xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
185.217.95.56301 Moved Permanently 282 B URL HTTP/1.1 xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
IP 185.217.95.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b8635c8b51a8ca4834a8ec92eff93e49
20c394585d4572386f98af96154b29d90d0b4ff8
d42e5322c6ac4248a0f849820193913ae2eefc4e9432290cf42bbbc7a6dceb5c
GET /function_global2/mobile_detect/mobile-detect-master.zip HTTP/1.1
Host: xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jan 2023 19:41:17 GMT
Server: Apache
Location: https://xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Content-Length: 282
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5373
Expires: Fri, 27 Jan 2023 21:10:50 GMT
Date: Fri, 27 Jan 2023 19:41:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19903
Expires: Sat, 28 Jan 2023 01:13:00 GMT
Date: Fri, 27 Jan 2023 19:41:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 19:35:23 GMT
content-type: application/json
age: 354
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12992
Expires: Fri, 27 Jan 2023 23:17:49 GMT
Date: Fri, 27 Jan 2023 19:41:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SjPFzntp6SdxGBAZvQD6viFI2Ywppv1rstSyi6OaYSSRyIay2Q1JFoUJv7LStov8UNWXE2BLSpM=
x-amz-request-id: GFBXWAQPZ903CSC9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 19:20:39 GMT
age: 1238
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash fbcf401dd925f34ff7d6159a2c16dcc8
0b952404ea445ac75aa4d3b173df1d1389056752
4f17634dd922f4e4d605fdbaeaaed34041847944c8f104771b74372b9b092886
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F17634DD922F4E4D605FDBAEAAED34041847944C8F104771B74372B9B092886"
Last-Modified: Fri, 27 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Sat, 28 Jan 2023 01:40:42 GMT
Date: Fri, 27 Jan 2023 19:41:18 GMT
Connection: keep-alive
xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
185.217.95.56301 Moved Permanently 0 B URL HTTP/1.1 xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
IP 185.217.95.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /function_global2/mobile_detect/mobile-detect-master.zip HTTP/1.1
Host: xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: keep-alive, Keep-Alive
Location: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 18:49:03 GMT
age: 3135
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
185.217.95.56404 Not Found 5.6 kB URL HTTP/1.1 www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
IP 185.217.95.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (394)
Hash 6fa610c9eb54e5f2844b00acdf16e484
19d46a3036ad3fb6a1b5684945f8f51759b533a9
9f4e883905b01ad759f7f508c87db670520c4a0d9fd89d77194b43f838bcee03
GET /function_global2/mobile_detect/mobile-detect-master.zip HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: keep-alive, Keep-Alive
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.xxx-ts.com/style.css
185.217.95.56200 OK 3.0 kB IP 185.217.95.56:0
Hash 6a8e36ec3a7d431abfcb08ad4e33fbce
def2ae42d8e8426bc7c9b33529d69bd037a7587f
e77ac93a0c21e2ea403d4d5bdd5c53d923e9af12b090b4cae3d8a957f69c6596
