 GMT
Server: ECS (amb/6BBA)
X-Cache: HIT
Content-Length: 278
cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
95.101.11.40200 OK 150 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size 150 kB (149812 bytes)
Hash 8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c
GET /landings/277386/1674482702/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: TBfuSLBbkio8JL/iL8uH5MW7+t5qbG83A+qwmffI0AmD8Zg8GtW/YfmxKv9//BpTK+Ss9d+A1nE=
x-amz-request-id: 8GEGQ1RWX3GNGRD5
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=b3758a5f-820e-4633-9e0d-8ae0aea71a91&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
49.12.123.158200 OK 21 kB URL HTTP/2 newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=b3758a5f-820e-4633-9e0d-8ae0aea71a91&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
Hash 9fd33fb4740a933c3aabccc9781f0b28
bb1db349be0174e72410b822fdef6fc48e9aade2
915a6ae5e2de68c74a2d19af26af5b31f4bfcbcbfad8d03ff35ef04a55bd6489
GET /click.php?key=ton7p9rlyxwdhpui7in5&clickid=b3758a5f-820e-4633-9e0d-8ae0aea71a91&cost=0.0029&PUB_ID=20&SUB_ID=4210626&KEYWORD=Mainstream%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=177sa23v1z; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.147.8200 OK 364 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with very long lines (704), with no line terminators
Hash 088946da3af07b324a3c974f9bc6a0ec
b55281c2c0003bd6f983567257d7098b58a9f7e4
cfd6f17778ac8c2dd245b8cf7f3e6cf75fa90a8c7157b777f395eb5d24f94044
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: application/json
content-length: 364
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 88514
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2024fba0b50c-OSL
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/278385/1675090482/images/2.jpg
95.101.11.40200 OK 57 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/2.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash 8cba65f08543dd02c9941c7630397662
fa7577818f1eafcb4145f58eedbfda8105ac3b9d
d0afb642321382fb1e5d5069795168980605aebba36d643c3a0d75bbc68bf611
GET /landings/278385/1675090482/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: oN8munLfqeYZIylN9lMtXbSfb3Jm1vzN5mBFMELjnVeuz4ZK7W2e+aWqmACw2ac0zf9GO8rvYrY=
x-amz-request-id: 8AEB9PW08VQGJX54
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "8cba65f08543dd02c9941c7630397662"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 56841
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/5.jpg
95.101.11.40200 OK 85 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/5.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 942x1280, components 3\012- data
Hash 932a29d21d50cce49fd57f45b8fada77
c5f240cdaff9f21ba9e75c43d8d962ed353dcc67
b406efc66569ca181f46bdc7292c06ce12ddd9d8581a63ee88cc5dd95bd0ca0e
GET /landings/277386/1674482702/images/5.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: sp24ZfvOsU51pq8FBWO8zv7zwGUuBja9ONn7NX1Hx9gEJGVyBSOf0g84fFdOymPhM/QDNGbAZUU=
x-amz-request-id: J5QGKP5C4E371Z3Q
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "932a29d21d50cce49fd57f45b8fada77"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 85215
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
dailybulletinz.com/wp-content/uploads/2021/11/yoga-400x600.jpg
104.21.20.56200 OK 26 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/yoga-400x600.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x600, components 3\012- data
Hash 9af8c6bb6b16464fd054166aee34c7a2
1befe44c3b4fcbb77a9674ea8725a07c01087d89
8e2aba7c3e07a93a64e24ff398fa60ce78c071559359871ed1d46a8edb9efec7
GET /wp-content/uploads/2021/11/yoga-400x600.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 26156
last-modified: Thu, 24 Feb 2022 12:42:08 GMT
etag: "62177d20-662c"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvF6PECvpj4jHF3UuAgM1kSIdTSvS8gMUdd8%2FWtLJikz62ZHSdmkwB2AhKiB8dZEEOERLVmbziNaHYBAUMfuHEvpkLJhe3CuVK%2FdCZgk1Bgu6O8fexBcbNA7E2zWAFlOTATfs4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20232d3a0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e0d5cef290e64147859d24dfab033f8d
1b64cb1c126247bd2c4e8b6fcf8e47d6326a1b96
9582d5a0c46f3f52cc725d71627a37565c47c0a89da08704c80df92b28e7d5b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3442
Cache-Control: max-age=88591
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Etag: "63d93f75-118"
Expires: Thu, 02 Feb 2023 17:16:22 GMT
Last-Modified: Tue, 31 Jan 2023 16:19:01 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
trafforsrv.com/click.php?id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547
216.18.168.28302 Found 0 B URL HTTP/1.1 trafforsrv.com/click.php?id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547
IP 216.18.168.28:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.php?id=8da4f4c6-e64b-4550-8f36-1db2129deddc%3Ab4762e70-94ce-4c1c-b488-c50898c49547 HTTP/1.1
Host: trafforsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:51 GMT
content-length: 0
location: https://syndication.realsrv.com/splash.php?idzone=1955560&type=8
set-cookie: sppc_uuid=ae66c4f8-b6d1-472c-8b28-013558e5b5c6; max-age=31536000; path=/; secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DA95D6-D812A81C01BBAB61-46388A1
cdn-dimi.akamaized.net/landings/278385/1675090482/images/3.jpg
95.101.11.40200 OK 58 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/3.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash 46f31318d54f73548561cb1c051bca1e
8d95f9a6b8d71218581120620dfc6789e5137f43
4429d6904c5bb0df0682b96518cdbe81bd2fa084d05b443505806eeffacee6ee
GET /landings/278385/1675090482/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: IO0VPygVpXjUYhbUaxbOsxWQY22TdPTJ1aM6KzOn8YI3MeV2zXsuHVn0gwsqMSDcY5ZLntcRs+I=
x-amz-request-id: 8AEF24DDR2RKD6J4
Last-Modified: Mon, 30 Jan 2023 14:54:45 GMT
ETag: "46f31318d54f73548561cb1c051bca1e"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 58014
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/4.jpg
95.101.11.40200 OK 50 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/4.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash 37cfd76e9a252b209475bbd7b5589748
b56f716c5cb6e770dc842d308765c151efd62ef1
ada2cf01c7d153062f94a6dd57ff9b82ed15c24723af2cc4a2c2abd97283fad8
GET /landings/278385/1675090482/images/4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: +2h6v6mgBVOFw1xbuxPIiPvWCMkBp0YyNwi3XgoxUQ7tG0hCeZ3Q/P3EfhGZfXBK84DGJT93lcM=
x-amz-request-id: 73B2F5EXWMY1D3QF
Last-Modified: Mon, 30 Jan 2023 14:54:44 GMT
ETag: "37cfd76e9a252b209475bbd7b5589748"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 49920
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=0hLUuU-xQoU&campaignid=986795&siteid=504185.461005&publishid=504185&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.00022
50.31.176.38200 OK 69 kB URL HTTP/2 www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=0hLUuU-xQoU&campaignid=986795&siteid=504185.461005&publishid=504185&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.00022
IP 50.31.176.38:0
Hash 003eae2290a851af7fa74e9652fd71b1
6911392c2e23fc608dd81cf7b0f44bfd251e4e49
1349fd6138dbdefffdb7e81b0bf21220820ea6adcd222a441dd738f3819502b0
GET /get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=0hLUuU-xQoU&campaignid=986795&siteid=504185.461005&publishid=504185&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=http%3A%2F%2Frixon.ml%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.00022 HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
set-cookie: PHPSESSID=a18ecf067706c93864435a658627af16; path=/; secure
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:48 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:48 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8200 OK 13 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
Hash a873a439e2283a3341703d14199edaac
7e805b4a38b093a87f86bfbdd215b2a9222cf341
eb145b690b5da9e940d3127711ff33e0407f8378e18625796539106cd71b5de3
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.21
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Tue, 31 Jan 2023 16:04:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 88514
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20217e29b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560
95.101.10.185307 Temporary Redirect 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560
IP 95.101.10.185:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://20betlp.com/bonus-wheel-en/?btag=655020_3A3DD358570041CABA245F0A2EC77F75&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop BonWheel-1042&subid=7ff42177sa23ve2560
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 01 Feb 2023 16:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:39:51 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a174581%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269591908)%5c%2f%22%2c%22CookieTag%22%3a%221971174581451240919C2023211639%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221087573208%7c1%22%7d%5d; domain=.20bet.partners; expires=Fri, 01-Feb-3022 16:39:51 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=61
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/finance-tech-305x207.jpg
104.21.20.56200 OK 14 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/finance-tech-305x207.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 305x207, components 3\012- data
Hash 4a4efb0d6f43eda3125508609712b57b
c11150adcab44b1e17d87992250bb7c9afc75758
10a10921ca47519fdcb9a8ff2df54d025be6f32b3ab54ea9feb4ab09f68382f9
GET /wp-content/uploads/2021/11/finance-tech-305x207.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 13810
last-modified: Thu, 24 Feb 2022 12:38:40 GMT
etag: "62177c50-35f2"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17u%2BlW%2F6adeG3ZbmeTbvROwmw3%2BZpTNt3PjzZBnEPZvkbhQwDaRfoDdHy7VPfJ2wLjZfM%2BAlmuZ8DHzfQemJ%2BZfObYCT4Zv2bqedtS5UdBZpMsLgT3Hjw9vPnSo45gzeTai8I%2Fg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20232d420afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.bmcdn5.com/js/63cbdb2271c2f737f5e7f0d2.js?v=1675269611077
172.64.110.35200 OK 109 kB URL HTTP/2 cdn.bmcdn5.com/js/63cbdb2271c2f737f5e7f0d2.js?v=1675269611077
IP 172.64.110.35:0
File type ASCII text, with very long lines (9377), with no line terminators
Size 109 kB (109356 bytes)
Hash 422a1f0e8b7cb8e25f860b5d8ab79140
30fbbaa300d9a3907d77a843c81044c3cb7bb2b3
a67ad5fd747d953ac5adffec577a5fa117300cfc174a2f9de55156bc87bbfff3
GET /js/63cbdb2271c2f737f5e7f0d2.js?v=1675269611077 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jl8i5Mwj%2Fk7yAg4%2Brq66wyAZmFGAfwwzyZfwYCY8FIWOZALwIWqNub8UWemP7RyP%2BJeyEArqOuJFRONJBwrzglh%2F4tQT%2BYL%2Fulvc6D1oAasNQOzvvgHAJrS7Ywc7mQl2eA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201648b175d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ccb6c9aff9d4e1f734434cc6d701b668
c333e2e786d6442ba811145e397fdc423b563d6e
aeb54dc3d422da5b41f7d62002b1b758dbb113ac8da83b9d501ce72b671ee9ef
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5807
Cache-Control: max-age=122270
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63d9b9c7-117"
Expires: Fri, 03 Feb 2023 02:37:42 GMT
Last-Modified: Wed, 01 Feb 2023 01:00:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZnBiqz5QQ-A_0&s=517684_467930
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZnBiqz5QQ-A_0&s=517684_467930
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=ZnBiqz5QQ-A_0&s=517684_467930 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_517684_467930
cdn-dimi.akamaized.net/landings/278385/1675090482/images/6.jpg
95.101.11.40200 OK 56 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/6.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash 6dbb90039581cbc9d3278e850bd385eb
c4433aac5c0190471a796c0d1dd3ca54ff897353
4686ad66f2fc2471d57a505f3396f2569f47f06fea8376c2ce0b1f142ca6fdb0
GET /landings/278385/1675090482/images/6.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Og5xFsWGOIoYD65mveB8rv7c4L94lqyT/IiRIxCTNgOISoqn8rYsEzRCVnGVz9PsMPX78QnXEg0=
x-amz-request-id: K0YJ676WJJGDS086
Last-Modified: Mon, 30 Jan 2023 14:54:44 GMT
ETag: "6dbb90039581cbc9d3278e850bd385eb"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 56100
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/278385/1675090482/images/5.jpg
95.101.11.40200 OK 46 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/images/5.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 800x1000, components 3\012- data
Hash c46bb382ede649fbbccd9bc6e95ceb09
36b7771dbac78853ce72a7bc1f092f8c77f2c177
e3a61a5ce6e93d285dcb935ccfabe0d947d276f90c074ce3ae82817cf91e90e5
GET /landings/278385/1675090482/images/5.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: +8fEq8mNIn2QefBbaP2Ov4zCPSbPyq1SuriEAsb8x7B5Lzxt3OCgsHGzhAv1JJAp5p1jqbH//9U=
x-amz-request-id: K0YWBG5J6BGPSS4N
Last-Modified: Mon, 30 Jan 2023 14:54:44 GMT
ETag: "c46bb382ede649fbbccd9bc6e95ceb09"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 45824
Date: Wed, 01 Feb 2023 16:39:51 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
dailybulletinz.com/wp-content/uploads/2021/11/finance-tech.jpg
104.21.20.56200 OK 142 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/finance-tech.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 142 kB (142104 bytes)
Hash 154ac867887998f84995d30e8d824303
35f42847b14007bc1c4848887dc082360f7a356f
695b723fe02575e96a1ad122c41a689cdd34e43406d082d35e5768afbfac8941
GET /wp-content/uploads/2021/11/finance-tech.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 142104
last-modified: Wed, 17 Nov 2021 11:29:46 GMT
etag: "6194e7aa-22b18"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5MkVfPrVsSoPM58EOL2%2FDTZQHatoKgLLbnpmv%2Bx%2BG6dCu5j6DAIcsfD5CdwOyGu5KYU6kBDURj27RtdOIXAOMvCLtNFQjIE6oLqU3IezAQO8A7DYXEZjVChPrXal3SiPV9BefQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20232d460afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=451000_464209&pub_clickid=63da95d5c912fe0a3172a7e7
198.134.116.30302 Found 0 B URL HTTP/1.1 go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=451000_464209&pub_clickid=63da95d5c912fe0a3172a7e7
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=451000_464209&pub_clickid=63da95d5c912fe0a3172a7e7 HTTP/1.1
Host: go.c4ptainn3lson.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXd3dzEuZGl2eGZpbG1lb25saW5lLm5ldCZiPTAuMDAwMjYmcz0xODkyNTQmYT0w0
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 14bbeb2310b556c8f896632dae1a43ae
4d447c80b0f1a8b75b1969eacd7a569f06bbb224
cb768cf2599bf0f010578f2dcff90e1872c00a4fd94f24f623df42d600726c9d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=145612
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Etag: "63da2ba3-118"
Expires: Fri, 03 Feb 2023 09:06:43 GMT
Last-Modified: Wed, 01 Feb 2023 09:06:43 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e0d5cef290e64147859d24dfab033f8d
1b64cb1c126247bd2c4e8b6fcf8e47d6326a1b96
9582d5a0c46f3f52cc725d71627a37565c47c0a89da08704c80df92b28e7d5b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4348
Cache-Control: max-age=89498
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:51 GMT
Etag: "63d93f75-118"
Expires: Thu, 02 Feb 2023 17:31:29 GMT
Last-Modified: Tue, 31 Jan 2023 16:19:01 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 280
creative.xlivrdr.com/LPExperience/main.a2dd9f84918c4ce73264.js
104.18.59.150200 OK 91 kB URL HTTP/2 creative.xlivrdr.com/LPExperience/main.a2dd9f84918c4ce73264.js
IP 104.18.59.150:0
File type Unicode text, UTF-8 text, with very long lines (37067), with LF, NEL line terminators
Hash e7b417eedb26cd74eeb4064971d10b64
194be40f109af33f85a42307a279720f85cb5136
6ce62bd7c74cf04db603cf4485814619494ba8cef7a127dcfb8a1b248ad3716a
GET /LPExperience/main.a2dd9f84918c4ce73264.js HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7nTvqkgYk9TTHE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-4a0a7"
expires: Wed, 01 Feb 2023 16:39:53 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20252ae9b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
95.101.11.40200 OK 103 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 103 kB (102832 bytes)
Hash 3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6
GET /landings/277386/1674482702/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: bMlXXMdoMFgluwU/FVl8R78eDOSDtsCshWoPPPIbBiFrwiRE03vF2hXz7EuSr3EfHauUP2rhhWg=
x-amz-request-id: J5QKAAYKCD04B11H
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/4.jpg
95.101.11.40200 OK 68 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/4.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 875x1280, components 3\012- data
Hash f1b9a37200eeaf9dd178b748abc775ee
dffc2369c478d72df3a09bbba23fa55c336f404a
dd939925e556e737df90a5b48b5224aeb2b92d061a104880774c6cdc7b1a1e71
GET /landings/277386/1674482702/images/4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: oEXKhMv4vxTferqoQJQzFPHOuanfxrK7Sbpz/OdX5AQRDBRK3C1Zc7Lv2rTRtgJWfJYc2ZuiSwU=
x-amz-request-id: J5QJ23PZNV6RT210
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "f1b9a37200eeaf9dd178b748abc775ee"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 67631
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 197 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Size 197 kB (196592 bytes)
Hash 327bbbf71bc4dc8b49025754bcb9c445
268380875763158dfaa29f91414fc8a8064c7597
67571134cb363df77098ea1a4a252749d0ed15a5e352cb0606b3e62797252926
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Wed, 01 Feb 2023 16:39:50 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=b834706014e0312bbd5ac92e619aa9e536e81381d39f99045f3680752b2c0199;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=b834706014e0312bbd5ac92e619aa9e536e81381d39f99045f3680752b2c0199;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/6.jpg
95.101.11.40200 OK 116 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/6.jpg
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 116 kB (116404 bytes)
Hash ae59f6b10cd1ae9cc3659862a6d8713d
7bcc60474232d1509a59b56d27000c7ebf3353a7
c74ac70aa88c93f3109517f66dffa93906fbcb3e9d1dab30d50f9140a12454ad
GET /landings/277386/1674482702/images/6.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: XUzTb3Y/sdTV0W0M8c4iDcW1laFSrl27g5Tc8ZxPwKKkOrEcVNN+mvwEgi9jZeH6PkjuNlYyEvA=
x-amz-request-id: GVSTQN2F36J2RWA8
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "ae59f6b10cd1ae9cc3659862a6d8713d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 116404
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
dailybulletinz.com/wp-content/uploads/2021/11/New-Men-Handbag-fashion.jpg
104.21.20.56200 OK 207 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/New-Men-Handbag-fashion.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 207 kB (207256 bytes)
Hash 2aee0de7d760cea64e8b403add3076a8
794c8f8caee70bc8faa6e4f2f52e7539f8b5b830
cad71f88fb77f0c8fc90e375a35291a0ab0bf766fffc99a10bd82ab4528f2ad0
GET /wp-content/uploads/2021/11/New-Men-Handbag-fashion.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 207256
last-modified: Wed, 17 Nov 2021 10:59:34 GMT
etag: "6194e096-32998"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmtn9W0I9yzc1ZEyfoRIGs78y%2BeUPh1%2FnfQ9PJ8gKScQk9oN44zRBrl1hHP829uWw10Xouc9Vr0sDxogmEr8ikGBZo1fURlu2gXkjl1zGQtTfA3hB8cHhnATCsEO5ebXzmpKJbo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20233d560afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=470427_470362&pub_clickid=63da95d5493b4e09fd062173
198.134.116.30302 Found 0 B URL HTTP/1.1 go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=470427_470362&pub_clickid=63da95d5493b4e09fd062173
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=470427_470362&pub_clickid=63da95d5493b4e09fd062173 HTTP/1.1
Host: go.c4ptainn3lson.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:51 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://s.optnx.com/cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl
Pragma: no-cache
my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=355801&reason_id=hosting&format=pops&zone_id=1001973&browser=Firefox&country=NO&mode=sw&clickid=
18.158.88.249302 Found 0 B URL HTTP/2 my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=355801&reason_id=hosting&format=pops&zone_id=1001973&browser=Firefox&country=NO&mode=sw&clickid=
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=355801&reason_id=hosting&format=pops&zone_id=1001973&browser=Firefox&country=NO&mode=sw&clickid= HTTP/1.1
Host: my.okueroskynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: d65cf81f-7fce-4b74-a76f-b50cfca5bef2-v4=HVGdV0JQQO7RcobiJ0gAqFEqM5fGFVJJywfqm4dhw1o; cc-v4=gQ1xhTInnP5XC4cjsLz6sAu%2BVS0xAgL3p%2BRz2L2axnlk1EXPKJwEBZgfrJ2NtsZE9V1WIx09jhnvhondAblV%2FW0jX%2F8cVobv5CTGkQc4Fb9sdaIn2EnVAAcBEBhOhYylv8s0oMPA0LBmEH7VODV%2F%2BQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:52 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&fullscreen=1
pragma: no-cache
set-cookie: d65cf81f-7fce-4b74-a76f-b50cfca5bef2-v4=5CsEf_4GTeF0-lBg2qbpDP1a1FTliPHeVm13NNGT01U; Max-Age=86400; Expires=Thu, 02-Feb-2023 16:39:52 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=pRDKme10ig6LvFj19JeOkWeA5V9%2BXj4TfWJguFjzoEhcCNMpRWocBrfZgpUe%2B%2FlgF7FGtKN%2FdtuCShjWCaJ1D6PcLWTktB5PcN7fGS%2BzpOsSYdnxKOzJ%2FNaszPkWf8e43%2Fwwv4KMF3sIPuba%2BCWfcg%3D%3D; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:39:52 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
clickiocdn.com/utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&ttfb_green=0.000&ttfb_green_cnt=1
95.211.66.34200 OK 42 B URL HTTP/2 clickiocdn.com/utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&ttfb_green=0.000&ttfb_green_cnt=1
IP 95.211.66.34:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /utr/wv/?prism=0&url=%2F&eid=227790&wh=1280x1024&rnd=96113870041&lid=0&tid=0&ttfb_green=0.000&ttfb_green_cnt=1 HTTP/1.1
Host: clickiocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/gif
content-length: 42
access-control-allow-origin: *
cache-control: no-cache
x-error: limit exceeded
x-error-host: amn-ams-5-7
iseu: eu
X-Firefox-Spdy: h2
cdn.bmcdn5.com/js/63cbe66e5b376e6290f5d621.js?v=1675269611082
172.64.110.35200 OK 214 kB URL HTTP/2 cdn.bmcdn5.com/js/63cbe66e5b376e6290f5d621.js?v=1675269611082
IP 172.64.110.35:0
File type ASCII text, with very long lines (9373), with no line terminators
Size 214 kB (214374 bytes)
Hash 044f0e4ed31ff7a83dfdd5e46df8c252
3d6830f6f9005197555713d47bf51a61d76f748c
0d652fa5c5d1b63119678aa95ae23b777de854743c6de66e6a6494b2682b8113
GET /js/63cbe66e5b376e6290f5d621.js?v=1675269611082 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n13loHsf6KOPXETtAhNJFTm7GWRLOnTkUCUF3b6yzIu5xoetRyOKBzZcEPYptSTR3xnb1x5RQgde4Rc1ywgM6iibjK7PmFh6r26I%2ByECkqUx6vR%2FbaUqt5cnGSSiYMu6zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20183b0d75d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.click.aliexpress.com/e/_AkUaK1?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi
104.110.21.5302 Found 0 B URL HTTP/2 s.click.aliexpress.com/e/_AkUaK1?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi
IP 104.110.21.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/_AkUaK1?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi HTTP/1.1
Host: s.click.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
server: Tengine
x-application-context: global-traffic-holmes-f:7001
access-control-allow-methods: GET, POST, OPTION
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
location: https://best.aliexpress.com?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi&aff_fcid=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&terminal_id=cea5412aa3974a14a114454e74704789&afSmartRedirect=y
content-language: en-US
eagleeye-traceid: 2101f49d16752695918595054e8dfc
timing-allow-origin: *
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1%22%2C%22affiliateKey%22%3A%22_AkUaK1%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%223407682764%22%2C%22tagtime%22%3A1675269592009%7D&acs_rt=cea5412aa3974a14a114454e74704789; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
acs_usuc_t=x_csrf=p1qhdfldeky3&acs_rt=cea5412aa3974a14a114454e74704789; Domain=.aliexpress.com; Path=/
aeu_cid=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
xman_t=cUpW4fMxpg6qfbnmRIQkWqvZMS/Glit6SWF976EX60j3XGKUbE9ZDWogCycEGjv1; Domain=.aliexpress.com; Expires=Tue, 02-May-2023 16:39:52 GMT; Path=/; HttpOnly
xman_f=ACA+OuzFKMf9Q0n9C5nqz958tKBK6xgTJDPCD1f81N4FPjbyRfCIKDjprW0zCzq4f3K2tv+VbV039DCQQmDZMWNKBEoA4sSAIrhDjWAt3kVbodGskqHkzA==; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/; HttpOnly
traffic_se_co=%7B%7D; Domain=aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None
af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 465 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 545daca0f28ae657d6059cc2c49e8915
b57bff22ac7edda473be0aa5edba723bb1014cb8
1400e68dc5cc9007c23c4fa056f228679275a0ee04d7a2adaf5b27fe166b6a90
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/xml
x-ms-request-id: 5bfd3557-d01e-004f-105b-366356000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 201
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201b68b7b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
s.click.aliexpress.com/e/_AkUaK1?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi
104.110.21.5302 Found 0 B URL HTTP/2 s.click.aliexpress.com/e/_AkUaK1?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi
IP 104.110.21.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/_AkUaK1?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi HTTP/1.1
Host: s.click.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
server: Tengine
x-application-context: global-traffic-holmes-f:7001
access-control-allow-methods: GET, POST, OPTION
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
location: https://best.aliexpress.com?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi&aff_fcid=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&terminal_id=ce601f5cb47945ec90bb4dd22340dda9&afSmartRedirect=y
content-language: en-US
eagleeye-traceid: 2103255b16752695920404202e3c73
timing-allow-origin: *
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1%22%2C%22affiliateKey%22%3A%22_AkUaK1%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%223407682764%22%2C%22tagtime%22%3A1675269592045%7D&acs_rt=ce601f5cb47945ec90bb4dd22340dda9; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
acs_usuc_t=x_csrf=eg8ogq5unt1n&acs_rt=ce601f5cb47945ec90bb4dd22340dda9; Domain=.aliexpress.com; Path=/
aeu_cid=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
xman_t=985AUJ3+d7t2FyGAVj9pLhdd80I4qDPApNtMrC2xzRImTiG+E4STyTRrykfMjZ7i; Domain=.aliexpress.com; Expires=Tue, 02-May-2023 16:39:52 GMT; Path=/; HttpOnly
xman_f=K5EjMSwteY0x45Oht9+td/No1/Cl+QNq8oHFCAdE3l5CHMl1yuckgFj/v9lElBNGzWOjgwwzsTOVAej7QYWSg/ociG4xePnU9kJVrcRHB1+u2ldhYsryTw==; Domain=.aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/; HttpOnly
traffic_se_co=%7B%7D; Domain=aliexpress.com; Expires=Mon, 19-Feb-2091 19:53:59 GMT; Path=/
af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None
af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 909345addac6f911606ba6a4f4e871c7
7113ee3d36c9b4708d6cfe12f9cedeb70a2a2f20
cc0875f21605f4749edade23126bf1b47cc965c37d2c075fa4c37116ab20dc93
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3748
Cache-Control: max-age=127034
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63d9d46e-116"
Expires: Fri, 03 Feb 2023 03:57:06 GMT
Last-Modified: Wed, 01 Feb 2023 02:54:38 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
dailybulletinz.com/wp-content/uploads/2021/11/Hatchback-interiors.jpg
104.21.20.56200 OK 160 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Hatchback-interiors.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 160 kB (159547 bytes)
Hash a2bcfa35234a881b9b68d6880e6e2d1a
0dc3d8ed77f5dece1c8f5f03ddb94736e63097ad
f9486d656255198a16c85c784f2e8910958fc56ef4a4b8c245312c157a4ae9cf
GET /wp-content/uploads/2021/11/Hatchback-interiors.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 159547
last-modified: Wed, 17 Nov 2021 09:50:20 GMT
etag: "6194d05c-26f3b"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cq9EWmhLdN%2BZ%2FGizYZ%2F5H70Kx9PGFPyrv6Xl2qYsKXgC0cjBIK0%2BScLA9OvrCMoizyVSGuKoCqQwfTpIFsxcqOdwugWRi5CS1h4M%2BhD1YZ1WSgVXvEb6iN7N8o02ni4I4oAuWHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20234d5c0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/plugins/wp-magazine-modules-lite/includes/assets/images/default-image.png