GET /style.css HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Jan 2023 23:55:43 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Expires: Sat, 27 Jan 2024 19:41:18 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Connection: keep-alive, Keep-Alive
Content-Length: 3020
Keep-Alive: timeout=5, max=99
Content-Type: text/css
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6383
Expires: Fri, 27 Jan 2023 21:27:41 GMT
Date: Fri, 27 Jan 2023 19:41:18 GMT
Connection: keep-alive
www.xxx-ts.com/lazysizes.min.js
185.217.95.56200 OK 3.1 kB URL HTTP/1.1 www.xxx-ts.com/lazysizes.min.js
IP 185.217.95.56:0
File type ASCII text, with very long lines (6475)
Hash 3ba9a67ec4828761e326a84247a41dfb
0eaad1e2a4bd64e43d2f495fcdd8bc1c265b58ec
afb2ec6cd598db8fb7e9857b6ba9f086d7f4b032aab1eb447e9fba9ac03f3429
GET /lazysizes.min.js HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: keep-alive, Keep-Alive
Last-Modified: Mon, 23 Jan 2023 23:55:43 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Expires: Sat, 27 Jan 2024 19:41:18 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Length: 3082
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
www.xxx-ts.com/ImgError.js
185.217.95.56200 OK 334 B URL HTTP/1.1 www.xxx-ts.com/ImgError.js
IP 185.217.95.56:0
Hash ea90273e3df624afe89eacc852178bb6
b6167966e1699397fda72508b0579a1894d6856f
207d43eb6275c2fc6541cb0518eb3ba7f19069139ace526f803455eccb04853c
GET /ImgError.js HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: keep-alive, Keep-Alive
Last-Modified: Mon, 23 Jan 2023 23:55:43 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Expires: Sat, 27 Jan 2024 19:41:18 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Length: 334
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
www.xxx-ts.com/images/logo.png
185.217.95.56200 OK 9.4 kB URL HTTP/1.1 www.xxx-ts.com/images/logo.png
IP 185.217.95.56:0
File type PNG image data, 159 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash c5928e10e871ab15a08ac54117dd3fe0
518fcd362a4630fcaeb4453c7446d27760344d52
009f5c582cf1938a64383c1322a32c8d3b9139403d885c618ee2326134666b9d
GET /images/logo.png HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Jan 2023 23:55:43 GMT
Accept-Ranges: bytes
Content-Length: 9427
Cache-Control: max-age=31536000, public
Expires: Sat, 27 Jan 2024 19:41:18 GMT
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Vary: User-Agent
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/png
buqkrzbrucz.com/solid.gif?z=1964294&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 buqkrzbrucz.com/solid.gif?z=1964294&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
POST /solid.gif?z=1964294&abvar=0 HTTP/1.1
Host: buqkrzbrucz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxx-ts.com
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
www.xxx-ts.com/favicon.ico
185.217.95.56200 OK 17 kB URL HTTP/1.1 www.xxx-ts.com/favicon.ico
IP 185.217.95.56:0
File type MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Hash 7144a6fef4571054a605aa9858f40579
519aa0eed3e4c5b05b493148074890ab243c4459
84a5a225402e39e450dc6cbb7c78bbbd35c3841fb64ed88f7c6009000b56dd27
GET /favicon.ico HTTP/1.1