104.21.20.56200 OK 20 kB URL HTTP/2 dailybulletinz.com/wp-content/plugins/wp-magazine-modules-lite/includes/assets/images/default-image.png
IP 104.21.20.56:0
File type PNG image data, 1200 x 800, 8-bit/color RGB, non-interlaced\012- data
Hash 64904873ca7661a5506af6970f894da3
bf9c4502d07edb62c7959c6556cb9dcfa2b275b3
9730135d5a65e31ca9980478ef21a5b136ef05f976a8fea673423cd16aecfbdc
GET /wp-content/plugins/wp-magazine-modules-lite/includes/assets/images/default-image.png HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/png
content-length: 20207
last-modified: Mon, 01 Nov 2021 09:30:21 GMT
etag: "617fb3ad-4eef"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eOp4Z3dj%2FI5QsQUmijMBGP4E4t0yWq8eFTQt2hbqBtyTNXWDiPy%2B3HSv5UMywtMuiqkrzlKN3Ans2HiSiDoNoGI6okGLq%2BnczLWGhSwfu3VAveDsqF1zMH5G26vHM5yp1Meck1g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20253f2e0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 1.0 kB URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 16c797e2fe103e7f83e1016b48f1b6ee
e96f69d5c640dc26cf4d34d735620b73cb4ce2d7
56c18fecb53677aff9f57b97536031306a617cf1898fa4933f113ff3e648d74f
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Twoc1evhsIQw4THLENGov3jghJ%2FvkgypITKunyOxjodEVlk8gFKl2ZijnBu2gW5YBfX%2FxFzGIZshYXX%2FboC5%2BR9SM3bidJGpwheJj2FBtt63%2FUyiK8gUXpNuU7BK6Qs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c202609fdb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=499756_471425&pub_clickid=63da95d55ab5645a876df46b
198.134.116.30302 Found 0 B URL HTTP/1.1 go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=499756_471425&pub_clickid=63da95d55ab5645a876df46b
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=499756_471425&pub_clickid=63da95d55ab5645a876df46b HTTP/1.1
Host: go.c4ptainn3lson.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://thingortwo.g2afse.com/click?pid=439&offer_id=43743&sub1=-9c3dLZkLmg
Pragma: no-cache
cdn.bmcdn5.com/js/63cbde6471c2f737f5e8033c.js?v=1675269611083
172.64.110.35200 OK 185 kB URL HTTP/2 cdn.bmcdn5.com/js/63cbde6471c2f737f5e8033c.js?v=1675269611083
IP 172.64.110.35:0
File type ASCII text, with very long lines (9377), with no line terminators
Size 185 kB (185431 bytes)
Hash 9996a110d23c81724cceaca5dd15d7de
a3de7d8d617f44ecd1e97692712a53c928ff7892
f38ef2b5be3b11b7fb4e268d342ca9de1e0ff6d5aed32974c2082fb05d4ac819
GET /js/63cbde6471c2f737f5e8033c.js?v=1675269611083 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:50 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2oLsgu0w0br7es4n7r7wiohTKHaCG0S5mGixWiIFn2SW8YofkLYE15rGGKI5Aq8%2BmIIdGB6NrsJzvcckXVPgHEkc3FK%2FKJVJh0ppLwjzxCunSUYnPSLSqxq7koTRUYSmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20181aeb75d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 191 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
File type HTML document, ASCII text
Size 191 kB (191290 bytes)
Hash 6699a33aa73aef26c55aebe7431e1b16
2b1920ff73ca8103fdb13e2c1e3beec55e0a4ca0
3eb73c2825373f5f6508b5bb02e4b216df09e3957ad920f654fd6ee704968ad2
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF991898A021"
x-ms-request-id: e9253db8-601e-0075-8081-31792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533362
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2016390ab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/yoga.jpg
104.21.20.56200 OK 108 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/yoga.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 108 kB (108028 bytes)
Hash c49c3aa07a61884cbbbf636d9b6e682d
58eaee16db1a8fd97c2e0ed39c5a32eba9a94896
1e073dbd091b0fdec7840026fd0de073e490e25791ee25a41540fdceca8ad0a4
GET /wp-content/uploads/2021/11/yoga.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 108028
last-modified: Wed, 17 Nov 2021 05:47:37 GMT
etag: "61949779-1a5fc"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZ7yob99C%2FoYon2btUenU%2BdfPWIfjMISiszsW5VVYILZAvmNqMu71BRH71Z4Q%2Fb7dsR%2FPYVT5kNop5bHL8k0dVOksOTDzpLhk018tkb7l%2Bjguz465wFTB4X61Z5Hw7NwhIHFvFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20248e9a0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.hueadsxml.com/tabu/display.js
151.139.128.10200 OK 3.8 kB URL HTTP/2 static.hueadsxml.com/tabu/display.js
IP 151.139.128.10:0
File type HTML document, ASCII text, with very long lines (9325)
Hash d24a54239721e5e7c2f7667bf66bd3af
0043d29fdc28a135c596bb27cf93636361343d51
dc46eda8050088ad3c9b2e903aa606d04252c7915a54471100546ea7128f9037
GET /tabu/display.js HTTP/1.1
Host: static.hueadsxml.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-encoding: gzip
content-length: 3771
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 10:04:25 GMT
accept-ranges: bytes
server: nginx
etag: W/"636a29a9-24a2"
cache-control: max-age=86400
x-hw: 1675269592.cds209.sk1.hn,1675269592.cds258.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Desk-plants.jpg
104.21.20.56200 OK 224 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Desk-plants.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 224 kB (224130 bytes)
Hash 18249ae0f5ebdeab87e1bd9977af3ca7
5fbbee0b0b539a2b061d824709b32988833c2127
fead96fa44461d9948b255c6388b0eb1f1d8b170b487ac30aac116971cb9c981
GET /wp-content/uploads/2021/11/Desk-plants.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 224130
last-modified: Wed, 17 Nov 2021 06:54:25 GMT
etag: "6194a721-36b82"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buZxz2ar2EFtJrjgO9%2BM39W9xH%2BOYb0bANdT%2FKaZ58GZW1MLyMnTH3twBLL29GYhT54b0sHKuJeSefDA22YMx2OSQklIoYJqAIAXD15rB5y8lTo69kKn30lptzMAyf8OnuyUDrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20236d8b0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.bmcdn5.com/js/63cbe1e971c2f737f5e80978.js?v=1675269611085
172.64.110.35200 OK 265 kB URL HTTP/2 cdn.bmcdn5.com/js/63cbe1e971c2f737f5e80978.js?v=1675269611085
IP 172.64.110.35:0
File type ASCII text, with very long lines (9377), with no line terminators
Size 265 kB (264986 bytes)
Hash ef1917a4b7000edf01d1aa6827f3418a
529c69053616da435d7a41b7e12941009cee1be4
327950ef8b78f7dd9a8fa05c8724ff4aa35a521e487aecdac0967ba098ee99ce
GET /js/63cbe1e971c2f737f5e80978.js?v=1675269611085 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDkMwgBMKc7K1IBsKe8OOZzFDSPzHuB%2B5aVKKZfA9KvyZ%2BQS3JFdYyrzz0k1pQstuXY2zm1%2FIZ0rgRyMy7760XRaF2w0qzxOISrmGw0f%2B2gdmKtfn53GiScecgVnvlrE2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20183b1875d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Blue-garden.jpg
104.21.20.56200 OK 168 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Blue-garden.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 168 kB (168097 bytes)
Hash 2c26e204803eff69ad824683f2d35d0c
d0a392608635695f8de998e58e4bdc818e12cfeb
c4750d2339186a29bec38edcbabdff048e1cf988f77f7bd3062e3084085c8bb3
GET /wp-content/uploads/2021/11/Blue-garden.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 168097
last-modified: Wed, 17 Nov 2021 06:51:54 GMT
etag: "6194a68a-290a1"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBTZFf3ebBJQUU1bQ41COafTN%2B5t41kb%2Fc4n79zGRcoeFlEWPXIY3nxnPkU%2BK3JlAZ%2FTdXNUOifDbAogy9Wjc2kUqdBDpcXPROxhXPT6J3n5fPgxw%2Fbkcl3%2BqcowF0HXMOp2r0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2023bdd50afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Salary.jpg
104.21.20.56200 OK 143 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Salary.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 143 kB (143104 bytes)
Hash 1f1ee31b419ba1cfc995ccf225157b38
846ad6462938b95b43d68b14d42ebf234388202a
50e66c0b1c7e8f06ea6e6dc442daf5088d2b60a75153c6b5986db6f0c1922d0a
GET /wp-content/uploads/2021/11/Salary.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 143104
last-modified: Tue, 16 Nov 2021 12:48:11 GMT
etag: "6193a88b-22f00"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwjdNbgFCl64xZ5oztaXILbL7iNtR087DyMuJv9DDe%2F8YUPRikOLkQGo%2BztDJOh2T%2BujfT1g2fQlUaq23Bp27PU4LdHOMFACgEiNJ9TQ6CLqj4u6SqseGm8Ercm6sYp4SXJItks%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20254f390afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
popcash.net/world/go/134600/317194
172.67.194.203301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 172.67.194.203:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucoCyWA3hZqWSKH4QNYdi2BZjjSfKJs7xMpi4cm8bmSXASUxST8eGIA9e96F8tgpmirfr0PFWwJi9axzIloy1Zga3rNGgr8BBym%2B1caAaM2qRxmGt5mRNVLjGZLP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2025ada8b529-OSL
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/summer-accessories.jpg
104.21.20.56200 OK 241 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/summer-accessories.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 241 kB (240899 bytes)
Hash 118a710cd2548e848cd23711942a1909
fea718f897588117eef5193b924b33bf02485237
7884621062dd02f1b7e034851ada731e5bbc4c874aa82fffa9dd1a325f576175
GET /wp-content/uploads/2021/11/summer-accessories.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 240899
last-modified: Wed, 17 Nov 2021 07:22:58 GMT
etag: "6194add2-3ad03"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5AbN0DBt1xKW8ENLhVHEWxU37XupOs2v%2BBVekBJf4pTan%2BosdFGLplmhay0hfIDqBZaW79%2BSXVRRwDgAviBj8HHtQ3Sr5cXj%2FH%2FfUjDd3%2Bj56GA8wOhSJROfyfAV14lws2kCe38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20236d730afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Green-living.jpg
104.21.20.56200 OK 141 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Green-living.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 141 kB (140982 bytes)
Hash 2d1b8de01fdc3647c8e3994f3a0b1db8
f430a08764d7927b31fdc3f8b377f2333ed87011
d13d6be842190b7144876e9591f3a26cc1aa735b0c652badfddd2d71bd3c5180
GET /wp-content/uploads/2021/11/Green-living.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 140982
last-modified: Tue, 16 Nov 2021 12:06:14 GMT
etag: "61939eb6-226b6"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=esBbk9Sb6t5IWbqbsolEMii7TnK9HqbzgVYJapCaldKlv0%2FGqgPpkmAIcyW9SLk%2BdmM1irZCRY7XUt2HXkW46e3zwmm%2BpskpAzwpKegu8lMJJq02QsOL2lumrz0InMhydhwX48o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20259fb00afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint.jpg
104.21.20.56200 OK 126 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/cabon-footprint.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 126 kB (125559 bytes)
Hash 967a59b091bb48d5d676614ce4211ae0
bb7a7ae51fa110a17dfe0ee03d664793d1b9882b
f0ff8977e33a4e91b6018017ba8201e067231e1c1e61136cfdae0e35011fd4cb
GET /wp-content/uploads/2021/11/cabon-footprint.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 125559
last-modified: Tue, 16 Nov 2021 11:16:13 GMT
etag: "619392fd-1ea77"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bou1cRwL9oO1xmWBBYhqq%2B9OSZb4LxgKKiV1Yupi9mJ8%2BMj1TLxZMtEFwn9oJiz7zdI4kbagSrN7rXhvz%2FenqSBVqymvgrITwoTweYzykV6bJwrwj1QzNtp33vJL3wALRCDltvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2026b8b60afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/art-students.jpg
104.21.20.56200 OK 135 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/art-students.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 135 kB (134895 bytes)
Hash b483129a36ae11baaa40383737e09100
3fa908e9d3c84a6fe7bb96be5e5640244fef5a7e
31ce92d6a53b80653d5dc61810774390f7904a10245670d1b1b7bb9d8fcdd6a7
GET /wp-content/uploads/2021/11/art-students.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 134895
last-modified: Tue, 16 Nov 2021 11:50:37 GMT
etag: "61939b0d-20eef"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4qVNItVLo8IQLB7ETYKgsgevJzX53%2BPPtonzPl8Z%2FXt7T0WkgAkaV%2BBpDIm9u2YPF%2Bow3EsSkjn6WZ8OEPt80GG35pLlcCLic6vEvVLAvdDkTaQTJmoZXrDIMxZEwI9zpCFe2w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c202618220afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/small-garden.jpg
104.21.20.56200 OK 225 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/small-garden.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 225 kB (225120 bytes)
Hash 4b722a12a222847e7d04f8e23d36f3cf
7cd49c535abd51ac0eb32ae9776ca3574e196ce4
e2e571de5dd541f51222a523f15b61ba9507c61d3430dec079210f88dce7f445
GET /wp-content/uploads/2021/11/small-garden.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 225120
last-modified: Wed, 17 Nov 2021 06:36:29 GMT
etag: "6194a2ed-36f60"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3TBIlOdHSl3BJ5tkFja5GZwIA0byLfJzZmbDgsddFg%2Fz6K6bNW5Mc%2B83lwqlpJoUHvTVhVtS9IRPU58CtgG%2Fc26xvl2aLOkz%2B5PxHe7AyxWYAQhL7H7OK6Vl0iPQt9lvZmERUsk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2023bdd60afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Power.jpg
104.21.20.56200 OK 153 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Power.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 153 kB (153020 bytes)
Hash ea78f242ca0c5e33754fd591adf140c7
dc50d2a7edf20be8ad7fa2f18d888898c415c8a4
3080c4138c64ac10d0a16a0c87a7283dc669c1610a650a72d9e8b266264771fe
GET /wp-content/uploads/2021/11/Power.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 153020
last-modified: Tue, 16 Nov 2021 11:32:00 GMT
etag: "619396b0-255bc"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZTsRWOOy4IUtaGZDfOuOrXtrKoSrsRJDgqTvc%2Bq7s3NbPh894dD%2B3KTyakwZP3ylhm%2B802bfz5M7VYDhm9IjDaMNw1jGucMyxJFtu7xFfnacziR8YC6OeHqtKZrpRdwj3fXGg4k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c202678860afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Life.jpg
104.21.20.56200 OK 133 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Life.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 133 kB (132877 bytes)
Hash e83c666f766f8b3c5a9dfb071c13e355
06531d917f323c500bad8dd74f838e0fec3dd722
c2e7bc79c4b7a4c6e71cce6545c177ae2a37bc1a957068dba7909a33e1ec627d
GET /wp-content/uploads/2021/11/Life.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 132877
last-modified: Tue, 16 Nov 2021 11:42:57 GMT
etag: "61939941-2070d"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009966
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FntCCHGvinvbFVai82lTsj9wTZzFru%2B5zp7uRLgyEP8Mmme5H6momgFCQUCfArUvOA8S7%2BsHfjlbdXj3q%2FLbyaYQVIWkJduGS5G1c7pmrUVXGZB%2FiZT66nK27%2F04K6zVhseONk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c202678840afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/sleep.jpg
104.21.20.56200 OK 178 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/sleep.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 178 kB (178282 bytes)
Hash 4e8b5d44e5278a501597764c63379284
5dd067d107256a42db3e5c2e5745c5b169124b7e
bdaa6aa10f1c98ac0e0998c7d6e7a16f27187725a1e53bfaabd91cf424365c0c
GET /wp-content/uploads/2021/11/sleep.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 178282
last-modified: Tue, 16 Nov 2021 12:13:11 GMT
etag: "6193a057-2b86a"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NT0LBnewt84FMhkM4mXMIJONnpGtvgom7pmWHVpR%2BhDjoSXGtnqB9Zpwh1tbkAaomKXu%2BSvcmn5SYSyTJnfbktN2mOkdHVm9PhM0HRAsTpuj3qt2P8u2j4xHYVAiynUeZmmRGo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20259fae0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/auto-loans.jpg
104.21.20.56200 OK 200 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/auto-loans.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 200 kB (200179 bytes)
Hash df6ea76a8317ffbae815a0db585c5f47
45c473ba4ec4817b49d6406c94236ac61fba5a55
dfe82a5bc472df075c7484aa22dff70772f92875d9e77fa37b9ed0e46e4fdfb5
GET /wp-content/uploads/2021/11/auto-loans.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 200179
last-modified: Tue, 16 Nov 2021 12:36:23 GMT
etag: "6193a5c7-30df3"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dtV1bPmYwMKOrm%2BrOXZDrDSBBa77s%2FNJ9wxaQzcK1SUahmecKqUg7Hy7yHi%2FhJaqmLcc9sRn7VTCrC5PW0MqWWKr7dxrGRNcGlGGQeBuwZJdn6%2BxnEfXr86w2wV9U23VM505Qn0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20254f3a0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Used-cars.jpg
104.21.20.56200 OK 334 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Used-cars.jpg
IP 104.21.20.56:0
File type gzip compressed data, max compression\012- data
Size 334 kB (334386 bytes)
Hash c5b1c1a4cea9a7e31ed158122803b74f
e3907a4c4f43e1fbf07788bce5fea04a07aa4de9
cf9868c432884fb7abf82f341396348568a1f88dc826e9fc3f5ad94268a0a559
GET /wp-content/uploads/2021/11/Used-cars.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 333742
last-modified: Wed, 17 Nov 2021 09:38:50 GMT
etag: "6194cdaa-517ae"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxUb0MjB7ZVmgT3TkcX%2FC%2Fcts7rlq4Wztb2RlKf0gj3YrVi850unX9Jrrjh%2BPYwLzuvgCWEuiuflfm5ZIcaRdd9oTXy8JIRUg96kBKe0UlnNr9Zu%2BLlgrH%2FgVfxH4JuAoz2FpBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20234d5f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Investment.jpg
104.21.20.56200 OK 136 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Investment.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 136 kB (135525 bytes)
Hash b9dbeea0588e2b2fd4e7d7b4893530ab
8c10b05b620469ebf9a8aea51bf113ff1fb3aa2d
7bf049dbc36ba6e041996b18367157449ca40a446de5fe302bab383bfcfa511c
GET /wp-content/uploads/2021/11/Investment.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 135525
last-modified: Tue, 16 Nov 2021 10:18:32 GMT
etag: "61938578-21165"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P17kagzpjOd6ZEFlyN5Cz80T7CeXx3%2FbDVKd7CTcZ3F3xi%2BtiRkQQ5w6gjYoLlsd3jFxFemWtXAYhTJuGuXePN09%2BT%2FL9gCI4EdgfbZnE3AeiT8wx54OwOJh0oziQWBELlCrOUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c202739300afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Life-goals.jpg
104.21.20.56200 OK 140 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Life-goals.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 140 kB (139455 bytes)
Hash c91bcc80cb6cc5d0070646f3c4e0885a
eb0efde3f3f0ee8d65746424abb7a912420bc383
07ba4695fcb0cfd8efd9d1acfe01feae7ed220949f715b089b01346e5fdc9226
GET /wp-content/uploads/2021/11/Life-goals.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 139455
last-modified: Tue, 16 Nov 2021 11:08:21 GMT
etag: "61939125-220bf"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Po7eFNhZunLbd9NyKy604Br8KJ5cRMikzNJQIaYUAyu1Tp5%2BO3h2dMGJV27ouDOFrtekjUNn6HJU8TKd8FM2iqzOIrjp2ye7vshVYhwJEiWz4b%2FW0YtBuHvFrIpPqX08Tp2mmrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2027392f0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Rental-SUV.jpg
104.21.20.56200 OK 287 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Rental-SUV.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 287 kB (286589 bytes)
Hash b8f5e960b467274ac23756f5ee73ab95
e932108e4a894d7665d30cab7f496bccdde267cb
55a5470f54a65cd164148cc4ad24d63ea1357079126b12893cf9704b67a099ce
GET /wp-content/uploads/2021/11/Rental-SUV.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 286589
last-modified: Wed, 17 Nov 2021 06:26:15 GMT
etag: "6194a087-45f7d"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmchU8%2FGHEFWHtF4nhlg7VpPFZWxiSx%2FObYrZPQZ%2BA0zHA9o71XyO6pH%2BsnPjv4049gKn0MHtCI7c1duPElrO3Mk%2FMO7N3oVSeflEF7aj8EXXoegA6%2FIwAhvLVO1iseZNeM8CUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20248e960afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/cache/autoptimize/css/autoptimize_6b7fcd258752df9ff24bfe07666a4586.css
104.21.20.56200 OK 512 kB URL HTTP/2 dailybulletinz.com/wp-content/cache/autoptimize/css/autoptimize_6b7fcd258752df9ff24bfe07666a4586.css
IP 104.21.20.56:0
File type ASCII text, with very long lines (47826)
Size 512 kB (512261 bytes)
Hash 7645eb5dbe8392fd9d69eeda949def46
f4c8cc77547a60a431cab2eb974e71d57729d7b0
10349d5208616706ff47ade4389794d57e43e705367f4e82be6142db440c0820
GET /wp-content/cache/autoptimize/css/autoptimize_6b7fcd258752df9ff24bfe07666a4586.css HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 01:06:58 GMT
vary: Accept-Encoding
cache-control: public, max-age=30672000, immutable
expires: Mon, 06 Nov 2023 02:38:56 GMT
etag: W/"637437b2-7158f"
x-cache-status: MISS
x-powered-by: PleskLin
cf-cache-status: HIT
age: 6703255
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnZBUVgOfgaX2bLwmuWr6TFlUBEHN5AEGwdX0uTD1YB2h%2BS01e6EdMGEfWh3%2Fu3fAdAqh14PRfkEorPmXj0Q7QpejkPVu7IRYxljcSwZFCvPBTBrIiNxCCSTqqrNbJ4AZmuXk8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20224c5b0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ccb6c9aff9d4e1f734434cc6d701b668
c333e2e786d6442ba811145e397fdc423b563d6e
aeb54dc3d422da5b41f7d62002b1b758dbb113ac8da83b9d501ce72b671ee9ef
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5807
Cache-Control: max-age=122270
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63d9b9c7-117"
Expires: Fri, 03 Feb 2023 02:37:42 GMT
Last-Modified: Wed, 01 Feb 2023 01:00:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 1.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
File type HTML document, Unicode text, UTF-8 text
Hash 44d139bd9556424cda4a71515215d105
4f461d8244df28e572922ab8f7c68309fcb2bd49
c7581dc767a2bc933de13b9b4f5787059605a6fe619f69d319c8a48ae88a03cb
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF99188E686E"
x-ms-request-id: fae4441f-101e-0040-4d81-31153a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20172aa2b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e2d2b00ed4a3970f9b7c4561eec1f2ba
5d51d00a750a05bcad6aac56b5dcd410afff7591
20f4ee50766ee62c45e9a18f9646a856c1ae9b702a055c7d9131026dce630c42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20F4EE50766EE62C45E9A18F9646A856C1AE9B702A055C7D9131026DCE630C42"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3335
Expires: Wed, 01 Feb 2023 17:35:27 GMT
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86525768-37950&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&bid=37950&campaignId=2799402&pid=86525768
104.18.25.188200 OK 4.3 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86525768-37950&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&bid=37950&campaignId=2799402&pid=86525768
IP 104.18.25.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2392)
Hash d9b139a3b969c82c17c03235956b44b8
e9697fad4c0fe76909d84220b90770bf8c3f3062
e832123dd3c55e598418694a3c1eb2831eb7af91ffcc0250ea5a61276e02cf48
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86525768-37950&btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD&bid=37950&campaignId=2799402&pid=86525768 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: 8bbf378d-f01e-0077-505b-36c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=320665405_6D4D23E11E36496188DB1222CF2EDDFD;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 792c20142e33b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
runative-syndicate.com/api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467930
136.243.83.47302 Found 0 B URL HTTP/1.1 runative-syndicate.com/api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467930
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/55b95c030e5c4e48bca1f879b06a6bd0?extID=467930 HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://creative.xlivrdr.com/LPExperience?nonNudeContent=1&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&campaignId=nonnude&memberId=WJnTcO3G7kqomjc0_7pF5qYAvVB37WbZfrGVvr18qIwLQKF48kc8Bf94KWHcAT0w5f_loqVe7qL2UfRCU1y7YM3G7r2wBgUK_vfZxSPodfogDJFPrA_gUIDRUi&sourceId=460140&p1=4133032
X-Request-Id: 4dfbcbedb757a6b9
Set-Cookie: ts_uid=916c10f8-374d-4ebc-a4dd-ac60aa5ec6a5; expires=Tue, 01 Aug 2023 16:39:52 GMT; domain=.runative-syndicate.com; path=/; HttpOnly; secure; SameSite=None
ts_direct_tag=460140:2954798:18498:4133032:34394; expires=Wed, 01 Mar 2023 16:39:52 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 3.4 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
File type HTML document, ASCII text
Hash 88b1391a865f61c45405fe121a4467a0
4dad42a0735243e520842809a684cd6aabd7578e
a635d7e4de9066cb89b558d5e12f01a93b5b81f4dc692fbda00dba9ada86a76a
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF991898A021"
x-ms-request-id: e9253db8-601e-0075-8081-31792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533362
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20170a85b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.83.142.19200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.83.142.19:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 726dd53d-10d6-4668-acaa-afc087aa7ff6
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GVHvRaeZ!]tbP6j2F-XstGt!@Dhw$q#F#; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:39:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=496490_467930&pub_clickid=63da95d76c51a461191ca7f3
198.134.116.30302 Found 0 B URL HTTP/1.1 go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=496490_467930&pub_clickid=63da95d76c51a461191ca7f3
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=496490_467930&pub_clickid=63da95d76c51a461191ca7f3 HTTP/1.1
Host: go.c4ptainn3lson.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz13d3cxLmRpdnhmaWxtZW9ubGluZS5uZXQmYj0wLjAwMDI1JnM9NTE1NDU1JmE9MA2
Pragma: no-cache
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_517684_467930
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_517684_467930
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_517684_467930 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3c0cc46599deb0b4fd6410b80661ccb0
0f4fac01713575a494f90b1a95f81ceaa994a715
ce770882d6da6cc39171ad5648f4755cbe1ea13e0ce4f4e4e6abd07ff6079bea
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5619
Cache-Control: max-age=128552
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63d9d30d-118"
Expires: Fri, 03 Feb 2023 04:22:24 GMT
Last-Modified: Wed, 01 Feb 2023 02:48:45 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=439438_415010&pub_clickid=63da95d6b69c41669a37ca86
198.134.116.30302 Found 0 B URL HTTP/1.1 go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=439438_415010&pub_clickid=63da95d6b69c41669a37ca86
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.no.windows.firefox&query=439438_415010&pub_clickid=63da95d6b69c41669a37ca86 HTTP/1.1
Host: go.c4ptainn3lson.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://orest-vlv.com/zcvisitor/0c974630-a24f-11ed-98e6-1217afd22719/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 88d54a41aa7a3d5572d799ca3f2c94ac
10abef3a1576dca2dcaba55770c21ed2cb7ca779
8366c77201e6a99471f2e6202c8db588d35b3243f745f03cc4a33096d90b63fd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4585
Cache-Control: max-age=165325
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63da66bc-117"
Expires: Fri, 03 Feb 2023 14:35:17 GMT
Last-Modified: Wed, 01 Feb 2023 13:18:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
static.admidainsight.com/webpush/scripts/v1.2/webpush.js
151.139.128.10200 OK 10 kB URL HTTP/2 static.admidainsight.com/webpush/scripts/v1.2/webpush.js
IP 151.139.128.10:0
File type ASCII text, with very long lines (23987)
Hash 1e7a2d7544e8c79ee2a35ee89afc2c0d
475cd19d9dfb96c57cfd7a8c038e55c06e7e8667
1a589344dfcf9c50c17418688e3cce499f60646e400e92cf1fea9ad12e58d08e
GET /webpush/scripts/v1.2/webpush.js HTTP/1.1
Host: static.admidainsight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-encoding: gzip
content-length: 10330
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 08:01:34 GMT
accept-ranges: bytes
server: nginx
etag: W/"6315acde-5df1"
cache-control: max-age=86400
x-hw: 1675269592.cds220.sk1.hn,1675269592.cds213.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0919ab7b5d73b291d3c3f4292417fdf1
ba6885b0caa903212cbe20a5a5654b34d1d2516f
89722565281b93329db72bb84e818e05c8b66e634bb82b2a72175be726abb249
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89722565281B93329DB72BB84E818E05C8B66E634BB82B2A72175BE726ABB249"
Last-Modified: Wed, 01 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16422
Expires: Wed, 01 Feb 2023 21:13:34 GMT
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=465920&auth=3zQPqj
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=465920&auth=3zQPqj HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rixon.ml/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://cngcpy.com/cuhdl?wh=MhDtUFf_qNAc_qIEvYfGNU7C
Pragma: no-cache
dailybulletinz.com/wp-content/uploads/2021/11/Vacation-shopping.jpg
104.21.20.56200 OK 449 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Vacation-shopping.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 449 kB (449221 bytes)
Hash d44d8456ec109cffd2900a0be3782949
0b3dd29e6cbd00092673da0c9b87cccedb414ba3
17976cd211f88964b3d8305ce55793021a4cd006da1dc1f1ac6cfa0076b15a68
GET /wp-content/uploads/2021/11/Vacation-shopping.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 449221
last-modified: Wed, 17 Nov 2021 07:12:05 GMT
etag: "6194ab45-6dac5"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhO%2BIwPju9259tOaX5u9D8IbMACoWRwak%2F4oH9j29rOqyT6uCj0MCbVoRCsXaH2cIfG7F%2Bq8gwwpnI9EPSJRsLsmiGMCKrKOYrVW7OdugE7Uv6%2B7H%2FTGHGOqfH%2B9PYe0q%2BElEF8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20236d7e0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 2.3 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash cb4c85898814c0cccd4ac9dcf3f03bdf
e0a60016f841632da8a42605375d08d7c3d2bc16
8cfe8d03fd1c1d8c680f714f22aa796c597b0e01d531527e2e0995e69db9e480
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Wed, 01 Feb 2023 16:39:50 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 1.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash bd1cab4ce02ce59fc21fcd432db4c492
c2e2ab46b22b0e6c62704edd5b9d5658b0f649f6
47dc126d59dcff6bde54d7b239efa2849653703d94fb66b28f7f52df1b686f93
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89722565281B93329DB72BB84E818E05C8B66E634BB82B2A72175BE726ABB249"
Last-Modified: Wed, 01 Feb 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16422
Expires: Wed, 01 Feb 2023 21:13:34 GMT
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7bec274d202ce113fec2f7f57fc9856d
ce830266edc4c8e40df2cea2cb1708e35ac3b37d
9cfc77de26c7fc4d3bedf9893e32d1ba02f2973dc666db4b247bd8596f6c3f6d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=138059
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Etag: "63da0e22-117"
Expires: Fri, 03 Feb 2023 07:00:51 GMT
Last-Modified: Wed, 01 Feb 2023 07:00:50 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6c9e7e3f199105310a145ae7de3e53f8
d1512f4eea4668fcb768b345f1d590601300f27e
498e951cf415bf034cdf7b3161899fe217fe8042ef390203828fc57e6d9f4107
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "498E951CF415BF034CDF7B3161899FE217FE8042EF390203828FC57E6D9F4107"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6790
Expires: Wed, 01 Feb 2023 18:33:02 GMT
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
dailybulletinz.com/wp-content/uploads/2021/11/Wardrobe-Essentials.jpg
104.21.20.56200 OK 194 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Wardrobe-Essentials.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 194 kB (194012 bytes)
Hash 2ebde4d03d4638500b91f44bd99707cf
c52a996fd0e047fce0b1ecc07aa02a2b05c5e96c
74bfc4a30235cbeb813f3e91a7a2e2f10b6f2283a332e9ad304d3e44545acc53
GET /wp-content/uploads/2021/11/Wardrobe-Essentials.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 194012
last-modified: Tue, 16 Nov 2021 10:00:42 GMT
etag: "6193814a-2f5dc"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IIG%2Fm%2BOFvWi643yj16oR7bKww13CwBLpQ1zADKLpkobD17Oh7KizmUowR52yO3qrfYQHpM3%2Fn4%2Bcohj%2BdiynnJuPy6ZuMg%2BtqAmjlsj51MpguFhCkCYcyJIyff%2FZYeHlQw2n27s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20291b910afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6c9e7e3f199105310a145ae7de3e53f8
d1512f4eea4668fcb768b345f1d590601300f27e
498e951cf415bf034cdf7b3161899fe217fe8042ef390203828fc57e6d9f4107
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "498E951CF415BF034CDF7B3161899FE217FE8042EF390203828FC57E6D9F4107"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6790
Expires: Wed, 01 Feb 2023 18:33:02 GMT
Date: Wed, 01 Feb 2023 16:39:52 GMT
Connection: keep-alive
www.myfreecams.com/?cam=30352&track=102bbdce42e9703e0453b8e9622002&skip_oapopup=1&r=0&bo=2779%2C2778%2C2777%2C2776%2C2775
163.237.222.23200 OK 20 kB URL HTTP/2 www.myfreecams.com/?cam=30352&track=102bbdce42e9703e0453b8e9622002&skip_oapopup=1&r=0&bo=2779%2C2778%2C2777%2C2776%2C2775
IP 163.237.222.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (18741)
Hash 3044ac0c6337ad1d954cd6d4834b3608
88ea400afb1369d329372055863ff4a1e642eb19
daebfa708676d8476679cd8bff8ac5ef514a68c2b662a87671b29f07fe5b7ceb
GET /?cam=30352&track=102bbdce42e9703e0453b8e9622002&skip_oapopup=1&r=0&bo=2779%2C2778%2C2777%2C2776%2C2775 HTTP/1.1
Host: www.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
content-length: 20123
set-cookie: campaign=832469692; expires=Wed, 01-Jan-2025 16:39:52 GMT; Max-Age=60480000; path=/; domain=myfreecams.com
baf=16563896834621737; expires=Fri, 03-Mar-2023 16:39:52 GMT; Max-Age=2592000; path=/; domain=myfreecams.com
ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=myfreecams.com
cid=30352; expires=Wed, 01-Jan-2025 16:39:52 GMT; Max-Age=60480000; path=/; domain=myfreecams.com
cache-control: no-cache, must-revalidate
expires: Mon, 26 Jul 1997 05:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
x-served-by: edge10ams
x-cache-status: BYPASS
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=oUlsoc6Z3PU_0&s=456528_415010
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=oUlsoc6Z3PU_0&s=456528_415010
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=oUlsoc6Z3PU_0&s=456528_415010 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415010
dailybulletinz.com/wp-content/uploads/2021/11/Online-business.jpg
104.21.20.56200 OK 201 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Online-business.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Size 201 kB (200573 bytes)
Hash 6dc6ef6223a0fd1958258474b9a86bd7
c2e0d61a0e23f994abc692557d62a4116487d7c2
bce79c850890f4d2c6e5af3e84bb28503763c3e18c73b3a856cbef77f584bb92
GET /wp-content/uploads/2021/11/Online-business.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 200573
last-modified: Tue, 16 Nov 2021 09:56:14 GMT
etag: "6193803e-30f7d"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbhDqcbMWvufdGRO0b67SSi73W%2F4rAjf%2FT2ItmRlHwlTNVWBArVlCFX5qB8GzoQYn6uln1ZzcMEKpQs%2BGidf%2F3JHHTCpG%2BCsiTi04h12qfVF1hbW5FRLH76CEeRVzqx7IPTr9T4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20291b930afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ccb6c9aff9d4e1f734434cc6d701b668
c333e2e786d6442ba811145e397fdc423b563d6e
aeb54dc3d422da5b41f7d62002b1b758dbb113ac8da83b9d501ce72b671ee9ef
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5790
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Last-Modified: Wed, 01 Feb 2023 15:03:22 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
IP 139.45.195.8:0
Hash a9456b0d78042f5fb61e77396493fb14
8510c10df3dcfaba795543b3afb7d669c9f571f8
9a5efe7faebc2f475317d8ec9af3c5a562bf8ce369709f7b6b754edd05d9c74a
GET /p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 609 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash c19db933d97ae4412ebba7b7dc3531f3
1900249909d93ced1f65d75e4096e953fcaf99b2
dd67268f24947f5f0a57430ad9d0579307d2d80ecd9bb5bc91f7f9febe58c486
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99173FAB3F"
x-ms-request-id: af16bb2e-701e-0046-1c81-312685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201bb950b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/bucket-list.jpg
104.21.20.56200 OK 81 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/bucket-list.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Hash 69b9405bb76c672b43ca4260259ca433
cc306615aebb3fdb04e28a67f4521d323325c736
9b3da98a0ecd4d3e72895bd2ba3e1bad5578983d76cfe9cbe2efe8e7f5a4d6e6
GET /wp-content/uploads/2021/11/bucket-list.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 81277
last-modified: Thu, 24 Feb 2022 12:44:51 GMT
etag: "62177dc3-13d7d"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trcdV13jnUWvsjcUKAGnXiMQ7wJ4KHjbEByGHHAV1cRrSPCWZZNHvQTtmMFUM3RuiouBeEP3hjTIoBn204naRHi7Gt7dw4ry6TtTqwUaoUCZXTLUYY77ThhmoFwqVkc64l0rwRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20297bde0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/?btag=655020_4D77F023C22A4F0485B9896BBD69A328&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145
37.252.8.95200 OK 1.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/?btag=655020_4D77F023C22A4F0485B9896BBD69A328&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145
IP 37.252.8.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Hash 680cf4daa1a31b9192a9601e715c7b89
8dee29aa12049a16081e0746d8c18e4d48fbb63d
b18680631feed7054f7251f542ef888fe486c5e04cc610e6ea98292d4c650feb
GET /bonus-wheel-en/?btag=655020_4D77F023C22A4F0485B9896BBD69A328&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145 HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 15:18:46 GMT
ETag: W/"1580-5ed6fc1775dec"
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379871&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid=
18.158.88.249302 Found 0 B URL HTTP/2 my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379871&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid=
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379871&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid= HTTP/1.1
Host: my.okueroskynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: d65cf81f-7fce-4b74-a76f-b50cfca5bef2-v4=5CsEf_4GTeF0-lBg2qbpDP1a1FTliPHeVm13NNGT01U; cc-v4=pRDKme10ig6LvFj19JeOkWeA5V9%2BXj4TfWJguFjzoEhcCNMpRWocBrfZgpUe%2B%2FlgF7FGtKN%2FdtuCShjWCaJ1D6PcLWTktB5PcN7fGS%2BzpOsSYdnxKOzJ%2FNaszPkWf8e43%2Fwwv4KMF3sIPuba%2BCWfcg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:52 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&fullscreen=1
pragma: no-cache
set-cookie: d65cf81f-7fce-4b74-a76f-b50cfca5bef2-v4=GijcPGeW6m3VYRb_xUVLJpAz9fzjndf5VrWU6JE-2Yg; Max-Age=86400; Expires=Thu, 02-Feb-2023 16:39:52 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=r%2FMIyyL%2F3rNXsfi2POJt0YHPR4rhG0x1UAMaw9IF6fRRl%2Fht%2BhGoDgDE2jG4MVxvRj58qZB0ZqSdFg5N814N8qc%2FkftqQQCCE3yo%2B1yEKc4EieIuNZXukk7MXzobNIr7%2Bgw2q4ScN709D6b7AybV8g%3D%3D; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:39:52 GMT; Domain=my.okueroskynt.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
139.45.195.8200 OK 3.2 kB URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
IP 139.45.195.8:0
Hash 1ab98e8494d5450b934b94abcf083cc9
6bd359fed42e61c1215e8efd6eabd0fe1a46f786
0d0cbc6c2485f510c1a162e7540f6962e47680b986c3defed91e7899ab63cffe
GET /p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
cdn.bmcdn5.com/trl/63cbde6471c2f737f5e8033c/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDozMDBweDtoZWlnaHQ6MjUwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MzAwaDI1MC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612350
172.64.110.35200 OK 18 kB URL HTTP/2 cdn.bmcdn5.com/trl/63cbde6471c2f737f5e8033c/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDozMDBweDtoZWlnaHQ6MjUwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MzAwaDI1MC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612350
IP 172.64.110.35:0
Hash 873ed73cf235a764686056b3c94e15ec
83e53cf177fb38c6a745b0f208e487467a8490fd
1994c5ffba054abdd5b3ab5ec1c526b40c8ad4b8bd96c92b9e1953e0b46ea565
GET /trl/63cbde6471c2f737f5e8033c/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDozMDBweDtoZWlnaHQ6MjUwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MzAwaDI1MC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612350 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:50 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSEIeqqlh2Q14DCTutyYJro%2B%2B7L%2FxKQ9xLud2FkpPBRQ9awezAbrODx2hhYfHV0e0KiZLF8fmk1iJXg2zO3hHuL1VjGAuxAOoSoR3WbV1AaTBcye9AarlGygCWQAyp6ULQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201a6df775d8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/pexels-pavel-danilyuk-5496469.jpg
104.21.20.56200 OK 84 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/pexels-pavel-danilyuk-5496469.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Hash b07dec4998c964651bd09cd2544e60d1
0ef25725826cd6ec51826be1a55fd4c323d9ff23
79cb931cbe1cf7859720f3d2b18971a1c1d7d246e286ff27200c4d7e45d6b8f0
GET /wp-content/uploads/2021/11/pexels-pavel-danilyuk-5496469.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 83782
last-modified: Thu, 24 Feb 2022 12:45:12 GMT
etag: "62177dd8-14746"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4z5m7pdBvNQ%2BFh293JvBDN%2BiBjVA1GYkzdaa%2Bs6zr8QmveaX3KsaoZTxGa94QoGiCpVPz5SaQ4XyglndIwlXjh88gV2rn0Koqbk1rH%2FyP0dWgB6x7vVd7hfRztiCMPAnAWemA2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20297bdf0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415010
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415010
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415010 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
20betlp.com/bonus-wheel-en/?btag=655020_3A3DD358570041CABA245F0A2EC77F75&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560
37.252.8.95200 OK 1.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/?btag=655020_3A3DD358570041CABA245F0A2EC77F75&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560
IP 37.252.8.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Hash 680cf4daa1a31b9192a9601e715c7b89
8dee29aa12049a16081e0746d8c18e4d48fbb63d
b18680631feed7054f7251f542ef888fe486c5e04cc610e6ea98292d4c650feb
GET /bonus-wheel-en/?btag=655020_3A3DD358570041CABA245F0A2EC77F75&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560 HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 15:18:46 GMT
ETag: W/"1580-5ed6fc1775dec"
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:52 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7bc29aa8475103ce9dc713fedaba553c
a4abcba22427b01be5b0f80201d4b3887717a98c
389ee6dbf1ce60486b5c4b5996bea5a81d2700bbf41729f022a654b93d5cebf2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 964
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:52 GMT
Last-Modified: Wed, 01 Feb 2023 16:23:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 312
best.aliexpress.com/?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi&aff_fcid=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&terminal_id=b0ffd317b1c8434f935ee75a1d61f126&afSmartRedirect=y
23.52.86.159200 OK 17 kB URL HTTP/2 best.aliexpress.com/?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi&aff_fcid=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&terminal_id=b0ffd317b1c8434f935ee75a1d61f126&afSmartRedirect=y
IP 23.52.86.159:0
File type ASCII text, with very long lines (6275), with CRLF, LF line terminators
Hash e96cfdd078a056ed256dffd775526ac2
5e260d6d957ebd6c7304c6295d46e17c6e08f5a8
4a0f2be4c1828bc900849550b6ef819aad0139106c8c215def1a57cf61786af5
GET /?dp=RylUWehMM91iCIdu9Zui_6516z8WweUITfaffmMa2W4XzinuMofX-zZuPAkB9UhdiwCwFaBcMzKEx8g_tDN9pba_rI0h6Wp2IRMXsksE8GPB8bqCOXm5kY_M9u1orajtmdm1Rw_gUIDRUi&aff_fcid=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=b43f7122c5c94d3d9a428c84286b3b4d-1675269591456-02695-_AkUaK1&terminal_id=b0ffd317b1c8434f935ee75a1d61f126&afSmartRedirect=y HTTP/1.1
Host: best.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
server: Tengine
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,us:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
content-encoding: gzip
eagleeye-traceid: 2101f49916752693694632772e98a7
timing-allow-origin: *
content-length: 15879
x-akamai-fwd-auth-sha: 21EA61AFA1065E1DF3199B25D86BADC0015EF9FDD04EDEF19D5E4A54651A6B91
x-akamai-fwd-auth-data: 1218912890, 104.123.68.220, 1675269369, 10.123.68.213
x-akamai-fwd-auth-sign: 8zqUIPMYjJkTUkHvrfNTPyxWVruObGlDbrQEoPXByqvVHhT9Stu5fbsVgmJG5iKBxbo22CcgwPuCPqvlnHzKpxwuahjgZR1t4uH4vjSvETQ=
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: aep_usuc_f=site=glo&b_locale=en_US; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
e_id=pt30; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
best.aliexpress.com/?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi&aff_fcid=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&terminal_id=82b92302185f4a25b6dd1f1d34fb41d9&afSmartRedirect=y
23.52.86.159200 OK 16 kB URL HTTP/2 best.aliexpress.com/?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi&aff_fcid=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&terminal_id=82b92302185f4a25b6dd1f1d34fb41d9&afSmartRedirect=y
IP 23.52.86.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6275), with CRLF, LF line terminators
Hash e203c5c71347a8ede3bef1ba35f7cf2b
3cade93d8f12088e257e802f2764a94a4aa3522c
43f1ed6c5937edb74c54554cf9158d160f9194e5858824a36daa5328266ad121
GET /?dp=6yUEBAWVmmh8rtZyNl9I2bVzgCc3u8hENli493sroFnbWyU7B9lUc9xBl_KKTJEFoYBkKGnf6iIlEsuHaqs8cTW_aAUUTuy59q0jKdhHyw4HNCnWl2U8zrbgP_7Ndbo1paKUnQ_gUIDRUi&aff_fcid=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=a5461c5dfd8f42c195c53811470e97f0-1675269591481-05971-_AkUaK1&terminal_id=82b92302185f4a25b6dd1f1d34fb41d9&afSmartRedirect=y HTTP/1.1
Host: best.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
server: Tengine
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,us:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
content-encoding: gzip
eagleeye-traceid: 2101f49616752693588815674ef53d
timing-allow-origin: *
content-length: 15924
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: aep_usuc_f=site=glo&b_locale=en_US; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
e_id=pt20; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Studying-techniques.jpg
104.21.20.56200 OK 93 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Studying-techniques.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x900, components 3\012- data
Hash 7331be7e1c88c6edc2a0fe176ea10641
d96530f1b6ec20091a388a064c795882ca1a5ea9
306099f23f74177db5c91d56333e2950d92e061aec2af726dcac49a798ee7551
GET /wp-content/uploads/2021/11/Studying-techniques.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/jpeg
content-length: 92682
last-modified: Thu, 24 Feb 2022 12:45:24 GMT
etag: "62177de4-16a0a"
x-cache-status: MISS
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 809
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKda2tTVSrk%2Bj7EsZsFjUXG4JiHlKueBCjK0WyqKPKDntaZQrd7oqK8niXMGHMRPXljWk%2BRec3P3mkEv5c2AdgL0Vn07vS3pl8%2F3yRYWCp2p2KxlpcCqFs5%2BGbdx8GjfZO0C5%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20297be00afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
best.aliexpress.com/?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi&aff_fcid=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&terminal_id=ce601f5cb47945ec90bb4dd22340dda9&afSmartRedirect=y
23.52.86.159200 OK 16 kB URL HTTP/2 best.aliexpress.com/?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi&aff_fcid=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&terminal_id=ce601f5cb47945ec90bb4dd22340dda9&afSmartRedirect=y
IP 23.52.86.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6275), with CRLF, LF line terminators
Hash 83b4a6ae03bfa877cf070d83f3063e3d
4f3741029f7c8b06132881d217a259cedc26aff1
c40f440e9013a64f6f37289f0e77ff0dce2a2e9303324ca2b693522b1d2cb683
GET /?dp=uAW7k1D_PhMFzCrPZ2KlltIBI55p9w5iGt8jRQcXvqy0LCWH9NNRHlyPAMwV23RmUh7DV95qlRYBxBKLd27a48jwfCMl_SX5u6IRn1_D_-IzoDT0xobvKiVNwWhB2qo3jKbVYQ_gUIDRUi&aff_fcid=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=607157a158b4432898f36376415180e9-1675269592045-05220-_AkUaK1&terminal_id=ce601f5cb47945ec90bb4dd22340dda9&afSmartRedirect=y HTTP/1.1
Host: best.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
server: Tengine
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,us:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
content-encoding: gzip
eagleeye-traceid: 2101f49616752693369855252ef53d
timing-allow-origin: *
content-length: 15905
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: aep_usuc_f=site=glo&b_locale=en_US; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
e_id=pt10; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl
95.211.229.246200 OK 1.6 kB URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2176)
Hash 00aeca7aa931db42c376e2f7b8ee7516
7fbb236ff6ed421b3a199b86124dfbcf564c1e31
72a7d20433f2f3613b2543f87d1142a466d4259238a43da9542ef571e35a10fe
GET /cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263da95d8e537f8.726069452435103585%22%3B%7D; expires=Fri, 31 Jan 2025 16:39:52 GMT; path=; domain=.optnx.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
creative.xlivrdr.com/LPExperience/main.a2dd9f84918c4ce73264.css
104.18.59.150200 OK 15 kB URL HTTP/2 creative.xlivrdr.com/LPExperience/main.a2dd9f84918c4ce73264.css
IP 104.18.59.150:0
File type ASCII text, with very long lines (63946), with no line terminators
Hash 84fccd2e98784f9843ae640c9bbf05bb
a9d52a155097276ccb7bccce78f9dd2a812d0d2a
57e113343edec326d90e38222eeba7ea43627808d79023ebaac6dc9db9839138
GET /LPExperience/main.a2dd9f84918c4ce73264.css HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7nTvqkgYk9TTHE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 09:52:08 GMT
etag: W/"63d8e4c8-f9ca"
expires: Wed, 01 Feb 2023 16:39:58 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2024ca7fb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/?btag=655020_5A3348EC375547BEBB837B2FE1578522&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41
37.252.8.95200 OK 1.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/?btag=655020_5A3348EC375547BEBB837B2FE1578522&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41
IP 37.252.8.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Hash 680cf4daa1a31b9192a9601e715c7b89
8dee29aa12049a16081e0746d8c18e4d48fbb63d
b18680631feed7054f7251f542ef888fe486c5e04cc610e6ea98292d4c650feb
GET /bonus-wheel-en/?btag=655020_5A3348EC375547BEBB837B2FE1578522&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41 HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 15:18:46 GMT
ETag: W/"1580-5ed6fc1775dec"
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
syndication.realsrv.com/splash.php?idzone=1955560&type=8
95.211.229.246200 OK 475 B URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=1955560&type=8
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (714)
Hash f8746cd30269ffdc71a65b5139008841
9f96838da1c91cbd137e68516d260308c4015d14
044dd12dbfafb887fd255d1f2a2b5de816c910cc45ffe36ec52e114418c8307d
GET /splash.php?idzone=1955560&type=8 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263da95d8e5a5f3.61609981125191004%22%3B%7D; expires=Fri, 31 Jan 2025 16:39:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/?btag=655020_1AEE8F69EC8C403EBE22F6CDDC267A6A&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591
37.252.8.95200 OK 1.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/?btag=655020_1AEE8F69EC8C403EBE22F6CDDC267A6A&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591
IP 37.252.8.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Hash 680cf4daa1a31b9192a9601e715c7b89
8dee29aa12049a16081e0746d8c18e4d48fbb63d
b18680631feed7054f7251f542ef888fe486c5e04cc610e6ea98292d4c650feb
GET /bonus-wheel-en/?btag=655020_1AEE8F69EC8C403EBE22F6CDDC267A6A&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=46a92177sa23vir591 HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 15:18:46 GMT
ETag: W/"1580-5ed6fc1775dec"
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=Aa81Ek8*6gs_0&s=456528_415011
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=Aa81Ek8*6gs_0&s=456528_415011
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=Aa81Ek8*6gs_0&s=456528_415011 HTTP/1.1
Host: t3.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:52 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: wn
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415011
best.aliexpress.com/?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi&aff_fcid=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&terminal_id=cea5412aa3974a14a114454e74704789&afSmartRedirect=y
23.52.86.159200 OK 16 kB URL HTTP/2 best.aliexpress.com/?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi&aff_fcid=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&terminal_id=cea5412aa3974a14a114454e74704789&afSmartRedirect=y
IP 23.52.86.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6275), with CRLF, LF line terminators
Hash 9d877209b968ba416e25299557bb67c0
0cc2946287c100ed9ff8d9de06bcdc83c7b5a0de
afa9563f17c02ddb7d956cb17997e4636d4662153bfd6d4d8d548ad08fed8f5f
GET /?dp=IaTSLnwICDfikuPuc0O5zEJBnhCZPGAOCwHnNhV0bddIMML4lASYjpB8rZeR5OI1ZRqzanmGDKnDKNJYbjaQVFicYZu0v0zkI3s136rFXI0Jhzvl3ope5wqBVY4p0MLJboZ5rw_gUIDRUi&aff_fcid=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=110b34c925ce4fc2906d6791bc127500-1675269592009-06941-_AkUaK1&terminal_id=cea5412aa3974a14a114454e74704789&afSmartRedirect=y HTTP/1.1
Host: best.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
server: Tengine
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,us:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
content-encoding: gzip
eagleeye-traceid: 2101f49916752693694632772e98a7
timing-allow-origin: *
content-length: 15879
x-akamai-fwd-auth-sha: 21EA61AFA1065E1DF3199B25D86BADC0015EF9FDD04EDEF19D5E4A54651A6B91
x-akamai-fwd-auth-data: 1218912890, 104.123.68.220, 1675269369, 10.123.68.213
x-akamai-fwd-auth-sign: 8zqUIPMYjJkTUkHvrfNTPyxWVruObGlDbrQEoPXByqvVHhT9Stu5fbsVgmJG5iKBxbo22CcgwPuCPqvlnHzKpxwuahjgZR1t4uH4vjSvETQ=
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: aep_usuc_f=site=glo&b_locale=en_US; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
e_id=pt30; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXd3dzEuZGl2eGZpbG1lb25saW5lLm5ldCZiPTAuMDAwMjYmcz0xODkyNTQmYT0w0
54.86.140.33302 Found 185 B URL HTTP/1.1 c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXd3dzEuZGl2eGZpbG1lb25saW5lLm5ldCZiPTAuMDAwMjYmcz0xODkyNTQmYT0w0
IP 54.86.140.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f995398ac3b8da3cf961bb13357b4ca
ed8df6559c5482032d6cb571406b9e3e064d404e
020b040b948fea7b2597c6b71594a0e839d2a95932e123215e5acd3389e5c7af
Analyzer Verdict Alert fortinet Malware
GET /go.ashx?w=cD1leHBsb3JhZHMxMiZrPXd3dzEuZGl2eGZpbG1lb25saW5lLm5ldCZiPTAuMDAwMjYmcz0xODkyNTQmYT0w0 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 16:39:52 GMT
Location: http://c.ewoss.click/out.aspx?u=f948370d-b0bc-470c-a3d1-fa0f3484bc1b
Server: Microsoft-IIS/10.0
Content-Length: 185
Connection: keep-alive
orest-vlv.com/zcvisitor/0c974630-a24f-11ed-98e6-1217afd22719/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
54.237.193.255302 0 B URL HTTP/1.1 orest-vlv.com/zcvisitor/0c974630-a24f-11ed-98e6-1217afd22719/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
IP 54.237.193.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/0c974630-a24f-11ed-98e6-1217afd22719/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51 HTTP/1.1
Host: orest-vlv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://shopde.pricedeals.shop/go.php?market=no&zr0c974630a24f11ed98e61217afd2271916a9763bd90443f59aaab26683799988070888a7d92b885ecf
Server: bmRGWzMQ
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a02d88ab6836b3a57f647d68c537d922
cc2e0d708710e49d96448839380769aafcf4ec31
32c620b2c19bbd8324284333564bc7c0b138cb363af818398a22f5777901089e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C620B2C19BBD8324284333564BC7C0B138CB363AF818398A22F5777901089E"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2878
Expires: Wed, 01 Feb 2023 17:27:51 GMT
Date: Wed, 01 Feb 2023 16:39:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a02d88ab6836b3a57f647d68c537d922
cc2e0d708710e49d96448839380769aafcf4ec31
32c620b2c19bbd8324284333564bc7c0b138cb363af818398a22f5777901089e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C620B2C19BBD8324284333564BC7C0B138CB363AF818398A22F5777901089E"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2878
Expires: Wed, 01 Feb 2023 17:27:51 GMT
Date: Wed, 01 Feb 2023 16:39:53 GMT
Connection: keep-alive
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.174.188200 OK 791 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.174.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1053), with no line terminators
Hash f81240fbc855d66b56c7fbf56b9edd5c
ecfcbc76e97242a6ffeace14a3646a4ecc58baf9
9ff2d9e61c6ed2abd7875efd0d2367e55d3b0ef3c04b12bf839c097ad6ee27eb
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 215
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20292806b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a02d88ab6836b3a57f647d68c537d922
cc2e0d708710e49d96448839380769aafcf4ec31
32c620b2c19bbd8324284333564bc7c0b138cb363af818398a22f5777901089e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C620B2C19BBD8324284333564BC7C0B138CB363AF818398A22F5777901089E"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2878
Expires: Wed, 01 Feb 2023 17:27:51 GMT
Date: Wed, 01 Feb 2023 16:39:53 GMT
Connection: keep-alive
cdn-dimi.akamaized.net/landings/278385/1675090482/js/translates.js?1675090482
95.101.11.40200 OK 2.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/278385/1675090482/js/translates.js?1675090482
IP 95.101.11.40:0
ASN #20940 Akamai International B.V.
Hash b1e25dfa47200c3aeeead6d3b19381c3
8741ceab158a6cec0c747e8fdd99b21ecaf14376
cb47663c609a1ddc3a5b69cdfdeaec4cd45d2c9b3161095103d8c3a897dba29f
GET /landings/278385/1675090482/js/translates.js?1675090482 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: H5fPAp54SwzZCMHcXwkHNVXRJyywZETrXt3PnnnRDyMUI4YWoLIUuqAQoy665lvIGDkD73YoE84=
x-amz-request-id: SX8S0QABGBGT40PR
Last-Modified: Mon, 30 Jan 2023 14:54:47 GMT
ETag: "5b219851f618f465c2ad445d49fcb189"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 01 Feb 2023 16:39:49 GMT
Content-Length: 18048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
thingortwo.g2afse.com/click?pid=439&offer_id=43743&sub1=-9c3dLZkLmg
34.90.20.163302 Found 0 B URL HTTP/2 thingortwo.g2afse.com/click?pid=439&offer_id=43743&sub1=-9c3dLZkLmg
IP 34.90.20.163:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=439&offer_id=43743&sub1=-9c3dLZkLmg HTTP/1.1
Host: thingortwo.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-length: 0
location: https://track.wargaming-aff.com/click?pid=5757&offer_id=91&ref_id=63da95d936d24700016178d7&sub1=439_
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63da95d936d24700016178d7; expires=Thu, 01 Feb 2024 16:39:53 GMT; secure; SameSite=None
afoffers={"43743":1675269593}; expires=Thu, 01 Feb 2024 16:39:53 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
IP 139.45.195.8:0
Hash a9456b0d78042f5fb61e77396493fb14
8510c10df3dcfaba795543b3afb7d669c9f571f8
9a5efe7faebc2f475317d8ec9af3c5a562bf8ce369709f7b6b754edd05d9c74a
GET /p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:53 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: 3iUE3lzagwtjDQkQjiphJ7h9ESHt5tX/lBwG1grEk8YpkO6jRxNGUMw8Fry9jgTskZH4N+ikc58=
x-amz-request-id: 01J67Y17PZKQ07TP
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1239
expires: Wed, 01 Feb 2023 20:39:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c202e09270b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
main.realsrv.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
95.211.229.245200 OK 20 B URL HTTP/1.1 main.realsrv.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=f6beb34161f55692bd255f66437479c7 HTTP/1.1
Host: main.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A88120%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:53 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
main.exdynsrv.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exdynsrv.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238 HTTP/1.1
Host: main.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A93210%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 1.1 kB URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash b1103c275efbb1916535e19ac3be51f2
a78dcaa88fecc30461a1ff37420a584541cf4509
cc5eab723a17d0d173359454cf330a6f826bde232b660edf7fb2dd5c26c371e6
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zxB8%2F99fKc%2Fm0X4Mrb7WBNFTj%2Bmbgxa5sL5jcf8VPUVshV2rUip4rd53XHNPZOBJ0QZVJJtAxyvCDL1Hi2M11g7bN24dS0W0hr9qst%2BItRJPOgLfrbCKDKeQXA%2BYP8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2026fb46b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
assets.mfcimg.com/files/images/svg/myfreecams.com.svg
163.237.222.19200 OK 2.9 kB URL HTTP/2 assets.mfcimg.com/files/images/svg/myfreecams.com.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash e6872bfa852dc9c0f190976d973ab005
327919ba30c69dced183d06e61c9858f3d92fb79
3defefa421166b13ed91efc9b8d6e255f0db56bfa16da9f3e07ba6d7fc5ef5c5
GET /files/images/svg/myfreecams.com.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 2908
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-b5c"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.514185_471449&d2=t3.lowtid.com&s2=491151&d1=31
51.161.115.163302 Found 0 B URL HTTP/1.1 t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.514185_471449&d2=t3.lowtid.com&s2=491151&d1=31
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.514185_471449&d2=t3.lowtid.com&s2=491151&d1=31 HTTP/1.1
Host: t1.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: 2e3
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.514185_471449
assets.mfcimg.com/files/images/icons/svg/moon_off.svg
163.237.222.19200 OK 444 B URL HTTP/2 assets.mfcimg.com/files/images/icons/svg/moon_off.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (489)
Hash 195ff092ab6f04b73e67c6685ccefa9f
6f47037e3d55c2a77c887915a81ea3e0a5b7e246
0a60fe8479f693e30a550c693a9ba64c88f561457d1c8ff28a874c6447d9e577
GET /files/images/icons/svg/moon_off.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 444
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-1bc"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
assets.mfcimg.com/files/images/svg/m_circle_white.svg
163.237.222.19200 OK 421 B URL HTTP/2 assets.mfcimg.com/files/images/svg/m_circle_white.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash af953a26220fff4e2a4a9a5e3f825cf8
88ac0464a5ca266399ed66d45d5728415b035445
3d06f527fae0b92aa276c4f6a000243107aa38861a28b48cedfe33cb6134b243
GET /files/images/svg/m_circle_white.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 421
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-1a5"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
assets.mfcimg.com/files/images/svg/twitter_white.svg
163.237.222.19200 OK 936 B URL HTTP/2 assets.mfcimg.com/files/images/svg/twitter_white.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1127)
Hash 16c09cb23157315352acd71bb41f4970
dadb36b05a795505580cdd18ec2c3e3e7351794b
c2bdcb90de9b4470369b906f7948a0ecc8b5da5c8921c356338cee68ade76d61
GET /files/images/svg/twitter_white.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 936
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-3a8"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
assets.mfcimg.com/files/images/svg/updown.svg
163.237.222.19200 OK 268 B URL HTTP/2 assets.mfcimg.com/files/images/svg/updown.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (462), with no line terminators
Hash ee37951e82f2c6adcae1c7b2dd987378
1e8e8c95271358c64b30942346c60c25e5c26023
3fc2f6483cf3db6f05171aee863a05f6755a91284c6a102bb9309c5b01849789
GET /files/images/svg/updown.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 268
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-10c"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
assets.mfcimg.com/files/images/svg/minimize2.svg
163.237.222.19200 OK 421 B URL HTTP/2 assets.mfcimg.com/files/images/svg/minimize2.svg
IP 163.237.222.19:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (779)
Hash 94ba602d0890a90a780a1d0e4bab361b
7a5cd75a01976415bf19e4b9adb810b2e9773f72
362d5f78318502c4f241bb436505b101f022a289bcd3da63c6d647d30cad0445
GET /files/images/svg/minimize2.svg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/svg+xml
content-length: 421
last-modified: Thu, 03 Oct 2019 17:48:49 GMT
etag: "5d963481-1a5"
content-encoding: br
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
X-Firefox-Spdy: h2
assets.mfcimg.com/files/ico/view_profile-lg.gif
163.237.222.19200 OK 2.3 kB URL HTTP/2 assets.mfcimg.com/files/ico/view_profile-lg.gif
IP 163.237.222.19:0
File type GIF image data, version 89a, 48 x 48\012- data
Hash 2297ea74e32d63da5af6216b655d7961
8e37e97ba9ec9a1a9453342a581493975fd49e4a
3b0987652df91050118d27c8046bb25cce4a8d08c1c7d41c02ebbde27e22b529
GET /files/ico/view_profile-lg.gif HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/gif
content-length: 2285
last-modified: Tue, 26 Mar 2019 22:25:17 GMT
etag: "5c9aa6cd-8ed"
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
accept-ranges: bytes
X-Firefox-Spdy: h2
assets.mfcimg.com/files/styles/mfc/images/misc/window_menu_x_2.png
163.237.222.19200 OK 3.0 kB URL HTTP/2 assets.mfcimg.com/files/styles/mfc/images/misc/window_menu_x_2.png
IP 163.237.222.19:0
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 57cb1f67fd1300ac2a89ea4315f81ffe
436cee22f0e888362b80c4044d67f5ae39206090
55de314f4f87b35fe8da71ccbc6b3c8e979b4bdbc3712cfcef2945d681233de3
GET /files/styles/mfc/images/misc/window_menu_x_2.png HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/png
content-length: 3032
last-modified: Tue, 26 Mar 2019 20:29:05 GMT
etag: "5c9a8b91-bd8"
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a02d88ab6836b3a57f647d68c537d922
cc2e0d708710e49d96448839380769aafcf4ec31
32c620b2c19bbd8324284333564bc7c0b138cb363af818398a22f5777901089e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C620B2C19BBD8324284333564BC7C0B138CB363AF818398A22F5777901089E"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2878
Expires: Wed, 01 Feb 2023 17:27:51 GMT
Date: Wed, 01 Feb 2023 16:39:53 GMT
Connection: keep-alive
assets.mfcimg.com/files/styles/mfc/images/header2/top-header-tl-default.jpg
163.237.222.19200 OK 40 kB URL HTTP/2 assets.mfcimg.com/files/styles/mfc/images/header2/top-header-tl-default.jpg
IP 163.237.222.19:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2011:11:14 16:10:52], baseline, precision 8, 626x79, components 3\012- data
Hash 452db68b12c7f79defa06c9ca74d4862
ca07c3ec54c2c5c31e9db59b9b63963194b74c39
756289341a1a9992d3ada69ebcccdb7e5961d08fca63d14e5fba6dc46e5057a3
GET /files/styles/mfc/images/header2/top-header-tl-default.jpg HTTP/1.1
Host: assets.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/jpeg
content-length: 39733
last-modified: Tue, 26 Mar 2019 20:29:05 GMT
etag: "5c9a8b91-9b35"
x-served-by: edge5ams
strict-transport-security: max-age=10886400;
accept-ranges: bytes
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/363/36342402/avatar.90x90.jpg
163.237.222.18200 OK 3.7 kB URL HTTP/2 img.mfcimg.com/photos2/363/36342402/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 216x216, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 2ae895f853ba5e2f8efeebd2cb073591
bee2bfd967b3b400b1ca19a9a4ef1426c55b0d0a
5da362456f7154f59327dd9025ec65df9a61e2591671a39502b90d08e128e742
GET /photos2/363/36342402/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 04:56:15 GMT
last-modified: Fri, 13 Jan 2023 05:37:25 GMT
etag: "63c0ee15-e67"
content-type: image/jpeg
content-length: 3687
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2769, 12
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/228/22827211/avatar.90x90.jpg
163.237.222.18200 OK 3.1 kB URL HTTP/2 img.mfcimg.com/photos2/228/22827211/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 1\012- data
Hash d30b4c67649361cbf2e8b0d843d73f79
010aac9bb4d6797440295d47ce2cb4a5b5d0eeaa
3019cc3746fc0305600f17e9b93a59bf2f3d770accdab9a840cd3ab1b7727ede
GET /photos2/228/22827211/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 16:05:17 GMT
last-modified: Thu, 28 Jul 2022 08:51:27 GMT
etag: "62e24e0f-c38"
content-type: image/jpeg
content-length: 3128
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2711, 17
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/440/44072383/avatar.90x90.jpg
163.237.222.18200 OK 5.1 kB URL HTTP/2 img.mfcimg.com/photos2/440/44072383/avatar.90x90.jpg
IP 163.237.222.18:0
Hash fc6d8bfc69434e77904478ee3325a37a
ef49b5fbf01b0bff843bf560af0f4e0e27710010
777d6604c573d7e8b0c6f62221272301804be8ce168b7ee28bafdb23392ffafd
GET /photos2/440/44072383/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 06:22:27 GMT
last-modified: Tue, 24 Jan 2023 02:02:57 GMT
etag: "63cf3c51-100a"
content-type: image/jpeg
content-length: 4106
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1216
x-cache: HIT
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/cache/autoptimize/js/autoptimize_e3fae94a60d449a0b773b0daab0e9202.js
104.21.20.56200 OK 111 kB URL HTTP/2 dailybulletinz.com/wp-content/cache/autoptimize/js/autoptimize_e3fae94a60d449a0b773b0daab0e9202.js
IP 104.21.20.56:0
File type ASCII text, with very long lines (65447)
Size 111 kB (111399 bytes)
Hash 31ef332cab2d05eecc7bd9d26d79ca57
f20bf27971d181194fc4bae0a984bf7384ac6aad
a8de5e41d317b483ccda8060fbe4cf478e6b5cd6514ae88a21881ff3e945ec89
GET /wp-content/cache/autoptimize/js/autoptimize_e3fae94a60d449a0b773b0daab0e9202.js HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 06:42:13 GMT
vary: Accept-Encoding
cache-control: public, max-age=30672000, immutable
expires: Tue, 09 Jan 2024 05:22:18 GMT
etag: W/"63621145-576ec"
x-cache-status: MISS
x-powered-by: PleskLin
cf-cache-status: HIT
age: 1163853
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZfjvpGnSHvhZc5pC%2B4%2Fecb06TXGSg%2F9nCjF7RerOhBn%2F8GldX2sQhXY0qFFpDVaFBCazwMqrGJE863modcFNruXQ1TTotLyRMvNQ4pG%2B8UFmuXOqipx1PIxwidr6NyrOkryjZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20297be10afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/990/9903017/avatar.90x90.jpg
163.237.222.18200 OK 4.9 kB URL HTTP/2 img.mfcimg.com/photos2/990/9903017/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f65b1266efaabe87b82a16148e25d98a
06e214ec13f2cb733472a090b8cf8e6469ab401a
3c51eccf403dd252ce0f9f882bb6a48c24a927521302de6323f9b7161f62b830
GET /photos2/990/9903017/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:21:22 GMT
last-modified: Wed, 29 Sep 2021 10:06:55 GMT
etag: "61543abf-132e"
content-type: image/jpeg
content-length: 4910
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2515
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/512/5122207/avatar.90x90.jpg
163.237.222.18200 OK 3.2 kB URL HTTP/2 img.mfcimg.com/photos2/512/5122207/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash fda4780bc33f6fedcaf3883d377a334d
558a7bacef33f9f3ecbd4f57a35a40342d495e1e
357e5d7fa47b067976493e54524efe6cdfaa18c39d9696b5a1183f4f935d04e0
GET /photos2/512/5122207/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:27:26 GMT
last-modified: Thu, 09 Sep 2021 17:19:16 GMT
etag: "613a4214-c9e"
content-type: image/jpeg
content-length: 3230
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 894, 29
x-cache: HIT
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423
IP 139.45.195.8:0
Hash a9456b0d78042f5fb61e77396493fb14
8510c10df3dcfaba795543b3afb7d669c9f571f8
9a5efe7faebc2f475317d8ec9af3c5a562bf8ce369709f7b6b754edd05d9c74a
GET /p.js?f=sync&lr=1&partner=dea8e94e898dd38d1c23c78d25163780faa842c13ceeb3816250d69ba37e1423 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/179/17940536/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/179/17940536/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 98c58682a1c3dea14de7656abfcdcccb
cd2538862f389d1d5aeb5de7addf8a1044e05c67
bf09ed75c957f6e70c41b88fe627b5dc4ce7466dc7be2888c876a7f133a5f6fc
GET /photos2/179/17940536/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 23:34:35 GMT
last-modified: Fri, 11 Mar 2022 05:33:15 GMT
etag: "622adf1b-d3a"
content-type: image/jpeg
content-length: 3386
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1150, 23
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/244/24417224/avatar.90x90.jpg
163.237.222.18200 OK 4.2 kB URL HTTP/2 img.mfcimg.com/photos2/244/24417224/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 157558d6544668557fe9f109c1753eac
7941f64c00a1577eea445c8be6b1e7ca522ccbc9
4bd2cd3e98715c18ebaf09352adbccc75a78b1614da7f6ff25ce13a8e3818f7d
GET /photos2/244/24417224/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 00:18:55 GMT
last-modified: Fri, 15 Jul 2022 04:24:33 GMT
etag: "62d0ec01-106f"
content-type: image/jpeg
content-length: 4207
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1377, 5
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/558/5584821/avatar.90x90.jpg
163.237.222.18200 OK 4.6 kB URL HTTP/2 img.mfcimg.com/photos2/558/5584821/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 7b07087367987b6f34f4900aaf779ea2
9d6ab7b8472f1194189752497e6457fd7c82c209
d62dc3eced3f9b5f171fb71d8568e25afe2326ecfc48cab3b24898af160475b9
GET /photos2/558/5584821/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 11:57:27 GMT
content-type: image/jpeg
last-modified: Wed, 04 Aug 2021 08:06:40 GMT
etag: "610a4a90-11df"
content-length: 4575
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1203, 30
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/446/44642240/avatar.90x90.jpg
163.237.222.18200 OK 3.8 kB URL HTTP/2 img.mfcimg.com/photos2/446/44642240/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 5dd2517ecee804b40d3e61a4fe7e8447
2b15de4b3a43ae1cec5c9e75cd83d3631fb41626
9980b1379f1150b41f3b72046ac64ab41844ba16bbf5f3cf517617da78bdc508
GET /photos2/446/44642240/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 07:09:10 GMT
content-type: image/jpeg
last-modified: Wed, 11 Jan 2023 01:58:08 GMT
etag: "63be17b0-ecf"
content-length: 3791
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1480, 8
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/427/42757687/avatar.90x90.jpg
163.237.222.18200 OK 3.3 kB URL HTTP/2 img.mfcimg.com/photos2/427/42757687/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash d9984eaf22ef20155825a8246d8c930e
f6396032d8e1d6ff942669ae392a1d83cf6caa26
c8d74ad7f4ae18ea949bd334faa23f39086cc1de6e37f2d6ab7826dded32ad0a
GET /photos2/427/42757687/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 02:52:26 GMT
content-type: image/jpeg
last-modified: Mon, 30 Jan 2023 20:58:43 GMT
etag: "63d82f83-d0d"
content-length: 3341
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2143, 20
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/358/35802193/avatar.90x90.jpg
163.237.222.18200 OK 3.7 kB URL HTTP/2 img.mfcimg.com/photos2/358/35802193/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 216x216, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 4d23e6ebeb061e8cd83245d27dd65ede
2256e6f267c79cce810956f06341bdff63cd5de9
e1caa24f201332ee3b56bc5e1aa87305ae16f51a303b3299adf411518ad89126
GET /photos2/358/35802193/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 06:14:52 GMT
content-type: image/jpeg
last-modified: Wed, 18 Jan 2023 22:17:56 GMT
etag: "63c87014-e4c"
content-length: 3660
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 485, 19
x-cache: HIT
X-Firefox-Spdy: h2
www.google-analytics.com/urchin.js
142.250.74.46200 OK 6.8 kB URL HTTP/2 www.google-analytics.com/urchin.js
IP 142.250.74.46:0
Hash b2a53ddd32fa730ace44acf796ced69d
248293a9e5a5a062c17517d115a4f59396db6833
d816d84a12f8cebe9ffaaca1b804894f9e46882a6719605359db2aad44afab85
GET /urchin.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 6847
date: Tue, 31 Jan 2023 19:36:25 GMT
expires: Tue, 14 Feb 2023 19:36:25 GMT
cache-control: public, max-age=1209600
age: 75808
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 3.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
Hash 837e20d682a9632b33955cd95fd57a4d
665896b61713f12d393d64116c86cbc43bb77501
eabb2020a464b748f7cf0aaea731346c162dc8eb8c3fc237ac2dab208fac03f6
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF99157C1D3C"
x-ms-request-id: ec6073d8-501e-0051-6881-318f8e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2016391cb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/355/35507563/avatar.90x90.jpg
163.237.222.18200 OK 5.0 kB URL HTTP/2 img.mfcimg.com/photos2/355/35507563/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash d5862029854ef43e347a6bee514a69c5
9717614f77b326a06bec93a488db484cad208173
ad07ff97788b4b10d3ff43f25860b363a5f1bff6f66904c1d88a0c12ebdf061c
GET /photos2/355/35507563/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 09:26:57 GMT
last-modified: Fri, 09 Oct 2020 08:40:28 GMT
etag: "5f8021fc-13a2"
content-type: image/jpeg
content-length: 5026
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1342, 5
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/175/17525084/avatar.90x90.jpg
163.237.222.18200 OK 3.8 kB URL HTTP/2 img.mfcimg.com/photos2/175/17525084/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash c0f2c7c13ef4adacfd4eba1b659fe225
7fc55d11fd404b06d3e793de20a0628fa3d8b382
98e839f96ea4cee7fee7df7375d7300fd523884394d218cbe1b7e992305de3b8
GET /photos2/175/17525084/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:37:55 GMT
last-modified: Sat, 26 Nov 2022 14:05:17 GMT
etag: "63821d1d-ec1"
content-type: image/jpeg
content-length: 3777
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 382, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/446/44618762/avatar.90x90.jpg
163.237.222.18200 OK 3.8 kB URL HTTP/2 img.mfcimg.com/photos2/446/44618762/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash a8ad26437a81fb90d7bd28f6ff42b39c
d712e36925b514c2f6a54e47543173dc3c1a8c63
679703177ad10c8ff096c1da48b4db1d2268b4504ef8f2d7cd9f1a8ec2e407fe
GET /photos2/446/44618762/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 15:05:58 GMT
last-modified: Mon, 02 Jan 2023 14:21:28 GMT
etag: "63b2e868-ed5"
content-type: image/jpeg
content-length: 3797
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 510, 3
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/263/26387007/avatar.90x90.jpg
163.237.222.18200 OK 2.6 kB URL HTTP/2 img.mfcimg.com/photos2/263/26387007/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 6220a9dac79fbe6bdafdd77c57ac7090
8ba4ca72b17c57b5a7bb425eef98b88b3a47bc35
18137bc791ae36f5036fd8d030425bb11d14aad4aef449830b3c8d013bc19af9
GET /photos2/263/26387007/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 00:34:01 GMT
last-modified: Tue, 12 Jul 2022 13:03:15 GMT
etag: "62cd7113-a34"
content-type: image/jpeg
content-length: 2612
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1896, 25
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/734/7340807/avatar.90x90.jpg
163.237.222.18200 OK 5.6 kB URL HTTP/2 img.mfcimg.com/photos2/734/7340807/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f17d5079e6b157084bc13d7279a76344
351c69bde1fe8fd8b12a708f1563cb712eec5c4f
b8a0e0f67c9b1a8e6d742ed815f3be600242bd3f435f0eeb2c5fb9ec19cce4e6
GET /photos2/734/7340807/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 22:55:12 GMT
last-modified: Sun, 02 Jan 2022 11:00:16 GMT
etag: "61d185c0-15c2"
content-type: image/jpeg
content-length: 5570
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3346, 26
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/396/39603778/avatar.90x90.jpg
163.237.222.18200 OK 4.4 kB URL HTTP/2 img.mfcimg.com/photos2/396/39603778/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f39936e2ffd4d4ebf7d53db45fa87f60
0081e0b5b339c997e72201e37e77e02c2613ca3c
f0f4cfbd7e56506f874b38c7cd3a58ed56471e21c05764ab5e3e7ccd4802375f
GET /photos2/396/39603778/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 16:06:12 GMT
content-type: image/jpeg
last-modified: Mon, 30 Jan 2023 16:06:10 GMT
etag: "63d7eaf2-110c"
content-length: 4364
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1963, 41
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/439/43971590/avatar.90x90.jpg
163.237.222.18200 OK 4.0 kB URL HTTP/2 img.mfcimg.com/photos2/439/43971590/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 1d9f73e6c76e484db075d4dffed38494
7ae9008d1c5acd8dd75696651282fadb160679fb
0ea328cf39a124c0192cc65d5ed48cae06bd2eb443dae3e76fa903ddff6b297b
GET /photos2/439/43971590/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 06:43:01 GMT
last-modified: Thu, 24 Nov 2022 22:00:41 GMT
etag: "637fe989-fbc"
content-type: image/jpeg
content-length: 4028
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2479, 21
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/169/16912382/avatar.90x90.jpg
163.237.222.18200 OK 3.3 kB URL HTTP/2 img.mfcimg.com/photos2/169/16912382/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 28991dacaef4eed4bdd5f459e8116262
bab80ad4c224dd8b0efc96029a1b218b83007b03
6df672e91ac33c28ed7d2455edf90470bffbcd820cbf7512ad3af3cdd941910c
GET /photos2/169/16912382/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:53:49 GMT
last-modified: Mon, 07 Jan 2019 20:03:08 GMT
etag: "5c33b07c-cbf"
content-type: image/jpeg
content-length: 3263
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3634
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/180/18028214/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/180/18028214/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 63a9edf89b483623b92106b3f9f17882
487e00f78a1760a7d64ac55b559933250792baff
a782e90d707d322dfad19aca7526e641aea6573a927ffef16ae9c16868841b3c
GET /photos2/180/18028214/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 20:42:10 GMT
last-modified: Wed, 12 Aug 2020 23:33:36 GMT
etag: "5f347c50-d57"
content-type: image/jpeg
content-length: 3415
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 589, 32
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/325/32559122/avatar.90x90.jpg
163.237.222.18200 OK 4.0 kB URL HTTP/2 img.mfcimg.com/photos2/325/32559122/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 8422aebafd8192130fbf5016a7f87bc9
552aed8cf7d1042c36d72e5ab55edb793ab8f5c7
057136bbdf5cb0c0dbb991ceba4e47b518f8afe8687377b387ba136f352ea27f
GET /photos2/325/32559122/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 05:51:35 GMT
content-type: image/jpeg
last-modified: Tue, 18 Oct 2022 14:11:21 GMT
etag: "634eb409-f9d"
content-length: 3997
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1014, 18
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/445/44579926/avatar.90x90.jpg
163.237.222.18200 OK 5.1 kB URL HTTP/2 img.mfcimg.com/photos2/445/44579926/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash c2b95fde3af19f51a9f45d9dcb15def2
45e1b82872609016bb286c50d05dd537bd8193c9
9742dbf93e738b0976a7a86eac20182172cdc5ade3a18a149088042e9197590b
GET /photos2/445/44579926/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 10:12:40 GMT
last-modified: Tue, 20 Dec 2022 11:45:39 GMT
etag: "63a1a063-13e8"
content-type: image/jpeg
content-length: 5096
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2966
x-cache: HIT
X-Firefox-Spdy: h2
assets.myfreecams.com/_js/top.js?vcc=1675191532
163.237.222.23200 OK 99 kB URL HTTP/2 assets.myfreecams.com/_js/top.js?vcc=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (4382)
Hash 8c475401fd7c5a874b245e4cf54b66b4
b36ebacd1638c62965043a9ac7a4e70e7993e03e
d63dc62dfb966059a3bd3b849c95d16faa2deb4deb7c045d30228e5978e2ed86
GET /_js/top.js?vcc=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: application/javascript
content-length: 98649
last-modified: Tue, 31 Jan 2023 18:59:10 GMT
etag: "63d964fe-18159"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/166/16658294/avatar.90x90.jpg
163.237.222.18200 OK 4.9 kB URL HTTP/2 img.mfcimg.com/photos2/166/16658294/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash ee99c9637337b99520352c5fd4eac466
00fb2d2eadca4b66710ef51354a7c5696ed6ce93
280484d7fbe12f710e63f09dfe2adc95fd2b189f3f7e0e19bb1001d7b90c56a6
GET /photos2/166/16658294/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 21:24:09 GMT
content-type: image/jpeg
content-length: 4934
last-modified: Tue, 03 Jan 2023 15:22:59 GMT
etag: "63b44853-1346"
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1286
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/285/28553872/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/285/28553872/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash a2074e156da23ebb5aa0d1fd59028e89
a32bfdd2053c48f05f8462eb5a773c6fb59fbf14
04e35060e4d2ccd2eb4aa5c1f80c50763c003c01423105e1ad4ef1f88fff786c
GET /photos2/285/28553872/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 18:26:27 GMT
last-modified: Thu, 01 Dec 2022 17:57:44 GMT
etag: "6388eb18-e2c"
content-type: image/jpeg
content-length: 3628
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3288, 13
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/193/19362333/avatar.90x90.jpg
163.237.222.18200 OK 2.9 kB URL HTTP/2 img.mfcimg.com/photos2/193/19362333/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 563ca9ff64add0bba150b85b9e8f4367
f05780d8fddef354db2cf4666cd4481763790fe8
d602814462c17e9df1c13d1642603efb75c3f3d2014d2478a8649c87aceb571b
GET /photos2/193/19362333/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 11:59:39 GMT
last-modified: Mon, 17 Oct 2022 22:16:36 GMT
etag: "634dd444-b7d"
content-type: image/jpeg
content-length: 2941
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 942
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/284/28474719/avatar.90x90.jpg
163.237.222.18200 OK 3.7 kB URL HTTP/2 img.mfcimg.com/photos2/284/28474719/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 4e0526eddeb9bdc2f86ed1d2aa2ccb8d
e9aaf6f4b2759c352d9d30ecfd79ee3d4c516a6a
3defca2ff1ed216f63f90dcdd753d6bf2c4200eab3ba22e5c45552938e5fe66e
GET /photos2/284/28474719/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 16:02:11 GMT
last-modified: Thu, 12 Jan 2023 23:39:40 GMT
etag: "63c09a3c-e6a"
content-type: image/jpeg
content-length: 3690
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 28, 188
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/444/44496596/avatar.90x90.jpg
163.237.222.18200 OK 3.9 kB URL HTTP/2 img.mfcimg.com/photos2/444/44496596/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 3be7cc04d93a18a88142ef2a9d742235
185369846641a96f9ff2669fd96676cc4b42f5c9
881bd83fbc4b4cb3c588ed0b658a76df7ae4d262fd7ee0f9412d38c0a3596691
GET /photos2/444/44496596/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 02:07:05 GMT
last-modified: Fri, 23 Dec 2022 02:28:13 GMT
etag: "63a5123d-f62"
content-type: image/jpeg
content-length: 3938
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1490, 31
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/272/27218486/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/272/27218486/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 312de176d81389705a46b17953e8cf67
58251865b2adda75d0c4ca8e20f241f58f26d397
7d25feee20fe676538a5bc9c829dbc6fe64e74421486f0c40a1dcf8b2f43ba8f
GET /photos2/272/27218486/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 00:45:11 GMT
last-modified: Wed, 09 Nov 2022 16:02:37 GMT
etag: "636bcf1d-e38"
content-type: image/jpeg
content-length: 3640
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1091, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/190/19051550/avatar.90x90.jpg
163.237.222.18200 OK 2.2 kB URL HTTP/2 img.mfcimg.com/photos2/190/19051550/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 8efa17cb88b879ba00eb8ed4acd82d1d
4db80a247f7a6881297287942fd90a1cfe906d3f
b6e00b50175c05b57132644a0ec296ec50106e56b12213f3cc93daf9a4e66e0d
GET /photos2/190/19051550/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 06:20:28 GMT
content-type: image/jpeg
content-length: 2234
last-modified: Thu, 13 Oct 2022 14:09:20 GMT
etag: "63481c10-8ba"
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 874, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/434/43498736/avatar.90x90.jpg
163.237.222.18200 OK 4.9 kB URL HTTP/2 img.mfcimg.com/photos2/434/43498736/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 4d6c512f223802a50485817f880ccf72
3292fdddb6bddced0af82cc2029537ef4fe50f72
4574de6cbbb2da331afeccde38c4ba55d784314a29531e6858c5413654f92d64
GET /photos2/434/43498736/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 12:04:17 GMT
content-type: image/jpeg
last-modified: Wed, 18 Jan 2023 22:12:25 GMT
etag: "63c86ec9-132a"
content-length: 4906
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2311
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/416/41678079/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/416/41678079/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash b6e07ed7806c866335918dc8e52c6f58
b2feffdf5cb4570e13d64fd72a73a380476b2ba7
018cb02830c74b5f88e86852eae522d7b262dc94789f18fac09f94a5cb097182
GET /photos2/416/41678079/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 20:59:03 GMT
last-modified: Tue, 05 Oct 2021 16:39:30 GMT
etag: "615c7fc2-d41"
content-type: image/jpeg
content-length: 3393
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1065, 30
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/421/42169229/avatar.90x90.jpg
163.237.222.18200 OK 3.9 kB URL HTTP/2 img.mfcimg.com/photos2/421/42169229/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 840c7ca1d1a2d0eb9c98779d0b4b1cef
8c73168b28c4c8f3b2789e96b48ea8a1034d2dac
727bbe138ce5bc5d529f4610753aca987a81e678226b4f0e0efcdbadad0a98b2
GET /photos2/421/42169229/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 14:07:06 GMT
last-modified: Mon, 16 Aug 2021 19:36:14 GMT
etag: "611abe2e-f51"
content-type: image/jpeg
content-length: 3921
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2485, 29
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/373/37313243/avatar.90x90.jpg
163.237.222.18200 OK 4.8 kB URL HTTP/2 img.mfcimg.com/photos2/373/37313243/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash c0059a33f86aa22cc27c4059031b79fe
82fbc8ae89d9952f02d8326e7426c375ae48c7c5
759ce4f0a121ec0db221f1c18fa76a593e333f89ec728fe83a13ccfb81e8c298
GET /photos2/373/37313243/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 22:26:48 GMT
content-type: image/jpeg
last-modified: Thu, 19 Jan 2023 20:36:06 GMT
etag: "63c9a9b6-12a4"
content-length: 4772
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 613, 22
x-cache: HIT
X-Firefox-Spdy: h2
c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz13d3cxLmRpdnhmaWxtZW9ubGluZS5uZXQmYj0wLjAwMDI1JnM9NTE1NDU1JmE9MA2
54.86.140.33302 Found 185 B URL HTTP/1.1 c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz13d3cxLmRpdnhmaWxtZW9ubGluZS5uZXQmYj0wLjAwMDI1JnM9NTE1NDU1JmE9MA2
IP 54.86.140.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e43a764b7812a261f5982f702da2090e
d415373fa0dd56acee3a8b0f3a04aa9ce71a4ce5
07bcd3016dff03fed2a996adb084b77e0970dfd6b10e2f3e3cdf3785458809f9
Analyzer Verdict Alert fortinet Malware
GET /go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz13d3cxLmRpdnhmaWxtZW9ubGluZS5uZXQmYj0wLjAwMDI1JnM9NTE1NDU1JmE9MA2 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 16:39:53 GMT
Location: http://c.ewoss.click/out.aspx?u=4e07e780-2516-441f-aafb-3e2e38eb25a3
Server: Microsoft-IIS/10.0
Content-Length: 185
Connection: keep-alive
img.mfcimg.com/photos2/435/43544148/avatar.90x90.jpg
163.237.222.18200 OK 3.7 kB URL HTTP/2 img.mfcimg.com/photos2/435/43544148/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 52821d41e3463b66ede5cc82c9d02644
e92948d4dd89bde3c410779988d47967c3f12550
f4943d14cb370d7af01843157e44e236d82297c257f55da67bdfd21b163be69b
GET /photos2/435/43544148/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 09:10:34 GMT
last-modified: Sun, 24 Jul 2022 19:59:51 GMT
etag: "62dda4b7-e6e"
content-type: image/jpeg
content-length: 3694
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 789, 32
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/178/17818901/avatar.90x90.jpg
163.237.222.18200 OK 2.6 kB URL HTTP/2 img.mfcimg.com/photos2/178/17818901/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 04a08466a63a0cf80f6fd02f2b8c7694
a133e34d5a65c32422f7d2e69564007f7776b4b8
0196850792488b738ab219e852364f42df35ea30696669eb991284342ba4f7eb
GET /photos2/178/17818901/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 23:48:57 GMT
last-modified: Tue, 24 Jan 2023 16:39:15 GMT
etag: "63d009b3-a04"
content-type: image/jpeg
content-length: 2564
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3120
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44227814/avatar.90x90.jpg
163.237.222.18200 OK 4.7 kB URL HTTP/2 img.mfcimg.com/photos2/442/44227814/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f2d385a1b3d200e4581853b1adcfeed2
1ddf154eab86b1af51f8b5a9323d15010bc521ae
7982b332ed0ebbd73159ca803e8707764920fff67923a68f99b481e66750de6c
GET /photos2/442/44227814/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 09:06:59 GMT
content-type: image/jpeg
last-modified: Wed, 13 Jul 2022 08:33:49 GMT
etag: "62ce836d-122f"
content-length: 4655
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2768, 66
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/188/18823155/avatar.90x90.jpg
163.237.222.18200 OK 2.2 kB URL HTTP/2 img.mfcimg.com/photos2/188/18823155/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash e44961967edcac1442ab459a6ce9e5e9
e202f7b871bbe5dc2f8f8f16c4dc1c2c693de38d
50996d9573fddd578bd85dcab9f31929771bcd937503d13290c6637a25ce4a3c
GET /photos2/188/18823155/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 11:06:23 GMT
last-modified: Sun, 20 Nov 2016 16:02:04 GMT
etag: "5831c8fc-87b"
content-type: image/jpeg
content-length: 2171
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 10, 175
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/336/33653545/avatar.90x90.jpg
163.237.222.18200 OK 3.0 kB URL HTTP/2 img.mfcimg.com/photos2/336/33653545/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 9d06163e67b6256b790173718948757f
51d0eaf0c623531002bde3744b71cfd96e3ab946
4d1ce6345c57348550dfdf0bbffb9d8e470c8873cba793ab471bfcc453c25b5f
GET /photos2/336/33653545/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 03:18:17 GMT
last-modified: Wed, 23 Nov 2022 21:03:02 GMT
etag: "637e8a86-bd3"
content-type: image/jpeg
content-length: 3027
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2790, 6
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/197/19799830/avatar.90x90.jpg
163.237.222.18200 OK 4.1 kB URL HTTP/2 img.mfcimg.com/photos2/197/19799830/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash e5b7c84fed8576aaadf14af68422a14a
19a46c922ca7b420a308441de0ca960edf30bb8b
fffb48ceeff569271d2e163f01cccab7c5a8b0de91c95866dbb85a9e85df96f9
GET /photos2/197/19799830/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:54:43 GMT
last-modified: Sat, 28 Jan 2023 19:28:46 GMT
etag: "63d5776e-1012"
content-type: image/jpeg
content-length: 4114
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 874, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/260/2603401/avatar.90x90.jpg
163.237.222.18200 OK 4.1 kB URL HTTP/2 img.mfcimg.com/photos2/260/2603401/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 6968e2f12679d8e6021a9590961f38cb
b39731904d64f6d08fc748cc9756d91509568f41
245d1d6079e59e55dfa644578d0eb36446f10514f4d167bf3b49d2c2d7d58c55
GET /photos2/260/2603401/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:31:19 GMT
content-type: image/jpeg
content-length: 4068
last-modified: Mon, 02 Oct 2017 15:31:56 GMT
etag: "59d25bec-fe4"
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 912, 32
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/385/38524275/avatar.90x90.jpg
163.237.222.18200 OK 3.1 kB URL HTTP/2 img.mfcimg.com/photos2/385/38524275/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 0fbe970cd67004ea435b4bf27618d0f1
6cb29d3a6b88b9655f17fc949a3035dbd2113719
771ed1897dcd4b5d7d9ee104ebb4b02bd8b10e0f079b989891158e93740f4a63
GET /photos2/385/38524275/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 11:43:47 GMT
last-modified: Tue, 25 Oct 2022 17:49:41 GMT
etag: "635821b5-c02"
content-type: image/jpeg
content-length: 3074
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 374, 68
x-cache: HIT
X-Firefox-Spdy: h2
main.exosrv.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exosrv.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=f6beb34161f55692bd255f66437479c7 HTTP/1.1
Host: main.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A88120%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=f6beb34161f55692bd255f66437479c7
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=f6beb34161f55692bd255f66437479c7 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A88120%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
img.mfcimg.com/photos2/669/6694402/avatar.90x90.jpg
163.237.222.18200 OK 3.5 kB URL HTTP/2 img.mfcimg.com/photos2/669/6694402/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 5dbe383586d3dea44f04bfe42087a000
6a1f2981a4a9858af2401d02d1e4b59af601a5c1
1803f39e2797db215f5e6c21430916f3488274b658b58174bed3532204f4b772
GET /photos2/669/6694402/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 00:02:21 GMT
last-modified: Fri, 28 Oct 2022 22:53:04 GMT
etag: "635c5d50-dd6"
content-type: image/jpeg
content-length: 3542
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2875, 24
x-cache: HIT
X-Firefox-Spdy: h2
main.exosrv.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exosrv.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238 HTTP/1.1
Host: main.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A93210%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
img.mfcimg.com/photos2/343/34333967/avatar.90x90.jpg
163.237.222.18200 OK 3.3 kB URL HTTP/2 img.mfcimg.com/photos2/343/34333967/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f7d2d8b2f81286ce840d2ce7b5572d13
a7cd9dcdf9723e9bb6346b4f93f5752670d71a55
c79041cade83b2ee0254a699a840bf549b3c3e2eb9a267cf646e309cf5fbc57b
GET /photos2/343/34333967/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 17:40:15 GMT
last-modified: Wed, 02 Nov 2022 16:36:29 GMT
etag: "63629c8d-cbd"
content-type: image/jpeg
content-length: 3261
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1475, 29
x-cache: HIT
X-Firefox-Spdy: h2
main.exoclick.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=3b1a5c77f7aaea55a1a919380aac6238 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A93210%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D; expires=Thu, 01 Feb 2024 16:39:53 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
snzzv.heparlorne.com/HEFEDAP?tag_id=926093&sub_id1=435706.469740&sub_id2=1993355499426491842&cookie_id=34005c53-b53a-40d7-9c36-59547cbc469f&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D435706.469740&geo=NO
54.162.51.18200 OK 8.6 kB URL HTTP/2 snzzv.heparlorne.com/HEFEDAP?tag_id=926093&sub_id1=435706.469740&sub_id2=1993355499426491842&cookie_id=34005c53-b53a-40d7-9c36-59547cbc469f&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D435706.469740&geo=NO
IP 54.162.51.18:0
Hash 7d780be2c52fe3b0164887865a4377d9
3b5662b580e4b09ee6982e8a981d349939fa3bcf
28ddce4398ab8b9f679d26630d7d63ac05c42d207a2ed5fe668c691b2bb82cc0
GET /HEFEDAP?tag_id=926093&sub_id1=435706.469740&sub_id2=1993355499426491842&cookie_id=34005c53-b53a-40d7-9c36-59547cbc469f&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D435706.469740&geo=NO HTTP/1.1
Host: snzzv.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"31e6-aup5Hf/YejYW8BdV8hPG8Y33JF0"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 5.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash cca864e705c943138c821af967fd8f2c
a5f99977839f77b3db6b35acb9f4afa31ed92902
e76df7ac3a0bad32c086b84f77ceac2783d6b2307c1e6d5d8bbfe309ac47d600
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/xml
x-ms-request-id: 5bfd3557-d01e-004f-105b-366356000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 200
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164946b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/326/32690587/avatar.90x90.jpg
163.237.222.18200 OK 4.7 kB URL HTTP/2 img.mfcimg.com/photos2/326/32690587/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 2ff9ac75738414e8569d29e40a174dc3
fca13b61dcb1d1e2115be0255042544097a4ff27
c877f90ea2740d443fe34bac5a3875d6b53ee5489e2421095e6f8911aad5ecd4
GET /photos2/326/32690587/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:10:36 GMT
last-modified: Sat, 14 Jan 2023 13:09:35 GMT
etag: "63c2a98f-126e"
content-type: image/jpeg
content-length: 4718
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2939, 6
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44284345/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/442/44284345/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash ea4d02b90e284a54958f8e245359fe79
0b416d3b36c590a1c18242b9b95c82631423d3fc
a2677e4b9ee22bab193e67d058cdba8b6100e686f05c676a44d92c2fa6b47487
GET /photos2/442/44284345/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 10:28:25 GMT
content-type: image/jpeg
content-length: 3442
last-modified: Sun, 13 Nov 2022 20:14:44 GMT
etag: "63715034-d72"
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 8, 128
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44267173/avatar.90x90.jpg
163.237.222.18200 OK 3.9 kB URL HTTP/2 img.mfcimg.com/photos2/442/44267173/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 216x216, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 55d85f67ec85142bf2fb71066846a037
1095c0e069fa3ea378fcffaa9da90ae0d0cec231
c6463b5730ee38bcbd42528ca0578c604399ff07cd63b7b17de9006f4212024f
GET /photos2/442/44267173/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:54 GMT
content-type: image/jpeg
last-modified: Tue, 19 Jul 2022 19:07:30 GMT
etag: "62d700f2-f0a"
content-length: 3850
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 76, 19
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/418/41875372/avatar.90x90.jpg
163.237.222.18200 OK 4.1 kB URL HTTP/2 img.mfcimg.com/photos2/418/41875372/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 230a47860031c6aae17289116877695a
ea1b1ee7093cc74df4f50224e2eb0288c1da7d4a
b915a2df7ce8ef1b0b957c3a95ef19e40fbe29bf935742dc7867077d087f961a
GET /photos2/418/41875372/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:58:55 GMT
last-modified: Fri, 27 May 2022 00:58:57 GMT
etag: "62902251-1016"
content-type: image/jpeg
content-length: 4118
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 933, 0
x-cache: MISS
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/958/9584095/avatar.90x90.jpg
163.237.222.18200 OK 1.6 kB URL HTTP/2 img.mfcimg.com/photos2/958/9584095/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 90x90, components 1\012- data
Hash fe192e26e37bb141c3c76a420b00447e
afa508611148445afa2f0ee1753b517b8a869bd2
082106d7598fdd045e24cf81798921fa8879fee8e8244a8915a67a9f5338d6c8
GET /photos2/958/9584095/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 20:19:10 GMT
last-modified: Sun, 02 Jan 2022 13:36:26 GMT
etag: "61d1aa5a-64f"
content-type: image/jpeg
content-length: 1615
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1675, 0
x-cache: MISS
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/418/41850053/avatar.90x90.jpg
163.237.222.18200 OK 3.3 kB URL HTTP/2 img.mfcimg.com/photos2/418/41850053/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash eb558b404727b5348b6224b960d413f8
9b904ee4ba9b8acbe98801e65bc58e1f668d14bd
20f541902b02e271e9318979226ddfc083cc765e618da77d0589a719c146e4b3
GET /photos2/418/41850053/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 08:17:33 GMT
last-modified: Fri, 18 Jun 2021 20:24:38 GMT
etag: "60cd0106-d05"
content-type: image/jpeg
content-length: 3333
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3171, 74
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/420/42086711/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/420/42086711/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 1b7008ef56c5d6540108f02122a2bbd8
3bd5b73521cb0147f3e72061c95730e493f863ef
97c949e5d1127d79564c438126b43faad2d54114fe2d89efa606bc260996e2a7
GET /photos2/420/42086711/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 20:03:33 GMT
last-modified: Thu, 02 Dec 2021 21:42:14 GMT
etag: "61a93db6-e1e"
content-type: image/jpeg
content-length: 3614
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 824, 27
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/317/31782241/avatar.90x90.jpg
163.237.222.18200 OK 2.8 kB URL HTTP/2 img.mfcimg.com/photos2/317/31782241/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 7d919c55a4d5f45b317c6c57b703b03c
98bd3542a1a0e9f3e1a0eef49249e72bc4d9873c
1f5a3811af6fcdc5085c0c3d97e4d790982f2b5ce916db06f8b582709d9f8858
GET /photos2/317/31782241/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 10:53:34 GMT
last-modified: Thu, 30 Dec 2021 16:15:51 GMT
etag: "61cddb37-af7"
content-type: image/jpeg
content-length: 2807
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1962, 27
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44270565/avatar.90x90.jpg
163.237.222.18200 OK 4.8 kB URL HTTP/2 img.mfcimg.com/photos2/442/44270565/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash f667c5edc9dfa330fec70773c8784e1a
98632e384fb84b65753087ea8dffff8e74e24736
fef279e634f22018c5846acb8a9da162a491c99c488da666f25ef1d185f01305
GET /photos2/442/44270565/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 17:11:03 GMT
last-modified: Thu, 24 Nov 2022 09:37:38 GMT
etag: "637f3b62-12c9"
content-type: image/jpeg
content-length: 4809
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2220, 25
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/267/26795444/avatar.90x90.jpg
163.237.222.18200 OK 4.0 kB URL HTTP/2 img.mfcimg.com/photos2/267/26795444/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 9758a81f4242f14b0f8347e35ec199d2
aa592910589824e842b94ac3e24cd168c953a212
fc1424ef1f3f5c370be31bb465464d50cddb467d676302c018476175c7fdfceb
GET /photos2/267/26795444/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 23:15:56 GMT
content-type: image/jpeg
last-modified: Mon, 30 Jan 2023 23:15:55 GMT
etag: "63d84fab-f8c"
content-length: 3980
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3089, 19
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/441/44170434/avatar.90x90.jpg
163.237.222.18200 OK 2.8 kB URL HTTP/2 img.mfcimg.com/photos2/441/44170434/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash b2046270243cfacce5228b52fd552ec0
a24ffdea6b1cce5f9c93a472feee2b5d9a2eb886
71131bb909a6eabfbad9ae7b1dbf0a426dfadaa0cbb0d1681fb777ab24295206
GET /photos2/441/44170434/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 12:32:52 GMT
content-type: image/jpeg
last-modified: Tue, 19 Jul 2022 08:40:58 GMT
etag: "62d66e1a-ae3"
content-length: 2787
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2254, 4
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/186/18645778/avatar.90x90.jpg
163.237.222.18200 OK 3.5 kB URL HTTP/2 img.mfcimg.com/photos2/186/18645778/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 2374f4f7b44fd4fd7c645245a5ca5f76
518b0c2ce111ef5ba483e61ca0d194273aad8e88
585ee9d24079164f7e0d6adf156ca8c08a2971401013670289d0555c21535600
GET /photos2/186/18645778/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 09:20:36 GMT
last-modified: Thu, 28 Jul 2022 17:56:37 GMT
etag: "62e2cdd5-dc2"
content-type: image/jpeg
content-length: 3522
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3417, 27
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44266797/avatar.90x90.jpg
163.237.222.18200 OK 3.7 kB URL HTTP/2 img.mfcimg.com/photos2/442/44266797/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 604be1671e02c215d06295baaadd7766
6d2a377a05b090fd76ca6d1657d3172dbb241c7e
bb082365303f32058740b4dee079eaee90e4ed84f6e1b3ae0a71acb519062b3d
GET /photos2/442/44266797/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 13:03:03 GMT
last-modified: Tue, 25 Oct 2022 07:23:38 GMT
etag: "63578efa-e67"
content-type: image/jpeg
content-length: 3687
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3486, 17
x-cache: HIT
X-Firefox-Spdy: h2
assets.myfreecams.com/_js/player.js?vcc=1675191532
163.237.222.23200 OK 71 kB URL HTTP/2 assets.myfreecams.com/_js/player.js?vcc=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (2334)
Hash 5d7cea8d15f16d123348f21bb21535aa
97aeb63c315770dfbd97f335c999670ddcf795ed
a2f78821f515bc47122179a9cbb06fd4da76da3ef8424f3bd220c107bbb8ab42
GET /_js/player.js?vcc=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: application/javascript
content-length: 70655
last-modified: Tue, 31 Jan 2023 18:59:10 GMT
etag: "63d964fe-113ff"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/438/43843930/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/438/43843930/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 4121524c67025463c258480fe6a02c51
7fdfe25463ecaabaab77de74f858e99309bd6785
dbf24ff4149798593a9c73ed13116a672486de5ba8f0b32e8bcca80932745896
GET /photos2/438/43843930/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 00:05:03 GMT
last-modified: Tue, 21 Jun 2022 11:08:03 GMT
etag: "62b1a693-d50"
content-type: image/jpeg
content-length: 3408
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2994, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/419/41916436/avatar.90x90.jpg
163.237.222.18200 OK 4.1 kB URL HTTP/2 img.mfcimg.com/photos2/419/41916436/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash a4baa0015662a86ea29d8c019e44fff1
fdc375c9e9916d6e48c29229dff526d34fae4469
93e07b0c563ae0284d6d88b4bd4205752ef67e41a03ebcd26681ab5b6c7abbea
GET /photos2/419/41916436/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:59:40 GMT
content-type: image/jpeg
last-modified: Fri, 27 Jan 2023 01:04:39 GMT
etag: "63d32327-1025"
content-length: 4133
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1400, 3
x-cache: HIT
X-Firefox-Spdy: h2
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415011
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415011
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_456528_415011 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
best.aliexpress.com/?dp=v8xHoqo_cjVXHBphnJtRsMyu1EjNpKseKspKKPxAviXJDtzk-_QMudmGFfqhpKSrebx2ifrUmn-cTYZ6eY6krWUMIodSBfKNgFHhXZqzgfAEyzfNsM6Ix_KhRqOekuODHKxnlw_gUIDRUi&aff_fcid=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&terminal_id=4eda45f081024db9b3f3df888c9b6b27&afSmartRedirect=y
23.52.86.159200 OK 18 kB URL HTTP/2 best.aliexpress.com/?dp=v8xHoqo_cjVXHBphnJtRsMyu1EjNpKseKspKKPxAviXJDtzk-_QMudmGFfqhpKSrebx2ifrUmn-cTYZ6eY6krWUMIodSBfKNgFHhXZqzgfAEyzfNsM6Ix_KhRqOekuODHKxnlw_gUIDRUi&aff_fcid=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&terminal_id=4eda45f081024db9b3f3df888c9b6b27&afSmartRedirect=y
IP 23.52.86.159:0
Hash c4deda43552e5fb8fc33d5b1a1466950
d54f7dd5ea474e9772aa23cd9a15d83edf64d884
f6316fb6d4085d96f02733ed7af735390bca2ca231b5ac30395c2e88cf2be7ad
GET /?dp=v8xHoqo_cjVXHBphnJtRsMyu1EjNpKseKspKKPxAviXJDtzk-_QMudmGFfqhpKSrebx2ifrUmn-cTYZ6eY6krWUMIodSBfKNgFHhXZqzgfAEyzfNsM6Ix_KhRqOekuODHKxnlw_gUIDRUi&aff_fcid=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&tt=CPS_NORMAL&aff_fsk=_AkUaK1&aff_platform=portals-tool&sk=_AkUaK1&aff_trace_key=dde8b70849974dda8c9b8e75893d5aa0-1675269591462-03801-_AkUaK1&terminal_id=4eda45f081024db9b3f3df888c9b6b27&afSmartRedirect=y HTTP/1.1
Host: best.aliexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: af_ss_a=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
server: Tengine
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,us:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-language: en-US
content-encoding: gzip
eagleeye-traceid: 2101f49616752693187534914ef53d
timing-allow-origin: *
content-length: 15943
date: Wed, 01 Feb 2023 16:39:52 GMT
set-cookie: aep_usuc_f=site=glo&b_locale=en_US; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
e_id=pt100; Expires=Sat, 29 Jan 2033 16:39:52 GMT; Path=/; Domain=.aliexpress.com
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/446/44645703/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/446/44645703/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 9d941424a788a73fd7788f68ff6a6043
e961b8dd4b3c320d00ebfcbdaf585283d4c7ea14
be15077c5077ab9beb718f8e5f84720b9aefe6ab3d5df86ea756fc77e7137df9
GET /photos2/446/44645703/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:31:19 GMT
content-type: image/jpeg
content-length: 3608
last-modified: Mon, 16 Jan 2023 19:02:23 GMT
etag: "63c59f3f-e18"
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1685, 37
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/216/21655613/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/216/21655613/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 216x216, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 7c3b8c786e1b73cb5b211b998ac784cc
8dd35735b4eb56231c7eb51116e081d6230e9399
66a4047b337e9b7a23b100a0b27c0939da31ba3af723037a1ee7d15048b2a036
GET /photos2/216/21655613/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 20:59:06 GMT
last-modified: Sat, 09 Jan 2021 15:36:48 GMT
etag: "5ff9cd90-e25"
content-type: image/jpeg
content-length: 3621
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 960, 17
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/313/31306607/avatar.90x90.jpg
163.237.222.18200 OK 3.6 kB URL HTTP/2 img.mfcimg.com/photos2/313/31306607/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 18b862216aa3e6672a69c04cedc9651c
53dfdf110ec7bebb2608caa156fe1864b5507054
4f62b05648b8d89f7c2cc5c36c5063e1676ea8752f5cfe7d6a6e978de9b5ebe3
GET /photos2/313/31306607/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 11:17:09 GMT
content-type: image/jpeg
last-modified: Sun, 11 Sep 2022 17:44:11 GMT
etag: "631e1e6b-df9"
content-length: 3577
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 427, 17
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/276/27621755/avatar.90x90.jpg
163.237.222.18200 OK 3.9 kB URL HTTP/2 img.mfcimg.com/photos2/276/27621755/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 08e68f07c7fcab7fd0e84e86e99fb367
672adb448221e4c5417fa29316eeac4301d5926f
3d29079ec9d4c4bab5823607fd54b01312fffa9f86828e498cbb185264513269
GET /photos2/276/27621755/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 20:43:05 GMT
last-modified: Sun, 22 Jan 2023 15:58:13 GMT
etag: "63cd5d15-f0f"
content-type: image/jpeg
content-length: 3855
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 739, 19
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/235/23533604/avatar.90x90.jpg
163.237.222.18200 OK 4.1 kB URL HTTP/2 img.mfcimg.com/photos2/235/23533604/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 6942f947608717b4eda9ced465abf556
a402c52b8b8a13ac186cedec039f25bab22e5bfe
cf863d27296b7e4321fbde2e21135305c4f5a9c13108bfcee95a4b39b15b1925
GET /photos2/235/23533604/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:12:02 GMT
last-modified: Sun, 18 Oct 2020 17:52:25 GMT
etag: "5f8c80d9-1022"
content-type: image/jpeg
content-length: 4130
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 417, 21
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/330/33034204/avatar.90x90.jpg
163.237.222.18200 OK 3.3 kB URL HTTP/2 img.mfcimg.com/photos2/330/33034204/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 105f1fef308018335eebf2c4339cb1fa
32fbfa96e44f78a3bd8644211630934961e1060e
59d01fca387e45271904ed8e3c6b36c064d08d07bfa6fe531d3acaaacfc1dcb6
GET /photos2/330/33034204/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 19:58:51 GMT
last-modified: Mon, 20 Jun 2022 12:54:58 GMT
etag: "62b06e22-cca"
content-type: image/jpeg
content-length: 3274
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 688, 24
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/436/43603818/avatar.90x90.jpg
163.237.222.18200 OK 3.1 kB URL HTTP/2 img.mfcimg.com/photos2/436/43603818/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash ed8a9ea725b3056f0d04a22b0b327470
37d51d7c8cb325326a52f88a1705b77d80c9c61e
c418d3cd48058d030c9f4a2e067a9ead39ce8a7bc5824337983d235590260437
GET /photos2/436/43603818/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 13:24:11 GMT
content-type: image/jpeg
last-modified: Wed, 17 Aug 2022 20:14:24 GMT
etag: "62fd4c20-c16"
content-length: 3094
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2081, 27
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/430/43019795/avatar.90x90.jpg
163.237.222.18200 OK 3.8 kB URL HTTP/2 img.mfcimg.com/photos2/430/43019795/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 62828c7d453baeb9423eb90fc3bc0e2a
f4755fe49c8fc5d9664b645f626e4d16d2c4a2ef
6a7b47702024f0938e0df40fbf26d8f8ef57e2b7d7bc563cddd70a4c375888f7
GET /photos2/430/43019795/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 21:42:50 GMT
last-modified: Tue, 17 Jan 2023 18:23:35 GMT
etag: "63c6e7a7-ece"
content-type: image/jpeg
content-length: 3790
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 3457, 28
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/442/44274768/avatar.90x90.jpg
163.237.222.18200 OK 3.2 kB URL HTTP/2 img.mfcimg.com/photos2/442/44274768/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash d9143a33f866971102dd30abbc6a9a8b
011d4a51e9b469269745bd180e48ea9a2c08bc4e
a488d204621cb64a4c27d7d2b0c3e23ab796e7f21e2236e50d7db423a5b1f9e7
GET /photos2/442/44274768/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 08:48:55 GMT
content-type: image/jpeg
last-modified: Wed, 23 Nov 2022 10:33:30 GMT
etag: "637df6fa-c62"
content-length: 3170
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2020, 27
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/339/33979586/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/339/33979586/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 999080f0ef4676e3edb53d4f5ef5557c
bc7863412703cfde51abdb480a2b7e97ce3f2ad5
953361587b172074a691eb03ace73d89656f17547b8b47c03ecad2b6b8552b50
GET /photos2/339/33979586/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 16:56:38 GMT
last-modified: Sat, 04 Dec 2021 21:50:10 GMT
etag: "61abe292-d62"
content-type: image/jpeg
content-length: 3426
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1050, 19
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/143/14365816/avatar.90x90.jpg
163.237.222.18200 OK 4.8 kB URL HTTP/2 img.mfcimg.com/photos2/143/14365816/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 7dd603ed73d0394d441cf161450bc9b9
3758890244755a4b2e620c0a30781e16456b8533
26d46d7d764bf13e872e45b23165450ded0e500fdcc85ceb33f8c93db28b5f55
GET /photos2/143/14365816/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 08:51:41 GMT
last-modified: Sat, 30 Apr 2022 16:08:18 GMT
etag: "626d5ef2-1294"
content-type: image/jpeg
content-length: 4756
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 744, 32
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/292/29237380/avatar.90x90.jpg
163.237.222.18200 OK 4.0 kB URL HTTP/2 img.mfcimg.com/photos2/292/29237380/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash da35b1850a7ee715023abe240e61fb2d
84feab1c97faf7a22eb3c73c9404a7f285f077f2
f2d8453dff166187b82cc34f6185333a4519eb4b5850b78cb5a5bc7a789ea83d
GET /photos2/292/29237380/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 05:18:32 GMT
content-type: image/jpeg
last-modified: Tue, 28 Aug 2018 16:39:25 GMT
etag: "5b857abd-f90"
content-length: 3984
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 1923, 6
x-cache: HIT
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 9.8 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
Hash 55708961bbd7cb5fea31e8648641fb0a
1ab8440328fdffcba4eaaa56b48ead8febcea896
ddeebdb9f6caf6f6f170bf712ab7b02b5448a3fc2417300c952cbcc4901ee7cc
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914DE94BB"
x-ms-request-id: 580bcb77-701e-0034-8081-3121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201638feb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
dailybulletinz.com/wp-content/uploads/2021/11/Self-Learning.jpg
104.21.20.56200 OK 3.9 kB URL HTTP/2 dailybulletinz.com/wp-content/uploads/2021/11/Self-Learning.jpg
IP 104.21.20.56:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash a6be4d8f4e70199e95e1616b056c3fc8
65db22a6afd7905ecf08cca407e81ccad540e88b
9ae17a2f6ff70a41f903f75e192e0c762cf184402ea20028348ae71b5623f78f
GET /wp-content/uploads/2021/11/Self-Learning.jpg HTTP/1.1
Host: dailybulletinz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dailybulletinz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: image/jpeg
content-length: 181708
last-modified: Wed, 17 Nov 2021 08:00:55 GMT
etag: "6194b6b7-2c5cc"
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 9009964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfS19V3jmIcqjF2gsm3988ohIYCEUTUr%2FDpZ0vDn2CHJdRQ5TJAMTV483VWoBnNr83mHkLlGtOcmK0gLARjpGJtdgu9PGh9oeEmZYS8qffhGBWvYzSfLYScM4gQygNP0nswelW4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20235d660afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/282/28293943/avatar.90x90.jpg
163.237.222.18200 OK 4.3 kB URL HTTP/2 img.mfcimg.com/photos2/282/28293943/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 6dd6f795db72e296b53f8a6cc0a604f8
aca2f992ac22c8175d0b73bd13fc55db27dba7ad
39b34ef3716f4dee89f29dda61041235f75af049f7210b9aa0083c052f31abee
GET /photos2/282/28293943/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 22:17:00 GMT
last-modified: Mon, 02 Jan 2023 05:39:22 GMT
etag: "63b26e0a-109e"
content-type: image/jpeg
content-length: 4254
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 5896, 21
x-cache: HIT
X-Firefox-Spdy: h2
img.mfcimg.com/photos2/783/7832486/avatar.90x90.jpg
163.237.222.18200 OK 3.4 kB URL HTTP/2 img.mfcimg.com/photos2/783/7832486/avatar.90x90.jpg
IP 163.237.222.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 90x90, components 3\012- data
Hash 0dc9733125e09b1f1f85a2e98eb061bb
e241d08b619efd254c84d9d11a652a701df88bc1
646ed5506737c20b49ebb954f34f1af860a3b65fdfc3281a3aa2348983979d6a
GET /photos2/783/7832486/avatar.90x90.jpg HTTP/1.1
Host: img.mfcimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 18:22:30 GMT
last-modified: Fri, 16 Dec 2022 12:33:10 GMT
etag: "639c6586-d54"
content-type: image/jpeg
content-length: 3412
cache-control: max-age=172800
access-control-allow-origin: *
x-served-by: edge4ams
x-cache-hits: 2403, 6
x-cache: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash f3ad208aab3b55adad8db0df695cb7ba
e1a1d36e86aa6432510408d7e4db22bd1e3da982
ad411809b7646aeb2f232f41271c7604e3491732d4b540d567ee7b087f76f8f2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4669
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:53 GMT
Last-Modified: Wed, 01 Feb 2023 15:22:04 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 312
c.ewoss.click/out.aspx?u=f948370d-b0bc-470c-a3d1-fa0f3484bc1b
54.86.140.33200 OK 331 B URL HTTP/1.1 c.ewoss.click/out.aspx?u=f948370d-b0bc-470c-a3d1-fa0f3484bc1b
IP 54.86.140.33:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (312), with no line terminators
Hash 560cf391e84e21d73d9049265a7fcc53
66018b0c017bc61b015fe95481aac3b583dcf526
6f02cd72f81f37a3f0f76161065d915bfa6e84e29ebe458517148f5272c16c6a
Analyzer Verdict Alert fortinet Malware
GET /out.aspx?u=f948370d-b0bc-470c-a3d1-fa0f3484bc1b HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 16:39:53 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: ASP.NET_SessionId=uc3anjambkltqsn1u012ouaj; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 331
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash f3ad208aab3b55adad8db0df695cb7ba
e1a1d36e86aa6432510408d7e4db22bd1e3da982
ad411809b7646aeb2f232f41271c7604e3491732d4b540d567ee7b087f76f8f2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4669
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:53 GMT
Last-Modified: Wed, 01 Feb 2023 15:22:04 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 64213e16e8d5b9aa34dbd6fe56f33429
50dd32df3c82a053ce1ba8cd4f8e41012b150ddf
19105c18b6d189db53e1b259d93b3d1782c9bd84434467c6c77006a1d6e31925
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:53 GMT
Etag: "63d8e84d-116"
Last-Modified: Wed, 01 Feb 2023 16:39:53 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
20betlp.com/bonus-wheel-en/css/reset.css
37.252.8.95200 OK 758 B URL HTTP/1.1 20betlp.com/bonus-wheel-en/css/reset.css
IP 37.252.8.95:0
Hash 4efd21f2a250eb9c74738efd20649c5f
d2b04957878a7eb16378885edc870e5d4ed85e0a
854bdd447667d255572764fe724efa5b6f97d9e66452e28010eb850dad46dbb1
GET /bonus-wheel-en/css/reset.css HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/css
Last-Modified: Mon, 08 Nov 2021 13:54:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61892bf9-6a6"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/css/main.css
37.252.8.95200 OK 1.8 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/css/main.css
IP 37.252.8.95:0
Hash 49e5413a26bd3d4d13d60f414dba76de
8aeeb9927881cc873b8b70511122200c6b859343
7322def013c20cef26baa26179065e114db85f87206566dd8be65eb664bfd4db
GET /bonus-wheel-en/css/main.css HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/css
Last-Modified: Tue, 09 Nov 2021 09:29:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"618a3f92-2071"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/css/media.css
37.252.8.95200 OK 683 B URL HTTP/1.1 20betlp.com/bonus-wheel-en/css/media.css
IP 37.252.8.95:0
Hash 62eeedcb147782e36e45fdc1b729986f
a313491431992254578f66c453aeb13cfb74d32f
34fa0adb22eeb0e39ad94be91ec1bc92e2dd12f86695510aec7fbfdd91660bf2
GET /bonus-wheel-en/css/media.css HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/css
Last-Modified: Tue, 09 Nov 2021 09:35:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"618a40c6-a4f"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/css/animation.css
37.252.8.95200 OK 942 B URL HTTP/1.1 20betlp.com/bonus-wheel-en/css/animation.css
IP 37.252.8.95:0
Hash 750d918201188f29886c58f10d4146a4
efc731484d3b10f60de17baf34a4f85c42464a6a
6ca0c67d84ee7da96eef03e0a696ced35ac4d44b6f752a363861a9034b8f560e
GET /bonus-wheel-en/css/animation.css HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/css
Last-Modified: Wed, 10 Nov 2021 14:37:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"618bd933-2f55"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/js/main.js
37.252.8.95200 OK 337 B URL HTTP/1.1 20betlp.com/bonus-wheel-en/js/main.js
IP 37.252.8.95:0
Hash 2a749c98673b6fd39be2b6f98dbac273
f536836a45df4c8fed6b667c674e1ec708aa9efe
0638e3aeb297166e0175dcf1abbab179e655196a653682196c7a8e794598fa47
GET /bonus-wheel-en/js/main.js HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Thu, 11 Nov 2021 10:29:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"618cf09e-40a"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/js/jquery-3.3.1.min.js
37.252.8.95200 OK 30 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/js/jquery-3.3.1.min.js
IP 37.252.8.95:0
File type ASCII text, with very long lines (65451)
Hash 8c94335279b4912ce3f2d6806ce9687a
81f77bfa6a35e3d8260d083074c92a99b8893a36
9075f5a34529dd0bbb9edb86c011a755f5138e2ba7006a12c5c57e87c588c1b8
GET /bonus-wheel-en/js/jquery-3.3.1.min.js HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Mon, 08 Nov 2021 13:54:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61892bfa-1538e"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/js/refers.js
37.252.8.95200 OK 388 B URL HTTP/1.1 20betlp.com/bonus-wheel-en/js/refers.js
IP 37.252.8.95:0
Hash 1a02133cce7b2f9786a3d14737b7acbe
940b4a4f62322d164c6f1ca888ccfbd975839105
3d53e0fdccc953658e13bfe3523749c55818cab7dc61f26b954657b0b1543ec0
GET /bonus-wheel-en/js/refers.js HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 12 Nov 2021 10:15:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"618e3eb7-29e"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Encoding: gzip
20betlp.com/bonus-wheel-en/images/logo/visamc_new.png
37.252.8.95200 OK 3.4 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/visamc_new.png
IP 37.252.8.95:0
File type PNG image data, 100 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 42ae8796fddaf0636035e39d98c4f15a
de35eaaf6df81c0570ec58833581617ad2099a60
4b9dc457817a3a2578a394834ecd291c8a352ad280e35e62024dda1f2dab73e9
GET /bonus-wheel-en/images/logo/visamc_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 3374
Last-Modified: Tue, 09 Nov 2021 09:12:17 GMT
Connection: keep-alive
ETag: "618a3b71-d2e"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 95ce7a86fefd99028db289ac915438f2
ba17e8a3eb9095b6fe7be788abab330a0679701f
ab93ee5da32332a40d3a84b28e3774618365e072896e975f6fbafc3fdd641610
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB93EE5DA32332A40D3A84B28E3774618365E072896E975F6FBAFC3FDD641610"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7232
Expires: Wed, 01 Feb 2023 18:40:25 GMT
Date: Wed, 01 Feb 2023 16:39:53 GMT
Connection: keep-alive
ctrack.trafficjunky.net/ctrack?action=list&type=add&id=visited&context=20bet-landings&cookiename=visited&age=43200&maxcookiecount=10
66.254.114.89200 OK 35 B URL HTTP/1.1 ctrack.trafficjunky.net/ctrack?action=list&type=add&id=visited&context=20bet-landings&cookiename=visited&age=43200&maxcookiecount=10
IP 66.254.114.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ctrack?action=list&type=add&id=visited&context=20bet-landings&cookiename=visited&age=43200&maxcookiecount=10 HTTP/1.1
Host: ctrack.trafficjunky.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: openresty
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: image/gif
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Fri, 03 Mar 2023 16:39:53 GMT; Secure; SameSite=None
tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Fri, 03 Mar 2023 16:39:53 GMT; Secure; SameSite=None
158af488cea9416e1b9bd2e7743777a5=visited; Path=/; Domain=trafficjunky.net; Expires=Fri, 03 Mar 2023 16:39:53 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DA95D9-42FE725901BBB6BB-90529AC
20betlp.com/bonus-wheel-en/images/logo/ecopayz.png
37.252.8.95200 OK 5.2 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/ecopayz.png
IP 37.252.8.95:0
File type PNG image data, 146 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 0d4dbdc5ecb23f1a8798513f2f728155
f8693c37c36af34771b0d188aed78fd289767e65
1b31125b4beb00232b1566676ff8dda6d68b5dabb2b4471296cc7c10d009b000
GET /bonus-wheel-en/images/logo/ecopayz.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 5161
Last-Modified: Tue, 09 Nov 2021 09:14:25 GMT
Connection: keep-alive
ETag: "618a3bf1-1429"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/copyright.png
37.252.8.95200 OK 3.4 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/copyright.png
IP 37.252.8.95:0
File type PNG image data, 50 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash 773e24b3c400ffb8bf6619fa6b2a0430
2ed762770d5f3f257df2f648e80e6376b09c8823
d1ecd9f01b462dcd82ae6c90908dbf63d02c35c0eae9b65a17570dd361fe74e4
GET /bonus-wheel-en/images/copyright.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 3443
Last-Modified: Mon, 08 Nov 2021 15:54:19 GMT
Connection: keep-alive
ETag: "6189482b-d73"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.500268_465930
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.500268_465930
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.500268_465930 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
20betlp.com/bonus-wheel-en/images/logo/flexepin_new.png
37.252.8.95200 OK 2.8 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/flexepin_new.png
IP 37.252.8.95:0
File type PNG image data, 100 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash f49c033c892d92fe21bbbd093216f94c
cd6648cc417b11747dcc1071c619ee133445abba
b12fb0ae0a41fb3dc4a379f1bae8344cf7b3b093b6f336005964e3c8b298197c
GET /bonus-wheel-en/images/logo/flexepin_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 2827
Last-Modified: Tue, 09 Nov 2021 09:13:40 GMT
Connection: keep-alive
ETag: "618a3bc4-b0b"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo/muchbetter.png
37.252.8.95200 OK 4.7 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/muchbetter.png
IP 37.252.8.95:0
File type PNG image data, 161 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 909e39a66412fc4b6687e293a69057dd
71b11cf1d7631f1febae4eba3ce40ae0483f8dd6
c6842348624c6b4fa14e6134b46d06ff4f204b86e22cfe0247347643be257cc4
GET /bonus-wheel-en/images/logo/muchbetter.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 4712
Last-Modified: Tue, 09 Nov 2021 09:13:32 GMT
Connection: keep-alive
ETag: "618a3bbc-1268"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
ctrack.trafficjunky.net/ctrack?action=list&type=add&id=visited&context=20bet.com-landings&cookiename=visited&age=259200&maxcookiecount=10
66.254.114.89200 OK 35 B URL HTTP/1.1 ctrack.trafficjunky.net/ctrack?action=list&type=add&id=visited&context=20bet.com-landings&cookiename=visited&age=259200&maxcookiecount=10
IP 66.254.114.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /ctrack?action=list&type=add&id=visited&context=20bet.com-landings&cookiename=visited&age=259200&maxcookiecount=10 HTTP/1.1
Host: ctrack.trafficjunky.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: openresty
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: image/gif
content-length: 35
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sun, 22 Jan 1984 03:00:00 GMT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
pragma: no-cache
set-cookie: tj_UUID=631cd2ee2b4f4cf89a98c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Fri, 03 Mar 2023 16:39:54 GMT; Secure; SameSite=None
tj_UUID_v2=631cd2ee-2b4f-4cf8-9a98-c513c08d9583; Path=/; Domain=trafficjunky.net; Expires=Fri, 03 Mar 2023 16:39:54 GMT; Secure; SameSite=None
534ef2581ddd09d42a7799f2c8529f0a=visited; Path=/; Domain=trafficjunky.net; Expires=Mon, 31 Jul 2023 16:39:54 GMT; Secure; SameSite=None
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 63DA95D9-42FE725901BB3B4D-90223E6
assets.myfreecams.com/_js/mfccore.js?vcc=1675191532
163.237.222.23200 OK 423 kB URL HTTP/2 assets.myfreecams.com/_js/mfccore.js?vcc=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (32010)
Size 423 kB (423026 bytes)
Hash f95a5e59356505aa61debae6edcafeee
c0843179a897de8659f3d397a43a67d60d368472
25e8af139604db810a6846330e48bdd98bb39dc495c59a1770b9c8251aa07f52
GET /_js/mfccore.js?vcc=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: application/javascript
content-length: 423026
last-modified: Tue, 31 Jan 2023 18:59:12 GMT
etag: "63d96500-67472"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/images/logo/net_banking.png
37.252.8.95200 OK 2.5 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/net_banking.png
IP 37.252.8.95:0
File type PNG image data, 120 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash c46d90c5747589b5c68afcd95356c976
7bd5c560be0c147e709fb7836e2b5045bce8aae3
db740d8801f6dc3c0500c5e398b6a8e00a3f15fcf9cb1adbb1e5ae7b4f8c4fd1
GET /bonus-wheel-en/images/logo/net_banking.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 2465
Last-Modified: Tue, 09 Nov 2021 09:13:17 GMT
Connection: keep-alive
ETag: "618a3bad-9a1"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
assets.myfreecams.com/css/style.css?no_cache=1675191532
163.237.222.23200 OK 11 kB URL HTTP/2 assets.myfreecams.com/css/style.css?no_cache=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (11595)
Hash f83bfd02e97297bc47fde85fc1f6c17d
49f222a3ae7a663516530d6039c76b62ee639203
fdc7d4e3f23a1dfb35342cf3948c8c84e92549cf66a2c871806301f0039be3ae
GET /css/style.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 10688
last-modified: Tue, 31 Jan 2023 06:26:09 GMT
etag: "63d8b481-29c0"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.myfreecams.com/css/videojs.css?no_cache=1675191532
163.237.222.23200 OK 6.0 kB URL HTTP/2 assets.myfreecams.com/css/videojs.css?no_cache=1675191532
IP 163.237.222.23:0
File type Unicode text, UTF-8 text, with very long lines (27197), with no line terminators
Hash e1aa711ba8acd5817c654dc9d67570a9
949e94180d39e5064c79752433f7f8cbfcc0554e
ac215ee6ac9fded01a9190b01dac3e6f6842bb0c430c0e06cb8164afd52cbc80
GET /css/videojs.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 5997
last-modified: Tue, 06 Sep 2022 19:36:30 GMT
etag: "6317a13e-176d"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.myfreecams.com/css/videoplayer.css?no_cache=1675191532
163.237.222.23200 OK 3.2 kB URL HTTP/2 assets.myfreecams.com/css/videoplayer.css?no_cache=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (792)
Hash 511d88763aad224f3d4decf65a00bfa6
adbf59942f9914fe950ed431e475a4424f9d7501
ede7fc72f008d16f6df894e9f560d8870a1c71c07f7c81adfc513c08da1b3ab5
GET /css/videoplayer.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 3213
last-modified: Mon, 21 Nov 2022 02:53:24 GMT
etag: "637ae824-c8d"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.myfreecams.com/css/videopublisher.css?no_cache=1675191532
163.237.222.23200 OK 1.0 kB URL HTTP/2 assets.myfreecams.com/css/videopublisher.css?no_cache=1675191532
IP 163.237.222.23:0
Hash 7affa15f9bc9425eda50ab4ac55c1cad
baaec764d93a1db7b7e3ae4e4102e221571bd3e1
a95f2bc622ae61315090905fe21c71a648bcd03cf10d1de6fbdfaa1f3e1737f5
GET /css/videopublisher.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 1024
last-modified: Thu, 03 Oct 2019 17:48:57 GMT
etag: "5d963489-400"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
shopde.pricedeals.shop/go.php?market=no&zr0c974630a24f11ed98e61217afd2271916a9763bd90443f59aaab26683799988070888a7d92b885ecf
135.181.6.240200 OK 565 B URL HTTP/1.1 shopde.pricedeals.shop/go.php?market=no&zr0c974630a24f11ed98e61217afd2271916a9763bd90443f59aaab26683799988070888a7d92b885ecf
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (441)
Hash 8d21022f59317416b5d24c336ed65f6b
5a6aa62797b2c75c693c1e08f6259caf7c7e62b2
34a0ececb0895c341b919046360bfa2e35ac56af77fa0a1877ec82681796f66b
GET /go.php?market=no&zr0c974630a24f11ed98e61217afd2271916a9763bd90443f59aaab26683799988070888a7d92b885ecf HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:39:54 GMT
Server: Apache/2.4.54 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 565
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
assets.myfreecams.com/css/mfc_style.css?no_cache=1675191532
163.237.222.23200 OK 8.1 kB URL HTTP/2 assets.myfreecams.com/css/mfc_style.css?no_cache=1675191532
IP 163.237.222.23:0
File type assembler source, ASCII text
Hash 67b83c102964d4ac23ee73e46a0caeec
5c89ea6744a945ebdcd2c85a534a863185630978
01b64bcf9b97a00527b3214f95d29f5b0e385a0ab5bdc82448d192de60791bcd
GET /css/mfc_style.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 8065
last-modified: Wed, 25 Jan 2023 02:32:11 GMT
etag: "63d094ab-1f81"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/images/logo/GPay.png
37.252.8.95200 OK 2.6 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/GPay.png
IP 37.252.8.95:0
File type PNG image data, 93 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 17d672ffde367ad80132340957c887c5
4f712364b138c122c7a00b65c14f683f96fe3bd2
232c254eaaf82129dc93368897f25f1c82161dbeb3f7676d7fabaff1b9e542fa
GET /bonus-wheel-en/images/logo/GPay.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 2570
Last-Modified: Tue, 09 Nov 2021 09:14:10 GMT
Connection: keep-alive
ETag: "618a3be2-a0a"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo/jeton.png
37.252.8.95200 OK 7.1 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/jeton.png
IP 37.252.8.95:0
File type PNG image data, 123 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash 615d8d9fe9f2056b2fbcd00cb25312cf
57278c236bb6559f44c3e9b64663973ba8317e5b
abab9115e653ee3830e6fe4c0b226a21b4aceb78afd01246aec384d2783633f8
GET /bonus-wheel-en/images/logo/jeton.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:53 GMT
Content-Type: image/png
Content-Length: 7056
Last-Modified: Tue, 09 Nov 2021 09:13:59 GMT
Connection: keep-alive
ETag: "618a3bd7-1b90"
Expires: Wed, 01 Feb 2023 16:40:23 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo/perfectmoney_new.png
37.252.8.95200 OK 5.2 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/perfectmoney_new.png
IP 37.252.8.95:0
File type PNG image data, 168 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash d29926bb1a723d10d6b5154e6801b6b4
a876e717672fa93ab89e88761e0a2f7585e90b60
6a4a985776ed324898260272af353d531ecd717db104a1d62a49bb64f64f3b19
GET /bonus-wheel-en/images/logo/perfectmoney_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 5175
Last-Modified: Tue, 09 Nov 2021 09:13:48 GMT
Connection: keep-alive
ETag: "618a3bcc-1437"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
assets.myfreecams.com/_css/mfc_less.css?no_cache=1675191532
163.237.222.23200 OK 23 kB URL HTTP/2 assets.myfreecams.com/_css/mfc_less.css?no_cache=1675191532
IP 163.237.222.23:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 73c2e6a92b4b3af11ff0954c2bc89a34
72dfc6e6b6bbc68cbfee71247be734ce77d2d413
42f0ba55adf253b620d4dbd7feec64adfcdbf3082c37a4d914e51311c8cf3ecc
GET /_css/mfc_less.css?no_cache=1675191532 HTTP/1.1
Host: assets.myfreecams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://www.myfreecams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/css
content-length: 23109
last-modified: Tue, 31 Jan 2023 18:59:10 GMT
etag: "63d964fe-5a45"
content-encoding: br
x-served-by: edge10ams
strict-transport-security: max-age=10886400;
access-control-allow-origin: *
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/images/logo/sticpay_new.png
37.252.8.95200 OK 5.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/sticpay_new.png
IP 37.252.8.95:0
File type PNG image data, 156 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 915e8659fe4104a9edca936e3b64af6f
237f1ddfabd6ed0654923ac52f65ed2853479004
37b66b4f7682f3d582194a6509946b7fab719aa66a16e576793abc5402c4fecc
GET /bonus-wheel-en/images/logo/sticpay_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 5850
Last-Modified: Tue, 09 Nov 2021 09:14:18 GMT
Connection: keep-alive
ETag: "618a3bea-16da"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/stopper.png
37.252.8.95200 OK 6.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/stopper.png
IP 37.252.8.95:0
File type PNG image data, 69 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash ccdaf73595b088b4fc63428f9fe100e2
081fc4e5f0d9f0b519d40e5dd760ea28f1b7c444
d7d9fcc51b3da99da21f8be521d60b994ef891ee083e68e93c8f76de755ce966
GET /bonus-wheel-en/images/stopper.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 6945
Last-Modified: Mon, 08 Nov 2021 14:28:44 GMT
Connection: keep-alive
ETag: "6189341c-1b21"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/wheel-fg.png
37.252.8.95200 OK 236 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/wheel-fg.png
IP 37.252.8.95:0
File type PNG image data, 528 x 527, 8-bit/color RGBA, non-interlaced\012- data
Size 236 kB (236388 bytes)
Hash d2e97dbd7ae4c54b415a151f39be0887
9d38dd892fbd1a93e7a61788498f72824e3b9ada
905712289eb6fa7638607e41d96ad085d59a0748f52f6068df99fb8a894b4f47
GET /bonus-wheel-en/images/wheel-fg.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 236388
Last-Modified: Mon, 08 Nov 2021 04:17:16 GMT
Connection: keep-alive
ETag: "6188a4cc-39b64"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo.png
37.252.8.95200 OK 17 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo.png
IP 37.252.8.95:0
File type PNG image data, 254 x 124, 8-bit/color RGBA, non-interlaced\012- data
Hash 78def5eabf59675b4f0ee3e6649a03f7
67a6dafdbea7d307b9dfb3b18718e282e46fd219
f1a1ffabc45b0570df933b634a743941db677176ad0a917de8e95848b36f4a47
GET /bonus-wheel-en/images/logo.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 17049
Last-Modified: Tue, 09 Nov 2021 08:59:54 GMT
Connection: keep-alive
ETag: "618a388a-4299"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo/crypto.png
37.252.8.95200 OK 3.9 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/crypto.png
IP 37.252.8.95:0
File type PNG image data, 112 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 4a02abf14ae557f358e5ad08779e5c63
ca1255e1af637643cfc37819686205fa98e52ab7
6b9c714743ae2b5fed2333459c1e6c5c092673ff7243a3b08427abea21b306f2
GET /bonus-wheel-en/images/logo/crypto.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 3940
Last-Modified: Tue, 09 Nov 2021 09:12:36 GMT
Connection: keep-alive
ETag: "618a3b84-f64"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/make-a-spin.png
37.252.8.95200 OK 127 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/make-a-spin.png
IP 37.252.8.95:0
File type PNG image data, 744 x 201, 8-bit/color RGBA, non-interlaced\012- data
Size 127 kB (126955 bytes)
Hash 2cab480711ffc79de987c81449ae9eaa
8ac2d4324e60cebaacd09aaa5c58b54b26d12fca
12ffa9a312269979d2cc05b4b553e54570a8149d6ebc0671d263662bd3dce225
GET /bonus-wheel-en/images/make-a-spin.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 126955
Last-Modified: Mon, 08 Nov 2021 14:47:19 GMT
Connection: keep-alive
ETag: "61893877-1efeb"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
20betlp.com/bonus-wheel-en/images/logo/skrill_new.png
37.252.8.95200 OK 3.1 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/skrill_new.png
IP 37.252.8.95:0
File type PNG image data, 105 x 37, 8-bit/color RGBA, non-interlaced\012- data
Hash f7f53770508e4524d76a646e42489eed
b5b3ee0f8d851744947d03675426f297c9f1dd53
be653dca4bc909851e0ef709ec9ae0feeb50e3a67c8e4454bfff01c6a85b0757
GET /bonus-wheel-en/images/logo/skrill_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 3056
Last-Modified: Tue, 09 Nov 2021 09:12:46 GMT
Connection: keep-alive
ETag: "618a3b8e-bf0"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.514185_471449
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.514185_471449
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.514185_471449 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
20betlp.com/bonus-wheel-en/images/logo/neteller_new.png
37.252.8.95200 OK 4.2 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/images/logo/neteller_new.png
IP 37.252.8.95:0
File type PNG image data, 185 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 0d4d7708d1139fd4793741e35d091d6d
3a12ff356a277abc12418a656fdd973ea496bac0
464604486ca20b0d844cc62b4af2a8550942aa2972f402d7a8da06e332f7702a
GET /bonus-wheel-en/images/logo/neteller_new.png HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: image/png
Content-Length: 4162
Last-Modified: Tue, 09 Nov 2021 09:13:00 GMT
Connection: keep-alive
ETag: "618a3b9c-1042"
Expires: Wed, 01 Feb 2023 16:40:24 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&fullscreen=1
192.133.142.177302 Found 333 B URL HTTP/2 gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&fullscreen=1
IP 192.133.142.177:0
File type gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 0484f1cc502cf3e05becd61ee0cda467
8ad69dd8d38a641961534b50814f1fe93810e709
51ec34234725ac54b2ffc006c6725cf98925a239fb4d871b544f85899ee0b95b
Analyzer Verdict Alert quad9 Sinkholed
GET /rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=UTF-8
location: https://gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&sub2=&sub3=&tb=&fullscreen=1
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:54 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 370b0e50b95487884126f60de8212bb9
95f72a94ca97dbe477173291ad4cf2bfd44cb331
09bb0f7a19f39d1b2df37360c7beedffb94dc24a3f462d3d2f6383b5a0ededd7
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 31 Jan 2023 22:25:35 GMT
Expires: Wed, 01 Feb 2023 22:25:35 GMT
ETag: "95f72a94ca97dbe477173291ad4cf2bfd44cb331"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:54 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 304 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash ddd6702bed16f8356dfcdc982c55d6e7
e29bb79be078371c2373caf865376c826f19cb23
91f50efd757cf8d447daf780b93794f61f5c0fa1d7cbc16142dd4c9a214a86d3
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 01 Feb 2023 16:39:54 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 304
Connection: keep-alive
track.wargaming-aff.com/click?pid=5757&offer_id=91&ref_id=63da95d936d24700016178d7&sub1=439_
35.204.130.99302 Found 0 B URL HTTP/2 track.wargaming-aff.com/click?pid=5757&offer_id=91&ref_id=63da95d936d24700016178d7&sub1=439_
IP 35.204.130.99:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=5757&offer_id=91&ref_id=63da95d936d24700016178d7&sub1=439_ HTTP/1.1
Host: track.wargaming-aff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:54 GMT
content-length: 0
location: https://trck.wargaming.net/i20c1adr/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63da95da1d9f210001478f03; expires=Thu, 01 Feb 2024 16:39:54 GMT; secure; SameSite=None
afoffers={"91":1675269594}; expires=Thu, 01 Feb 2024 16:39:54 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
95.211.229.246302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZM05USTJPVFU1TVh3eVptWTJOVE13TURkbE9ESm1NR00zT1RBelpUUmpOREUwTm1ObFlUazNNdy0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1FqSjZ0aUpxdEdVM0J2LUdIMGRFZEhQM3hQLmRiZCUyQ29rd3drQ01QSlBJbUc2U2JQLVA4bE9acXJvRm1zbEZVUUstT1U3Q2hBa1ZaSk9iLXl2STE2Wk16UTlmY1VHY3JleTF0Vm13d3dkT3FOTGYzbm1HLTZiNHJtQjJKc1lXdmdoUXdUaDkyY3JCQ005NWJadjBQaUtYd0pwajFUcXhkaVVjcU9PZHZUeXc0M3NHZ1lCenYtMDBoQWk4VWJHTl8wa3A1N1Ixb2pXQXo1akw3OTVCaHpoZU9zcTd5QmY0ZEpTN2FndF9XdkVvX0NqMG95YUJPaklCZ1Vrd25oWTNCMlUxMFU0UkZ1QWlVeDhDSGhsM1FPRXZMQ2hqT0xvRkR4b0ptRDhFa3NIRXgtYWJzeDY1dG5XRVJ3Y0NvbXYtZEZTUUNzdm5YNXpoWTZvUGpJZmRVMVdPSzJDVTZUc2VmQWV5TzZKQXhsVHJGM2Y3Zll1OWNzMVZidEpxRG5qTXFGSzRpZHJfTVM2dVRPaWhRYkJiRTFoTW8yZEhEcTJORC1hMkN4Umc3aVZCN3RmNGF4NU5udlNORUNIZFpiRFBmZ2ZRNHFuMm5yampkTWRVZkdzalRxY1d4THNOYzVCS3pzVldZMEI0Q2huTUI2Sm1JTlE3ZmRZQjRyXzVNaUxaRjRUVHR4RUd0TWIzRnI4M0VnMlJYelN4bEthQk8zQnI2JmNzaWQ9MjYyNTk1MSZzMT00ODkyNDgwJm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8em9uZS1hbm51YWlyZS50ZWx8NTAzODU0fDc5NTA5Mnw5ODM0MjB8NDg5MjQ4MHw1MTF8MzU2NzU0N3wzODEzOTk3OXw0MHwzfDB8MHwyNTM0NHw1MTYxNTZ8NDQuNjk1Mnw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8MTM1NDQxNTUyMHw0YTc2NDU5Mjk1YzAzODI0NTA0ODcwYjg2MGRhNDNlM3wxfDB8dDMubG93dGlkLmNvbXwwfDB8MHwwLjMxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDR8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fE9LfDdlNjg1YTQ5MGIzNWMzY2RhMGI2MDhmN2EzNTA1M2Rl&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263da95d8e537f8.726069452435103585%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263da95d8e537f8.726069452435103585%22%3B%7D; expires=Fri, 31 Jan 2025 16:39:54 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m|,,QjJ6tiJqtGU3Bv-GH0dEdHP3xP.dbd,okwwkCMPJPImG6SbP-P8lOZqroFmslFUQK-OU7ChAkVZJOb-yvI16ZMzQ9fcUGcrey1tVmwwwdOqNLf3nmG-6b4rmB2JsYWvghQwTh92crBCM95bZv0PiKXwJpj1TqxdiUcqOOdvTyw43sGgYBzv-00hAi8UbGN_0kp57R1ojWAz5jL795BhzheOsq7yBf4dJS7agt_WvEo_Cj0oyaBOjIBgUkwnhY3B2U10U4RFuAiUx8CHhl3QOEvLChjOLoFDxoJmD8EksHEx-absx65tnWERwcComv-dFSQCsvnX5zhY6oPjIfdU1WOK2CU6TsefAeyO6JAxlTrF3f7fYu9cs1VbtJqDnjMqFK4idr_MS6uTOihQbBbE1hMo2dHDq2ND-a2CxRg7iVB7tf4ax5NnvSNECHdZbDPfgfQ4qn2nrjjdMdUfGsjTqcWxLsNc5BKzsVWY0B4ChnMB6JmINQ7fdYB4r_5MiLZF4TTtxEGtMb3Fr83Eg2RXzSxlKaBO3Br6&csid=2625951&s1=4892480&md=0&exo_cid=3567547&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIweDAiLCJpIjoiMSJ9
X-Robots-Tag: noindex, follow
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 98272f54a7b975bd7fef407e122cbce1
1cd4caaaaf21ec80d94dd62a557832f752a49836
90b97f45dfe6a8b0dcc036d49ffc2aa7055859953a07df5c4eddd96b786cf0a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 900
Cache-Control: max-age=148708
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:39:54 GMT
Etag: "63da343a-1d7"
Expires: Fri, 03 Feb 2023 09:58:22 GMT
Last-Modified: Wed, 01 Feb 2023 09:43:22 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
syndication.realsrv.com/splash.php?idzone=1955560&type=8&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
95.211.229.246302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=1955560&type=8&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?idzone=1955560&type=8&p=http%3A%2F%2Frixon.ml%2F&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263da95d8e5a5f3.61609981125191004%22%3B%7D; goals=a%3A1%3A%7Bi%3A93210%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-02-01%22%3B%7D%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263da95d8e5a5f3.61609981125191004%22%3B%7D; expires=Fri, 31 Jan 2025 16:39:54 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamremxosxgeicxbmsbcenxgxamrxrlrabgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamreseallgeicxbmsbocnxgxamremxosxgeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamroamsoegeioslmrxlrnxgxamslescrogeimmccrbxenxgxamrescroogeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamroamsoegeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamrescroogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrescroogeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamresecrcgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamrescroogeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamrescroogeimcclsxlcnxgxamreaccbbgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamreollxsgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamrescroogeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeialbserxonxgxamclarlmmgeimcclosscnxgxamreaccbbgeimaecobronxgxamrescroogeimaecobeenxgxamrescroogeimcclosccnxgxamrescroogeimaecoboonxgxamrescroogeimrblxelenxgxamrescroogeixaoossalnxgxamrxbalmbgxcceixaoosscrnxgxamrxlsccsgxcceimxlbmoscnogxamrxlmbcbgxcceimaoolxrcnxgxamrocblesgxcceimsrrbxmonogxamrocblesgxcceimxlbmoaonxgxamrocblesgxcceimbbcemoanxgxamroascxmgxcceimbsblroanrgxamroascxmgxcceimcssmlronogxamroacrxsgxcceimboslabcnxgxamroacrxsgxcceimxlbmosanogxamroacrxsgxcceimbscxmxanxgxamroacrxsgxcceimxeoxsacnxgxamroamsoegxcceimbscxmobnxgxamroamsoegxcceimbclraronsgxamroabxmcgxcceimblelamanxgxamroabxmcgxcceimxreaomcnxgxamroalrecgxcceimxlbmoconxgxamroalrecgxcceimalabrlcnxgxamroalrlcgxcce; expires=Thu, 02 Feb 2023 16:39:54 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C1955560%7C76968594%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63da95d8e5a5f3.61609981125191004%7C522da8cf4d54d340deaf50e2845e28b3%7C0%7Crixon.ml%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 02 Feb 2023 16:39:54 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://vivporn.com
X-Robots-Tag: noindex, follow
trck.wargaming.net/i20c1adr/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=
92.223.23.231301 Moved Permanently 22 B URL HTTP/1.1 trck.wargaming.net/i20c1adr/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=
IP 92.223.23.231:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with no line terminators
Hash 0e0bf67572311f8a23814419ff24ee9a
78328dfc54708433cdfb3e7857e57f87ec443b08
c5f6c267ba4a2964fff5d304d4a1e79c371ce30d32eaf017b3bb40becccd58d2
GET /i20c1adr/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2= HTTP/1.1
Host: trck.wargaming.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: keep-alive
Location: https://promo.worldofwarships.eu/glows-49239/eu-no/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=&sid=SIDS3FpElWdBF_CkweKGTf53PRlLXamyt7DpE_Z6mdxQBCCrXPS-C_rIUftjWU0HT9UIAgc9kfWl40u8kLxFczTEiNZf2QRu-w1hKBHj8ELSPqIuQ94-Dt3TL3vSy3KrJUDJZd9A0Fgcauc_w&enctid=cq7dib7ok7mp&lpsn=WOWS+WLAP+3+ships&foris=1&teclient=1675269594638448354&utm_source=wlap&utm_medium=affiliate&utm_campaign=i20c1adr&utm_content=5757
Set-Cookie: STIDREFERRAL=SIDS3FpElWdBF_CkweKGTf53PRlLXamyt7DpE_Z6mdxQBCCrXPS-C_rIUftjWU0HT9UIAgc9kfWl40u8kLxFczTEiNZf2QRu-w1hKBHj8ELSPqIuQ94-Dt3TL3vSy3KrJUDJZd9A0Fgcauc_w; Domain=wargaming.net; Max-Age=2592000; Path=/; SameSite=None; Secure
enctid=cq7dib7ok7mp; Domain=wargaming.net; Max-Age=2592000; Path=/; SameSite=None; Secure
teclient=1675269594638448354; Domain=wargaming.net; Max-Age=315360000; Path=/; SameSite=None; Secure
Cache-Control: no-cache
adpointrtb.com/script/s2iurl.php?stamat=m|,,QjJ6tiJqtGU3Bv-GH0dEdHP3xP.dbd,okwwkCMPJPImG6SbP-P8lOZqroFmslFUQK-OU7ChAkVZJOb-yvI16ZMzQ9fcUGcrey1tVmwwwdOqNLf3nmG-6b4rmB2JsYWvghQwTh92crBCM95bZv0PiKXwJpj1TqxdiUcqOOdvTyw43sGgYBzv-00hAi8UbGN_0kp57R1ojWAz5jL795BhzheOsq7yBf4dJS7agt_WvEo_Cj0oyaBOjIBgUkwnhY3B2U10U4RFuAiUx8CHhl3QOEvLChjOLoFDxoJmD8EksHEx-absx65tnWERwcComv-dFSQCsvnX5zhY6oPjIfdU1WOK2CU6TsefAeyO6JAxlTrF3f7fYu9cs1VbtJqDnjMqFK4idr_MS6uTOihQbBbE1hMo2dHDq2ND-a2CxRg7iVB7tf4ax5NnvSNECHdZbDPfgfQ4qn2nrjjdMdUfGsjTqcWxLsNc5BKzsVWY0B4ChnMB6JmINQ7fdYB4r_5MiLZF4TTtxEGtMb3Fr83Eg2RXzSxlKaBO3Br6&csid=2625951&s1=4892480&md=0&exo_cid=3567547&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIweDAiLCJpIjoiMSJ9
34.160.190.227200 OK 1.9 kB URL HTTP/1.1 adpointrtb.com/script/s2iurl.php?stamat=m|,,QjJ6tiJqtGU3Bv-GH0dEdHP3xP.dbd,okwwkCMPJPImG6SbP-P8lOZqroFmslFUQK-OU7ChAkVZJOb-yvI16ZMzQ9fcUGcrey1tVmwwwdOqNLf3nmG-6b4rmB2JsYWvghQwTh92crBCM95bZv0PiKXwJpj1TqxdiUcqOOdvTyw43sGgYBzv-00hAi8UbGN_0kp57R1ojWAz5jL795BhzheOsq7yBf4dJS7agt_WvEo_Cj0oyaBOjIBgUkwnhY3B2U10U4RFuAiUx8CHhl3QOEvLChjOLoFDxoJmD8EksHEx-absx65tnWERwcComv-dFSQCsvnX5zhY6oPjIfdU1WOK2CU6TsefAeyO6JAxlTrF3f7fYu9cs1VbtJqDnjMqFK4idr_MS6uTOihQbBbE1hMo2dHDq2ND-a2CxRg7iVB7tf4ax5NnvSNECHdZbDPfgfQ4qn2nrjjdMdUfGsjTqcWxLsNc5BKzsVWY0B4ChnMB6JmINQ7fdYB4r_5MiLZF4TTtxEGtMb3Fr83Eg2RXzSxlKaBO3Br6&csid=2625951&s1=4892480&md=0&exo_cid=3567547&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIweDAiLCJpIjoiMSJ9
IP 34.160.190.227:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (823)
Hash 6b9074d1f8ed17fe8ad530659c645832
f47b62c55409a121a47e25a607b1d9c1d0f32e61
27160945d6e3f8779b9a725a9e2f7223276d9787dbc32bda93235155878ecf0a
GET /script/s2iurl.php?stamat=m|,,QjJ6tiJqtGU3Bv-GH0dEdHP3xP.dbd,okwwkCMPJPImG6SbP-P8lOZqroFmslFUQK-OU7ChAkVZJOb-yvI16ZMzQ9fcUGcrey1tVmwwwdOqNLf3nmG-6b4rmB2JsYWvghQwTh92crBCM95bZv0PiKXwJpj1TqxdiUcqOOdvTyw43sGgYBzv-00hAi8UbGN_0kp57R1ojWAz5jL795BhzheOsq7yBf4dJS7agt_WvEo_Cj0oyaBOjIBgUkwnhY3B2U10U4RFuAiUx8CHhl3QOEvLChjOLoFDxoJmD8EksHEx-absx65tnWERwcComv-dFSQCsvnX5zhY6oPjIfdU1WOK2CU6TsefAeyO6JAxlTrF3f7fYu9cs1VbtJqDnjMqFK4idr_MS6uTOihQbBbE1hMo2dHDq2ND-a2CxRg7iVB7tf4ax5NnvSNECHdZbDPfgfQ4qn2nrjjdMdUfGsjTqcWxLsNc5BKzsVWY0B4ChnMB6JmINQ7fdYB4r_5MiLZF4TTtxEGtMb3Fr83Eg2RXzSxlKaBO3Br6&csid=2625951&s1=4892480&md=0&exo_cid=3567547&exffir=eyJjIjoiMGMxYzVjMzAyODZlMWRiMjFhNzQxZTRiNjJjOGI2ZTQiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIweDAiLCJpIjoiMSJ9 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 01 Feb 2023 16:39:54 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dd9dccbfcd086e1fd0a8a85bffea5cae
401bf1fd855be8962c18c51b0c35c77047f78c49
b67cdd2f26c80211faded6a68ca0a63bc3452b36800fef9259afa237cd5add19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B67CDD2F26C80211FADED6A68CA0A63BC3452B36800FEF9259AFA237CD5ADD19"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7749
Expires: Wed, 01 Feb 2023 18:49:04 GMT
Date: Wed, 01 Feb 2023 16:39:55 GMT
Connection: keep-alive
kemgm.heparlorne.com/dlp?st=1&lp=adultwatch&geo=NO
54.162.51.18200 OK 248 kB URL HTTP/2 kemgm.heparlorne.com/dlp?st=1&lp=adultwatch&geo=NO
IP 54.162.51.18:0
Size 248 kB (248525 bytes)
Hash 7b188fb58dc325ff6f6c2dae149f21ea
d016a0aa86b8b298499b1650bb35a600bc801b69
3313592a8ac9d63dfbb793b264da9e4dd2e510e4981f383c128da2b3be5df683
GET /dlp?st=1&lp=adultwatch&geo=NO HTTP/1.1
Host: kemgm.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"49849-42aMYNcL1nTzSiV2JKf2I8UvpaU"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
104.18.21.91200 OK 16 kB URL HTTP/2 rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
IP 104.18.21.91:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8400)
Hash 1c22f1992f84a50d00c91512edf141fe
732168ac01c6b43009c2ece51c2b01215e87730c
bdb770def47c5d44825ecc4601ea3f8b90cf472118bd1c4eb85da0564caebc30
GET /no/casino/kampanjer/casino/welcome-bonus/18644 HTTP/1.1
Host: rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: ZBan=GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
set-cookie: PHPSESSID=v68q3bgd6sonq86o8he53jbtas; path=/; secure; HttpOnly
Referer=http%3A%2F%2Frixon.ml%2F; expires=Fri, 03-Mar-2023 16:39:54 GMT; Max-Age=2592000; path=/; secure; httponly
cache-control: max-age=0, must-revalidate, private
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792c20334e5bb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
20betlp.com/bonus-wheel-en/audio/wheel.mp3
37.252.8.95206 Partial Content 126 kB URL HTTP/1.1 20betlp.com/bonus-wheel-en/audio/wheel.mp3
IP 37.252.8.95:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Size 126 kB (126084 bytes)
Hash 20e886554f6b25f85110df851f55a460
0a94793f9bd1866580d62b70a2826904b7e167b0
6fd75847fcb250dd04d637286da58286cf472482af2840f9aabbf5845bb941ca
GET /bonus-wheel-en/audio/wheel.mp3 HTTP/1.1
Host: 20betlp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://20betlp.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.14.1
Date: Wed, 01 Feb 2023 16:39:55 GMT
Content-Type: audio/mpeg
Content-Length: 126084
Last-Modified: Mon, 08 Nov 2021 13:54:03 GMT
Connection: keep-alive
ETag: "61892bfb-1ec84"
Expires: Wed, 01 Feb 2023 16:40:25 GMT
Cache-Control: max-age=30
Strict-Transport-Security: max-age=31536000;
Content-Range: bytes 0-126083/126084
snzzv.heparlorne.com/dlp?st=1&lp=adultwatch&geo=NO
54.162.51.18200 OK 290 kB URL HTTP/2 snzzv.heparlorne.com/dlp?st=1&lp=adultwatch&geo=NO
IP 54.162.51.18:0
Size 290 kB (289951 bytes)
Hash 9f1142452984195d1cf03c640ea97cf8
ea35aaae429e95d0d536f46473615e6dc521ed73
f523f74745d54710310e3b40994e3dc748f0816183d0aca14e7113a88fc82454
GET /dlp?st=1&lp=adultwatch&geo=NO HTTP/1.1
Host: snzzv.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"49849-42aMYNcL1nTzSiV2JKf2I8UvpaU"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
104.18.21.91200 OK 116 kB URL HTTP/2 rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
IP 104.18.21.91:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8400)
Size 116 kB (116441 bytes)
Hash 1904797298105019de2aa2c3a611cd36
fb2528124b231f478d9d6407799f8d89b96a239f
89bc942bca66b48416d6fdd7a6d240b38195292cc4cea5603552f2a1d3bc2d42
GET /no/casino/kampanjer/casino/welcome-bonus/18644 HTTP/1.1
Host: rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: ZBan=GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
set-cookie: PHPSESSID=lbkljp729389g231akdo0h8sh1; path=/; secure; HttpOnly
Referer=http%3A%2F%2Frixon.ml%2F; expires=Fri, 03-Mar-2023 16:39:54 GMT; Max-Age=2592000; path=/; secure; httponly
cache-control: max-age=0, must-revalidate, private
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792c20340f5ab4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
stripchat.com/girls/teens?affiliateId=010223cyei5j6xf1wgb21wvaylvsnhx6yxdl4m5uwuov9sskj4vs2gg1lluglcmt&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
104.18.63.126200 OK 0 B URL HTTP/2 stripchat.com/girls/teens?affiliateId=010223cyei5j6xf1wgb21wvaylvsnhx6yxdl4m5uwuov9sskj4vs2gg1lluglcmt&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
IP 104.18.63.126:0
GET /girls/teens?affiliateId=010223cyei5j6xf1wgb21wvaylvsnhx6yxdl4m5uwuov9sskj4vs2gg1lluglcmt&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=utf-8
content-security-policy-report-only: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.crowdin.com cdntechone.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club *.lovense.club:34568 *.lovense.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.lovense.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com accounts.google.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: DYNAMIC
set-cookie: ABTest_ab_25_tokens_instead_20_key=A_129; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_index_header_names_couples_key=B_129; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_onboarding_dialog_key=A_129; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_private_modal_activities_key=A_129; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_top_score_with_conversion_rate_v3_key=B_129; path=/; domain=stripchat.com; expires=Sun, 19 Feb 2023 00:00:00 GMT
ABTest_start_private_with_price_key=B_129; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
__cflb=02DiuFntVtrkFMde1dj4knipQLcM2uWvQ9gpj1wADfVZ6; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:52 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2026da410b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF9917716257"
x-ms-request-id: 78c0b78e-401e-0000-7881-311202000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201bd980b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.forza.idescargarapk.com/ts_pro/ikuhentai.net.php
50.31.176.38200 OK 0 B URL HTTP/2 www.forza.idescargarapk.com/ts_pro/ikuhentai.net.php
IP 50.31.176.38:0
GET /ts_pro/ikuhentai.net.php HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:50 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:50 GMT
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.174.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.174.188:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 580
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20292809b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FH2BI3Z9HCIyXQ3EJVKCN8oIyYD6z7J7pTJqJv55Za6kOEEB3y5dWrT5HNsqvrdq7%2FkDvVwxF70uRja%2F8wPpvh%2FELfISO%2FyQji3GqqyWIEUH7ZmIY2Xkg4n8%2FdvSzSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20291e50b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
188.114.98.234200 OK 0 B URL HTTP/2 netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
IP 188.114.98.234:0
GET /font-awesome/4.0.3/css/font-awesome.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:46 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 601, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-cachedat: 2021-08-03 04:14:00
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6358afe6e12aefed963ad27f3935d6d1
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 20716272
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 792c20017af9b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=97519ef7-11e8-437d-be64-12ac14ff0ebb&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=97519ef7-11e8-437d-be64-12ac14ff0ebb&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=qcopnrbsgld1lpyq4gqz&clickid=97519ef7-11e8-437d-be64-12ac14ff0ebb&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456 HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=edc81177sa23vqe145
set-cookie: uclick=177sa23vqe; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vqe-177sa23vqe-slvc-0-2t1mwj-52a8wj-52a8vr-6cd558; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.tubecorp.com/vs/vs.js?_=1675269609120
45.133.44.24200 OK 0 B URL HTTP/2 cdn.tubecorp.com/vs/vs.js?_=1675269609120
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /vs/vs.js?_=1675269609120 HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:47 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.20.1
last-modified: Fri, 26 Feb 2021 08:59:15 GMT
etag: W/"6038b863-b46b"
cache-control: max-age=3600
x-request-id: e07a8c5e4f2b0b8b4d0d7fdeb26353fa
content-encoding: gzip
expires: Wed, 01 Feb 2023 17:39:47 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&fullscreen=1
192.133.142.177302 Found 0 B URL HTTP/2 gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=UTF-8
location: https://gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BoPILXzA%2FT8509Q8JT3S6mjahMYnF3sogkYHfkeEeNDGsaGowcvemVusojcFuwV5M7jYATfFsBDk3CbS%2BtFKuB4Simcwild%2BPoHKOzCfIPD%2FB79pCOWDK1g4ptB%2BUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2026fb48b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&sub2=&sub3=&tb=&fullscreen=1
192.133.142.177200 OK 0 B URL HTTP/2 gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&sub2=&sub3=&tb=&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=w6c08di94iulnoami3m62jnu&sub1=379871&sub2=&sub3=&tb=&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&fullscreen=1
192.133.142.177302 Found 0 B URL HTTP/2 gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=UTF-8
location: https://gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&sub2=&sub3=&tb=&fullscreen=1
X-Firefox-Spdy: h2
gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&fullscreen=1
192.133.142.177302 Found 0 B URL HTTP/2 gbstwrldnws.com/rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /rotator/352/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=UTF-8
location: https://gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF99188E686E"
x-ms-request-id: fae4441f-101e-0040-4d81-31153a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20163902b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNV%2Bzd5yXQv76nTOQNKe0DPqJ6v1Zca%2BdS%2FdrSly7IuqpoM1IVuWNQuAFk419hMehM05Nq8yWhbRcrL22zYTj3QTcxLPpApVkKh7jLA%2FJfGYMc1OnrVK4c%2F9xXq%2F5KA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2026fb49b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.forza.idescargarapk.com/ts_pro/futurama-latino.org.php
50.31.176.38200 OK 0 B URL HTTP/2 www.forza.idescargarapk.com/ts_pro/futurama-latino.org.php
IP 50.31.176.38:0
GET /ts_pro/futurama-latino.org.php HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Wed, 01 Feb 2023 16:39:50 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 01 Feb 2023 16:39:50 GMT
X-Firefox-Spdy: h2
gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
192.133.142.177200 OK 0 B URL HTTP/2 gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamimtqdk8g&sub1=355801&sub2=&sub3=&tb=&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/css
x-amz-id-2: fRzGGnwkrSpKPhzZwOiFYUoYHx8yByYX11TtTxUYP14vZYJ0519gekOuVPxu3nyoMhklMbZ/j1c=
x-amz-request-id: FXR60E30X8F0QVY9
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 410272
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibmnq0O5EGG%2FeEGny3yl%2BMMOn0wD2ir4e9SE8jg9N%2FmnvqxNLRx3XXACt3FynJdLLzwabTxncP%2F%2Fqwkv9CuxZI8D%2BpUjoo%2F1CuRooUAxac7k3jRt5uaGh%2FhtSBlXFleo4nEitLJd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201a7dbc7717-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
192.133.142.177200 OK 0 B URL HTTP/2 gbstwrldnws.com/adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&sub2=&sub3=&tb=&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /adult_video_2/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wmdph6kv8d5bloamij7hs554&sub1=355801&sub2=&sub3=&tb=&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
record.rizk.com/_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=wtv0l9o3saqnvoam2trdkj5m
104.18.189.136301 Moved Permanently 0 B URL HTTP/2 record.rizk.com/_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=wtv0l9o3saqnvoam2trdkj5m
IP 104.18.189.136:0
GET /_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=wtv0l9o3saqnvoam2trdkj5m HTTP/1.1
Host: record.rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=utf-8
location: https://rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
cache-control: private, no-cache, must-revalidate, Cache-Control: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
pragma: no-cache
x-powered-by: ZBan
cf-cache-status: BYPASS
set-cookie: VID1=KiwzQFAsMzBRLDM4US4wYGAKYAo%3D; expires=Thu, 01-Feb-2024 16:39:52 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=None
ZBan=GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk; expires=Thu, 01-Feb-2024 16:39:52 GMT; Max-Age=31536000; path=/; domain=.rizk.com; secure; HttpOnly; SameSite=None
PartnerId=GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk; expires=Fri, 03-Mar-2023 16:39:52 GMT; Max-Age=2592000; path=/; SameSite=Lax
marketingproduct=Casino; expires=Fri, 03-Mar-2023 16:39:52 GMT; Max-Age=2592000; path=/; domain=.rizk.com; SameSite=Lax
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c2029ec16b52d-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF9917716257"
x-ms-request-id: 78c0b78e-401e-0000-7881-311202000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164942b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
stripchat.com/girls/teens?affiliateId=0102234gc5343fr2ra39j3rf0btg7zqwxf8l5it2nilz79ytgiul1pztzf5wio6q&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4248917&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
104.18.63.126200 OK 0 B URL HTTP/2 stripchat.com/girls/teens?affiliateId=0102234gc5343fr2ra39j3rf0btg7zqwxf8l5it2nilz79ytgiul1pztzf5wio6q&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4248917&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
IP 104.18.63.126:0
GET /girls/teens?affiliateId=0102234gc5343fr2ra39j3rf0btg7zqwxf8l5it2nilz79ytgiul1pztzf5wio6q&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4248917&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=utf-8
content-security-policy-report-only: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.crowdin.com cdntechone.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club *.lovense.club:34568 *.lovense.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.lovense.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com accounts.google.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: DYNAMIC
set-cookie: ABTest_ab_25_tokens_instead_20_key=A_52; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_index_header_names_couples_key=B_52; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_onboarding_dialog_key=A_52; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_private_modal_activities_key=B_52; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_top_score_with_conversion_rate_v3_key=B_52; path=/; domain=stripchat.com; expires=Sun, 19 Feb 2023 00:00:00 GMT
ABTest_start_private_with_price_key=B_52; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
__cflb=02DiuFntVtrkFMde1dhT2bzrwpqqK5s8dKfW1zyBsmjsA; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:52 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2027fb6c0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=47a31d1f-df1d-408b-aded-b02667c00295&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
49.12.123.158200 OK 0 B URL HTTP/2 newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=47a31d1f-df1d-408b-aded-b02667c00295&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=ton7p9rlyxwdhpui7in5&clickid=47a31d1f-df1d-408b-aded-b02667c00295&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=177sa23vnt; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vnt-177sa23vnt-17sc6o-0-q5a83y-tw3zdz-wf1ni4-304b77; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=33447dec-a1cd-40ce-a3a4-68935d04f06d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=33447dec-a1cd-40ce-a3a4-68935d04f06d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=qcopnrbsgld1lpyq4gqz&clickid=33447dec-a1cd-40ce-a3a4-68935d04f06d&cost=0.0029&PUB_ID=20&SUB_ID=4228174&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456 HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=d1ba2177sa23vgha41
set-cookie: uclick=177sa23vgh; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23vgh-177sa23vgh-slvc-0-2t1mwj-52a8wj-52a8vr-f4f001; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=eaeb522a-4877-423f-89be-0ebc89cd7a26&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
49.12.123.158200 OK 0 B URL HTTP/2 newbinotracs.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=eaeb522a-4877-423f-89be-0ebc89cd7a26&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=ton7p9rlyxwdhpui7in5&clickid=eaeb522a-4877-423f-89be-0ebc89cd7a26&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=361615&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: uclick=177sa23v5m; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23v5m-177sa23v5m-17sc6o-0-q5a83y-tw3zdz-wf1ni4-6f2a47; expires=Thu, 02-Feb-2023 16:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
vzvnjw.delicatedates.net/js/pushjs/1.0.0/subscriber.js
52.19.101.114200 OK 0 B URL HTTP/2 vzvnjw.delicatedates.net/js/pushjs/1.0.0/subscriber.js
IP 52.19.101.114:0
GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: vzvnjw.delicatedates.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzvnjw.delicatedates.net/
Cookie: unique_id=63da57ae00024ba1; unique_id2=63da885f0004dee8; 63da885f0004dee8_c=1; ref_token=83444_15966_103756; 63da885f0004dee8_sl=[278385]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: application/javascript
expires: Wed, 08 Feb 2023 16:39:50 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86536170-37950&btag=320665405_4F03CE830604485E9E0E444E5686127E&bid=37950&campaignId=2799402&pid=86536170
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86536170-37950&btag=320665405_4F03CE830604485E9E0E444E5686127E&bid=37950&campaignId=2799402&pid=86536170
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86536170-37950&btag=320665405_4F03CE830604485E9E0E444E5686127E&bid=37950&campaignId=2799402&pid=86536170 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: 961bbb61-801e-006d-385b-36a649000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=320665405_4F03CE830604485E9E0E444E5686127E;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 792c20142e31b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bmcdn5.com/js/63cbe7de71c2f737f5e81131.js?v=1675269611078
172.64.110.35200 OK 0 B URL HTTP/2 cdn.bmcdn5.com/js/63cbe7de71c2f737f5e81131.js?v=1675269611078
IP 172.64.110.35:0
GET /js/63cbe7de71c2f737f5e81131.js?v=1675269611078 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: application/javascript
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: *
access-control-allow-origin: *
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:49 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pamBq5umC7P0QZgTFSd9Mi1iBMwHKU6cnJrNIRKnzqA5IQ0OgbJVE1BQhP8HL2QwfzL1D1XkeVqljPHLJgobZEp6rcGj%2Ba50X3E0dKciHB41%2F1C5jUIPUAb6NiHBDq%2FtSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201648c375d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF99157C1D3C"
x-ms-request-id: ec6073d8-501e-0051-6881-318f8e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201bb943b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915D02464"
x-ms-request-id: 9ee27f41-c01e-000e-3881-313bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533365
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c201bd985b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&sub2=&sub3=&tb=&fullscreen=1
192.133.142.177200 OK 0 B URL HTTP/2 gbstwrldnws.com/adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&sub2=&sub3=&tb=&fullscreen=1
IP 192.133.142.177:0
Analyzer Verdict Alert quad9 Sinkholed
GET /adult_video_3/1328/2da4af00d834dfbd23fda189a58e00c9/?click_id=wuh7ilr3nglhdoamiskngebc&sub1=379870&sub2=&sub3=&tb=&fullscreen=1 HTTP/1.1
Host: gbstwrldnws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=cfcde045-8729-4299-b381-2142be5d255d&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=qcopnrbsgld1lpyq4gqz&clickid=cfcde045-8729-4299-b381-2142be5d255d&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=qcopnrbsgld1lpyq4gqz&clickid=cfcde045-8729-4299-b381-2142be5d255d&cost=0.0029&PUB_ID=20&SUB_ID=4234807&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-02-01&BID_PUB=0.0029&CR_ID=36456 HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:51 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=174581&bid=1971&lpid=1042&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&utm_term=Ubidex-20bet-EU-NotReg-pop%20BonWheel-1042&subid=7ff42177sa23ve2560
set-cookie: uclick=177sa23ve2; expires=Thu, 02-Feb-2023 16:39:51 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=177sa23ve2-177sa23ve2-slvc-0-2t1mwj-52a8wj-52a8vr-48be52; expires=Thu, 02-Feb-2023 16:39:51 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
stripchat.com/girls/teens?affiliateId=010223ioi9vn3ojkken3f2auz7uoqb5t7bzfp8vf995ch3ii3jkptt2ryqqgblb0&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
104.18.63.126200 OK 0 B URL HTTP/2 stripchat.com/girls/teens?affiliateId=010223ioi9vn3ojkken3f2auz7uoqb5t7bzfp8vf995ch3ii3jkptt2ryqqgblb0&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
IP 104.18.63.126:0
GET /girls/teens?affiliateId=010223ioi9vn3ojkken3f2auz7uoqb5t7bzfp8vf995ch3ii3jkptt2ryqqgblb0&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=utf-8
content-security-policy-report-only: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.crowdin.com cdntechone.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club *.lovense.club:34568 *.lovense.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.lovense.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com accounts.google.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: DYNAMIC
set-cookie: ABTest_ab_25_tokens_instead_20_key=A_221; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_index_header_names_couples_key=B_221; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_onboarding_dialog_key=A_221; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_private_modal_activities_key=B_221; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_top_score_with_conversion_rate_v3_key=B_221; path=/; domain=stripchat.com; expires=Sun, 19 Feb 2023 00:00:00 GMT
ABTest_start_private_with_price_key=B_221; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
__cflb=02DiuFntVtrkFMde1diEnkzhzn6YC4mpAML3EkbXBUB16; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:52 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2026da400b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/football_players.png
49.12.123.158200 OK 0 B URL HTTP/2 newbinotracs.com/landers/20bet_welcome_football_en/20bet_EN%202/img/football_players.png
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /landers/20bet_welcome_football_en/20bet_EN%202/img/football_players.png HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newbinotracs.com/
Cookie: uclick=177sa23v1z; uclickhash=177sa23v1z-177sa23v1z-17sc6o-0-q5a83y-tw3zdz-wf1ni4-53b660
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: image/png
content-length: 2505287
last-modified: Fri, 11 Jun 2021 05:33:48 GMT
etag: "60c2f5bc-263a47"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
104.18.21.91301 Moved Permanently 0 B URL HTTP/2 rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
IP 104.18.21.91:0
GET /no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784 HTTP/1.1
Host: rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: ZBan=GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:54 GMT
content-type: text/html; charset=UTF-8
location: https://rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
x-powered-by: PHP/7.1.33
set-cookie: PHPSESSID=2g6qdkpd8vhg4b7gqovth0fsub; path=/; secure; HttpOnly
btag=a_10689784b_c_GZV0H_9OJ6YaUVA5vnxe-mNd7ZgqdRLk-bm9pYWhyemtubw%3D%3D; expires=Wed, 15-Feb-2023 16:39:53 GMT; Max-Age=1209600; path=/; secure
Referer=http%3A%2F%2Frixon.ml%2F; expires=Fri, 03-Mar-2023 16:39:53 GMT; Max-Age=2592000; path=/; secure; httponly
cache-control: max-age=0, must-revalidate, private
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792c20322ccdb4fa-OSL
X-Firefox-Spdy: h2
cdn.bmcdn5.com/trl/63cbdbd0a8bd43bc8d220c1a/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDoxNjBweDtoZWlnaHQ6NjAwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MTYwaDYwMC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612302
172.64.110.35200 OK 0 B URL HTTP/2 cdn.bmcdn5.com/trl/63cbdbd0a8bd43bc8d220c1a/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDoxNjBweDtoZWlnaHQ6NjAwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MTYwaDYwMC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612302
IP 172.64.110.35:0
GET /trl/63cbdbd0a8bd43bc8d220c1a/?sourceRef=https%3A%2F%2Ffree-btc.org%2F&displayHost=https%3A%2F%2Fcdn.bmcdn5.com%2F&loadTime=2000&badCode=PCFkb2N0eXBlIGh0bWw%2BPGh0bWw%2BPGhlYWQ%2BPG1ldGEgY2hhcnNldD0idXRmLTgiLz48bWV0YSBjb250ZW50PSJJRT1lZGdlIiBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiLz48bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLGluaXRpYWwtc2NhbGU9MSxzaHJpbmstdG8tZml0PW5vIi8%2BPHRpdGxlPjwvdGl0bGU%2BPGxpbmsgaHJlZj0iLy9zdGF0aWMuYm1jZG41LmNvbS9jc3MvaW1nLmNzcz92PXYxLjI1LjE1IiByZWw9InN0eWxlc2hlZXQiLz48L2hlYWQ%2BPGJvZHk%2BPGRpdiBpZD0ibWVkaWEiIHN0eWxlPSJ3aWR0aDoxNjBweDtoZWlnaHQ6NjAwcHgiPjxzcGFuIGNsYXNzPSJ0b3AtaWRlbnRpdHkiPjwvc3Bhbj4gPGEgY2xhc3M9ImJvdHRvbS1pZGVudGl0eSIgaHJlZj0iaHR0cHM6Ly9iaXRtZWRpYS5pby8%2FdXRtX3NvdXJjZT1pY29uIiB0YXJnZXQ9Il9ibGFuayI%2BPC9hPjxkaXYgY2xhc3M9Im1haW4tY29udGVudCI%2BPGEgY2xhc3M9ImxpbmsiIGhyZWY9Imh0dHBzOi8vYml0bWVkaWEuaW8%2Fcj1rcGdzcTc1ZyZ1dG1fY2FtcGFpZ249NzgwMzk5MjU3OTc3JnV0bV9tZWRpdW09YmNrJnV0bV9zb3VyY2U9Ym1iY2siIHRhcmdldD0iX2JsYW5rIj48aW1nIGFsdD0iQml0bWVkaWEgUmVmZXJyYWwiIGNsYXNzPSJsaW5rLWltYWdlIiBzcmM9Ii8vc3RhdGljLmJtY2RuNS5jb20vaW1nL3Ivcl93MTYwaDYwMC5naWY%2Fdj12MS4yNS4xNSIvPjwvYT48L2Rpdj48L2Rpdj48L2JvZHk%2BPC9odG1sPg%3D%3D&badType=bitmedia_referral_ad&version=1675269612302 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:50 GMT
vary: Accept-Encoding
expires: Wed, 01 Feb 2023 17:09:50 GMT
cache-control: max-age=1800, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amCYCk62CIUjfvLUf1fyOyLX345zsHImi2sdgFgjaiMxZbmTCiYP46B%2BdvCVIE3%2FvFimuV%2FAQVKTsWH%2FRdOlO3a5aeOZuQs9H1Wev9CKu7G%2FY5xB1meIgHrENBUouCb4PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201a1d9375d8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
record.rizk.com/_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=ws39ak422lj1aoam2fnfh486
104.18.189.136301 Moved Permanently 0 B URL HTTP/2 record.rizk.com/_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=ws39ak422lj1aoam2fnfh486
IP 104.18.189.136:0
GET /_U3s_hG6hFM9IXyBFOGojY2Nd7ZgqdRLk/1/?payload=ws39ak422lj1aoam2fnfh486 HTTP/1.1
Host: record.rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=utf-8
location: https://rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
cache-control: private, no-cache, must-revalidate, Cache-Control: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
pragma: no-cache
x-powered-by: ZBan
cf-cache-status: BYPASS
set-cookie: VID1=KiwzQFAsMzBRLDM4US5gYGAKYAo%3D; expires=Thu, 01-Feb-2024 16:39:52 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=None
ZBan=GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk; expires=Thu, 01-Feb-2024 16:39:52 GMT; Max-Age=31536000; path=/; domain=.rizk.com; secure; HttpOnly; SameSite=None
PartnerId=GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk; expires=Fri, 03-Mar-2023 16:39:52 GMT; Max-Age=2592000; path=/; SameSite=Lax
marketingproduct=Casino; expires=Fri, 03-Mar-2023 16:39:52 GMT; Max-Age=2592000; path=/; domain=.rizk.com; SameSite=Lax
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20299bbeb52d-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a92628443%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588459)%5c%2f%22%2c%22CookieTag%22%3a%223795092628443451240919C2023211639%22%7d%2c%7b%22PID%22%3a86536170%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675269588590)%5c%2f%22%2c%22CookieTag%22%3a%223795086536170451240919C2023211639%22%7d%5d; btag=320665405_4F03CE830604485E9E0E444E5686127E
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:49 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99183CF8FA"
x-ms-request-id: d4160c8c-201e-0016-7481-31e4d5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 533364
vary: Accept-Encoding
server: cloudflare
cf-ray: 792c20164923b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
kemgm.heparlorne.com/PBKQAIZ?tag_id=926093&sub_id1=463404.503375&sub_id2=8000496244570220743&cookie_id=bbec12dd-39bc-45fe-aaac-120d44eca959&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D463404.503375&geo=NO
54.162.51.18200 OK 0 B URL HTTP/2 kemgm.heparlorne.com/PBKQAIZ?tag_id=926093&sub_id1=463404.503375&sub_id2=8000496244570220743&cookie_id=bbec12dd-39bc-45fe-aaac-120d44eca959&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D463404.503375&geo=NO
IP 54.162.51.18:0
GET /PBKQAIZ?tag_id=926093&sub_id1=463404.503375&sub_id2=8000496244570220743&cookie_id=bbec12dd-39bc-45fe-aaac-120d44eca959&lp=adultwatch&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Feastfeukufu.xyz%2F%3Ftid%3D926093%26noocp%3D1%26subid%3D463404.503375&geo=NO HTTP/1.1
Host: kemgm.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"31e6-utZQQz1SAP+MRKmgaMzV6pAveuk"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cngcpy.com/cuhdl?wh=MhDtUFf_qNAcFFuyiGiSolka
104.21.38.243302 Found 0 B URL HTTP/2 cngcpy.com/cuhdl?wh=MhDtUFf_qNAcFFuyiGiSolka
IP 104.21.38.243:0
GET /cuhdl?wh=MhDtUFf_qNAcFFuyiGiSolka HTTP/1.1
Host: cngcpy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/html; charset=utf-8
location: https://my.okueroskynt.com/d65cf81f-7fce-4b74-a76f-b50cfca5bef2?source_id=379870&reason_id=hosting&format=pops&zone_id=1084197&browser=Firefox&country=NO&mode=sw&clickid=
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4SIGFAPZM7WRQK7fj5pRNiRMbyT9qgPP2qvfObpxfX7efOlU4Mha%2Fv878ZGE4ZX9b1HpIhDE6hVU%2F1WT86%2FawsKqCVMzYtOvclWidCfWo4h1ZNrSXK6i0o9%2BwIL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201c7b2fb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stripchat.com/girls/teens?affiliateId=010223v8zvro89tud8uav0pr7lj4i7ilsxitko0is00966thnrqpw3j9tpbh3dkg&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
104.18.63.126200 OK 0 B URL HTTP/2 stripchat.com/girls/teens?affiliateId=010223v8zvro89tud8uav0pr7lj4i7ilsxitko0is00966thnrqpw3j9tpbh3dkg&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01
IP 104.18.63.126:0
GET /girls/teens?affiliateId=010223v8zvro89tud8uav0pr7lj4i7ilsxitko0is00966thnrqpw3j9tpbh3dkg&campaignId=ec5b69f6c071a3cfd23a4f14a73e806c4b46afd9e73a06adb4e266455dd771ff&p1=NO&p2=898897&p3=&realDomain=go.xlivrdr.com&referrer=http%3A%2F%2Frixon.ml%2F&sourceId=4234807&stripbotVariation=NullWidget&userId=709afc38e53feb5738296f4388fc757b75782945d6a5efdfee8be855c86d2d01 HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=utf-8
content-security-policy-report-only: default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.crowdin.com cdntechone.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club *.lovense.club:34568 *.lovense.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.lovense.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com accounts.google.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp
strict-transport-security: max-age=15768000
x-frame-options: deny
cf-cache-status: DYNAMIC
set-cookie: ABTest_ab_25_tokens_instead_20_key=A_726; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_index_header_names_couples_key=B_726; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_onboarding_dialog_key=A_726; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_private_modal_activities_key=B_726; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
ABTest_ab_top_score_with_conversion_rate_v3_key=A_726; path=/; domain=stripchat.com; expires=Sun, 19 Feb 2023 00:00:00 GMT
ABTest_start_private_with_price_key=B_726; path=/; domain=stripchat.com; expires=Mon, 15 Jul 2024 00:00:00 GMT
__cflb=02DiuFntVtrkFMde1diGSSu3zGTTgDGBDmKg1hwr2WwSC; SameSite=None; Secure; path=/; expires=Thu, 02-Feb-23 15:39:53 GMT; HttpOnly
server: cloudflare
cf-ray: 792c2029ed6d0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
104.18.21.91301 Moved Permanently 0 B URL HTTP/2 rizk.com/no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784
IP 104.18.21.91:0
GET /no/casino/kampanjer/rizk-velkomstbonus/5682?affcode=noiahrzkno&btag=a_10689784b_c_GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk-bm9pYWhyemtubw==&utm_medium=MA_Affiliates&utm_source=10689784 HTTP/1.1
Host: rizk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Cookie: ZBan=GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 01 Feb 2023 16:39:53 GMT
content-type: text/html; charset=UTF-8
location: https://rizk.com/no/casino/kampanjer/casino/welcome-bonus/18644
x-powered-by: PHP/7.1.33
set-cookie: PHPSESSID=7tm5ejp59kf516aqssrdegpig3; path=/; secure; HttpOnly
btag=a_10689784b_c_GZV0H_9OJ6ZjNqdCoN4C5mNd7ZgqdRLk-bm9pYWhyemtubw%3D%3D; expires=Wed, 15-Feb-2023 16:39:53 GMT; Max-Age=1209600; path=/; secure
Referer=http%3A%2F%2Frixon.ml%2F; expires=Fri, 03-Mar-2023 16:39:53 GMT; Max-Age=2592000; path=/; secure; httponly
cache-control: max-age=0, must-revalidate, private
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792c2031fc78b4fa-OSL
X-Firefox-Spdy: h2
www.adz2you.net/serve/ads.js
188.114.96.1200 OK 0 B URL HTTP/2 www.adz2you.net/serve/ads.js
IP 188.114.96.1:0
GET /serve/ads.js HTTP/1.1
Host: www.adz2you.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rixon.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:46 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1263
etag: W/"5d4508b2-4ef"
last-modified: Sat, 03 Aug 2019 04:08:18 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2B1fvGOdTpswhCjv8W3EJ6NxaXqI1wXs6hT8DimDRFDLHdOqCGSI5TipDpPk5FPf%2FhDSkMIK1I755ejpQeK2NxaWMGsBK57kGbIQpZpRVkgJzbFL3Hzeipslin35s9d4SNU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c2001ae43b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
promo.worldofwarships.eu/glows-49239/eu-no/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=&sid=SIDS3FpElWdBF_CkweKGTf53PRlLXamyt7DpE_Z6mdxQBCCrXPS-C_rIUftjWU0HT9UIAgc9kfWl40u8kLxFczTEiNZf2QRu-w1hKBHj8ELSPqIuQ94-Dt3TL3vSy3KrJUDJZd9A0Fgcauc_w&enctid=cq7dib7ok7mp&lpsn=WOWS+WLAP+3+ships&foris=1&teclient=1675269594638448354&utm_source=wlap&utm_medium=affiliate&utm_campaign=i20c1adr&utm_content=5757
185.244.209.62200 OK 0 B URL HTTP/2 promo.worldofwarships.eu/glows-49239/eu-no/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=&sid=SIDS3FpElWdBF_CkweKGTf53PRlLXamyt7DpE_Z6mdxQBCCrXPS-C_rIUftjWU0HT9UIAgc9kfWl40u8kLxFczTEiNZf2QRu-w1hKBHj8ELSPqIuQ94-Dt3TL3vSy3KrJUDJZd9A0Fgcauc_w&enctid=cq7dib7ok7mp&lpsn=WOWS+WLAP+3+ships&foris=1&teclient=1675269594638448354&utm_source=wlap&utm_medium=affiliate&utm_campaign=i20c1adr&utm_content=5757
IP 185.244.209.62:0
ASN #58286 Electric-IT Business S.R.L.
GET /glows-49239/eu-no/?t=1&pub_id=5757&xid=63da95da1d9f210001478f03&xid_param1=439_&xid_param_2=&sid=SIDS3FpElWdBF_CkweKGTf53PRlLXamyt7DpE_Z6mdxQBCCrXPS-C_rIUftjWU0HT9UIAgc9kfWl40u8kLxFczTEiNZf2QRu-w1hKBHj8ELSPqIuQ94-Dt3TL3vSy3KrJUDJZd9A0Fgcauc_w&enctid=cq7dib7ok7mp&lpsn=WOWS+WLAP+3+ships&foris=1&teclient=1675269594638448354&utm_source=wlap&utm_medium=affiliate&utm_campaign=i20c1adr&utm_content=5757 HTTP/1.1
Host: promo.worldofwarships.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:39:55 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 10:12:12 GMT
etag: W/"ef688311e4ae73d1f08a8d0caa4c32f3"
x-amz-request-id: tx00000000000000047e024-0063c1a2ae-1dbc2ce4-ed1
cache: HIT
x-cached-since: 2023-01-30T01:08:46+00:00
x-id: osix-up-gc4
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bmcdn5.com/pb/60b8b8569ade5e0025261c24/63cbdb2271c2f737f5e7f0d2/?type=iframe&fid=0767e1c391542a5a496bb2ae219540ed&fidnoua=5cfe52a2535e52fbeab9cf4f30dcabd1&sourceid=780399257977&source=http%253A%252F%252Frixon.ml&pageViewUuid=9232cee1-8b99-404e-85de-aaf3dec53f19&version=1675269612799
172.64.110.35403 Forbidden 0 B URL HTTP/2 cdn.bmcdn5.com/pb/60b8b8569ade5e0025261c24/63cbdb2271c2f737f5e7f0d2/?type=iframe&fid=0767e1c391542a5a496bb2ae219540ed&fidnoua=5cfe52a2535e52fbeab9cf4f30dcabd1&sourceid=780399257977&source=http%253A%252F%252Frixon.ml&pageViewUuid=9232cee1-8b99-404e-85de-aaf3dec53f19&version=1675269612799
IP 172.64.110.35:0
GET /pb/60b8b8569ade5e0025261c24/63cbdb2271c2f737f5e7f0d2/?type=iframe&fid=0767e1c391542a5a496bb2ae219540ed&fidnoua=5cfe52a2535e52fbeab9cf4f30dcabd1&sourceid=780399257977&source=http%253A%252F%252Frixon.ml&pageViewUuid=9232cee1-8b99-404e-85de-aaf3dec53f19&version=1675269612799 HTTP/1.1
Host: cdn.bmcdn5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free-btc.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
date: Wed, 01 Feb 2023 16:39:50 GMT
content-type: text/plain
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3aeTXGYFPCMDZUad7q%2BzpiG54yx%2FfO5G7y5LfnQ4HAkbG%2FmpCHqsG20w0cXHYL4fQrZGOQoitYaLAiRbnpp29tzAFWuppN%2F%2BlMMH5DiuZxRBbTwiQZSBd1hFG0Ume%2B2Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c201d399175d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rixon.ml/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:39:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3pqiXhxwtsqycDNUuwb5f42PEbAu4AGxpa17hlE1JfeRKbBEFvfI0pQ1toqdQebe3LXfrF7%2BNqfjTYkLFT4M4BC4u0cJIakMt6bDafkkN8%2BH1C8FbCMoQRmZz45%2BpU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792c20278beeb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2