Host: www.xxx-ts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/function_global2/mobile_detect/mobile-detect-master.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:41:18 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Jan 2023 23:55:43 GMT
Accept-Ranges: bytes
Content-Length: 16958
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Vary: User-Agent
Connection: keep-alive, Keep-Alive
Cache-Control: max-age=31536000, public
Keep-Alive: timeout=5, max=97
Content-Type: image/vnd.microsoft.icon
cdn.pncloudfl.com/pn/d2e/c91/04f/d2ec9104f189fc6944c33903570709405ddf3bf7.png
172.67.25.161200 OK 43 kB URL HTTP/2 cdn.pncloudfl.com/pn/d2e/c91/04f/d2ec9104f189fc6944c33903570709405ddf3bf7.png
IP 172.67.25.161:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3e1c3d6737455035df23e1dd8c628159
ff5c77c8792281620a4793b43f38f1fdcc6f1c0a
eacb5c75d830f937a643288a9bb5ef5076c072ab6a2c5c4b3a9280ac8b0e0689
GET /pn/d2e/c91/04f/d2ec9104f189fc6944c33903570709405ddf3bf7.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: image/webp
content-length: 42896
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=100838
content-disposition: inline; filename="d2ec9104f189fc6944c33903570709405ddf3bf7.webp"
etag: e4ea1ce9d8604ab474f9e1f8ffbf39df
expires: Sat, 28 Jan 2023 22:50:49 GMT
last-modified: Tue, 22 Nov 2022 09:20:21 GMT
vary: Accept
x-openstack-request-id: tx0bbfac1040d1479a8451c-00637c963c
x-proxy-cache: HIT
x-timestamp: 1669108820.25853
x-trans-id: tx0bbfac1040d1479a8451c-00637c963c
cf-cache-status: HIT
age: 75029
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7903f711287db4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/c37/27f/34e/c3727f34e768637227002e6b305cbb475c2e6e60.png
172.67.25.161200 OK 61 kB URL HTTP/2 cdn.pncloudfl.com/pn/c37/27f/34e/c3727f34e768637227002e6b305cbb475c2e6e60.png
IP 172.67.25.161:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5ddd303ef84e1984339e09670e657bb9
49bfd092073feb62f80be85681779fb0fb628e93
8c78b8c768800c1d71580cced084d63ad53bf03ce3882baa3cbf6d8fb5e7464e
GET /pn/c37/27f/34e/c3727f34e768637227002e6b305cbb475c2e6e60.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: image/webp
content-length: 60712
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=88733
content-disposition: inline; filename="c3727f34e768637227002e6b305cbb475c2e6e60.webp"
etag: 9da140edba7f342fae203dbf5eab3bd4
expires: Sat, 28 Jan 2023 21:36:38 GMT
last-modified: Thu, 02 Apr 2020 11:21:51 GMT
vary: Accept
x-openstack-request-id: txa34c539740644b279fd58-0061b100eb
x-proxy-cache: HIT
x-timestamp: 1585826510.56933
x-trans-id: txa34c539740644b279fd58-0061b100eb
cf-cache-status: HIT
age: 79480
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7903f711187ab4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.166.224.175101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.224.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eRbBJRxC+19dcCSq6jI4hQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nd5xlZnEM7qvvLX9zZpj6Wl/9K0=
limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:19 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2301271441cd76bc5b55ea46e2aee3e41b0a; Path=/; Expires=Sat, 27 Jan 2024 19:41:18 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:19 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2301271441a77bc953ffbd46d48d742e40b4; Path=/; Expires=Sat, 27 Jan 2024 19:41:19 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1964294/?pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=J2dVMFTz-f41SQ7sMzjat1AmIhZ_F1Ex6VX-Yg6FMEP55ElDQK--B9EeLjISxrMPt0LqufHf9nMY-YQRuMbBAIVXWT6eRUIb288a2ivGAjYgbA8-x9jwnipHGXi4HztFvWealQvYImqFbeNB8uFSYqCtWopXfGwSbfTTixx4qtWXShy892mFvscWpxQAdqf5Ns-B134UqL7ROLaFZJFPVbVoEzWGsn1IqZrFPpr5BydTQqhoqq0J3D1G7M180WSCKb-Yzana_YD7nvHaEYj7vrC7bOia-FjK67z5oO-kC6O4fi8YG0wtx38YJ5kZLEhId1h9WRmVnoUvsc3Voe_C22_1cF7GlhioPIuCzezg_GYEn_1_xrRpShpMUBMspKA0Ryz9Wj5L-xa2Gha5KRKR_LRFIgFiQkADXdzegNjIaZK8u7tEQuXGFr067gHGBZ82Ipsgmn-mPOLM2QtrhxiIrL8CLyQDG3pJusOf_7HOjSe8y4dpElTgcgYlKGR5khPOAHhTqjiOfJErNF0NOTfqBolJoEE8v-Oopx4XMeAnPkL9jgiZIkjN8dsxWzEcpa_6Z3qdRUsYMocUHN8s_PUI7NpuIWPRuN44vQKEYtet0-KUsKqqKVpZE6VJxOOvQxKFtrlvLLFCM0_pWAzjInUW3juToqfg3JMQ0Mo3_I-FilrNHhYmNPaR0Gmt_DHYsZRp8KgMeN5dfsCQLlS1&cb=_clrn9zmvn6qf7k52ter6px&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:19 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=23012714411c78a03ed7a14e58bc7a20a92c; Path=/; Expires=Sat, 27 Jan 2024 19:41:19 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14634
Expires: Fri, 27 Jan 2023 23:45:14 GMT
Date: Fri, 27 Jan 2023 19:41:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14634
Expires: Fri, 27 Jan 2023 23:45:14 GMT
Date: Fri, 27 Jan 2023 19:41:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14634
Expires: Fri, 27 Jan 2023 23:45:14 GMT
Date: Fri, 27 Jan 2023 19:41:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14634
Expires: Fri, 27 Jan 2023 23:45:14 GMT
Date: Fri, 27 Jan 2023 19:41:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10352
Expires: Fri, 27 Jan 2023 22:33:52 GMT
Date: Fri, 27 Jan 2023 19:41:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 3919
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 16:31:38 GMT
age: 11382
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KGNpzuI2ny_1LH90atWa09SPYG7Ovolbv_KvL8nC6fUk59z-6TFsMQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:05:08 GMT
age: 59772
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 78692
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 78692
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MApUIVJ9KiOB34nLWUtMNmA8deQVoQ9xyNqSUYXlzdLlGoP9n78C5A==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 06:24:42 GMT
age: 47798
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cwqljsecvr.com/chicken.gif?z=1911811&pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=52_-ZKbOh5y7gvsP7xNSZmQKbKPDX0NYIaJlNBFRvunOGcgnS6I0tcktV2ieA-3lODPsavapLOl8OV1GSDFRvRqPFYNgN7Blxsq3rFfQyqnjwbmfjIVhwScyrWF2Ngp-zL5H4xYGlsPeOUtPl4xPVZjX0EUUocRrWQUWXZzdkZ_cEriJQ1togztyazIusU5xZGU_Fc8bLmYhLorxrYdTXGRErsSaLwCWFlcEJ0C_5h6vszWur88EeIkywnRrHoRj-L2kFvUBKu6g1itlBokUT6caRzVL3GtFjHUe-Hif0GzVfz81oNO3UjrpHT4qXKT9i3koKHE4-lTn4dOEIUM-tFatj78QYXcsd7_Z1GJ-DQyHOoO-FtCnOkfjrCkXr39lablvBPoh6FF_uH-OFxgg4aRk6BZ9AeOhI_yzXyoqr5l6RdYGb4P4iLfT-qI-90hDDgI8SJRF_9sL3KSWAakzdstazU6i3mGnULp4Wh4VETmNDtYkYPnop1PDLv5Zr-orW2RvOfYcKhGoolmpdrM3cdr9ZaqQIKrKZflwliRPVNEngJ_2oc6IgPMXMqJI_vWzUiuZIAOlMmIjQ8OO-NKijqD0UmnRFiYLOUqwi1Fla3pOz3FE6Cw06lkfuC-vR3ODbsNykhb5GsK3cAqRl3mU_m4HlpKiO7Q2kZQ2AMBmv9SzgkypdbMNij138nGKgTcIHw8bN52GrHbmgrDJWUFCmFgErdqXHFMd25Xb1hE8ACWH24r08V8URk27nuhTQ5CJ_8vpJxYWdKPFoxeLakTnxStXCgpzHPH_8ufhd6Iemvhddb_UtLtUOZCoS3Xcy9cAzLnwNwoTebFtyPTVXIrntsOHI__9YNAPhz7ltdCPXzImFVRaxL0c3QuWSx_-i4zNkhG4eBCnc6dHDcpqZZYwP7m-MlcjzE-QUr4_aaRGwRNOxw4E_w8v0DfRbwh8_T_EQ42kNNFI2QYimEkvYQS9Z2tYXpXuuhA48mskTmWysFsJ3zAFgT70uta422Yn-eWLJmYNSob3Tzg4kVAk6yc6cm5TjcZoJV-DaBZBNnraAM5j_IlHpkq828fYoB5FMv07_gTfcdhozmRTio2qDr9Cbe1IdWkDew1Spc-H91EJTEr34DkVgT68SwwVxUGnZS46Cq9tt4wsXyFIJ4A3KosBxVCbDYaHbScpa40VHSL7lxIQw0D4tkpUSLHSATTElYb0D7qCjUwgLqHDCdqkJVUQhSlVj_TSKv4whEqM8YYTlMOXZC7i1Yv8uJMFUJ0CTqzmijHmPq4c4nGbMmgy-JnxIYShui7_-0tdYx32DORyesRI8dgEbLwgvdGzNeI4vI8M8g-3xbBE5jn-yePPsT4iOVoOX8hBooFWpHq1APklkRhIecoEzYnUgQzR0qXcxhrOCLfAx3NiwBvTf6qGGjJO23huMhwR-LTg19cTodNaN9VoNBfJM3YxTFxRPmZP-v3JtYtb3X53liI-V5LdDgKGe0q8S_NGXX6WHQ8b5-dFOMzSPq8qraRvw_J3cpts7-c9AcxUWoF-R51jDWC2Ix9BYYBVRpAfPFY0BCQmhXqGavC8UTU5h64uN7oE5f9t97ACmId9uJZg40OeNDE_NNTjbwWDNrtKUWR_RjVAw-yg0Tcd5Xh2qmqcNRstsn6iBjXVeeeQg-UlsVw8fl2NmGvzt28yPRSD_Qfj7mxgzrN_LHFzB9gS8sUv2dV0iAWm0kxdrp529v7RGlhzW1M6JMPW6-UOgAiOlRfMc5dGt4EKqGWK4_gm0Nmp2hH33NuQ5eeqD-5suyDj1KdfFqA40vhK-sp_vlGI_z8lWJyiSEGyMRjaqydWc0Ot4s7dhxCvcV9P28waHmyT9KqwXrpSgHk7j2uxeBg4XGB3tVbkWCdTA4I5z4hWuk2J8vYqf_lstxq7Tfe6AXqslIkkDddFXPUexWgbOjnW8_elXW0KIH9C1cuiinvcZRJrCfUZcjASun0K_vZWDrbfuRDEUt-hDzMIh_k-h4z6kCi44oWRkyDMExljP6PVaA8zYsGiazzR-2xNa6H970wcJgn_cF2_Qk6WjtgiE0fx4vfEVb55RWLZ5JdH6kq6A4kTarnkp-KEIB9KS9RmZGMzLCGM9IuZFJ9RCLx5U31bNM56Qw==&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 cwqljsecvr.com/chicken.gif?z=1911811&pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=52_-ZKbOh5y7gvsP7xNSZmQKbKPDX0NYIaJlNBFRvunOGcgnS6I0tcktV2ieA-3lODPsavapLOl8OV1GSDFRvRqPFYNgN7Blxsq3rFfQyqnjwbmfjIVhwScyrWF2Ngp-zL5H4xYGlsPeOUtPl4xPVZjX0EUUocRrWQUWXZzdkZ_cEriJQ1togztyazIusU5xZGU_Fc8bLmYhLorxrYdTXGRErsSaLwCWFlcEJ0C_5h6vszWur88EeIkywnRrHoRj-L2kFvUBKu6g1itlBokUT6caRzVL3GtFjHUe-Hif0GzVfz81oNO3UjrpHT4qXKT9i3koKHE4-lTn4dOEIUM-tFatj78QYXcsd7_Z1GJ-DQyHOoO-FtCnOkfjrCkXr39lablvBPoh6FF_uH-OFxgg4aRk6BZ9AeOhI_yzXyoqr5l6RdYGb4P4iLfT-qI-90hDDgI8SJRF_9sL3KSWAakzdstazU6i3mGnULp4Wh4VETmNDtYkYPnop1PDLv5Zr-orW2RvOfYcKhGoolmpdrM3cdr9ZaqQIKrKZflwliRPVNEngJ_2oc6IgPMXMqJI_vWzUiuZIAOlMmIjQ8OO-NKijqD0UmnRFiYLOUqwi1Fla3pOz3FE6Cw06lkfuC-vR3ODbsNykhb5GsK3cAqRl3mU_m4HlpKiO7Q2kZQ2AMBmv9SzgkypdbMNij138nGKgTcIHw8bN52GrHbmgrDJWUFCmFgErdqXHFMd25Xb1hE8ACWH24r08V8URk27nuhTQ5CJ_8vpJxYWdKPFoxeLakTnxStXCgpzHPH_8ufhd6Iemvhddb_UtLtUOZCoS3Xcy9cAzLnwNwoTebFtyPTVXIrntsOHI__9YNAPhz7ltdCPXzImFVRaxL0c3QuWSx_-i4zNkhG4eBCnc6dHDcpqZZYwP7m-MlcjzE-QUr4_aaRGwRNOxw4E_w8v0DfRbwh8_T_EQ42kNNFI2QYimEkvYQS9Z2tYXpXuuhA48mskTmWysFsJ3zAFgT70uta422Yn-eWLJmYNSob3Tzg4kVAk6yc6cm5TjcZoJV-DaBZBNnraAM5j_IlHpkq828fYoB5FMv07_gTfcdhozmRTio2qDr9Cbe1IdWkDew1Spc-H91EJTEr34DkVgT68SwwVxUGnZS46Cq9tt4wsXyFIJ4A3KosBxVCbDYaHbScpa40VHSL7lxIQw0D4tkpUSLHSATTElYb0D7qCjUwgLqHDCdqkJVUQhSlVj_TSKv4whEqM8YYTlMOXZC7i1Yv8uJMFUJ0CTqzmijHmPq4c4nGbMmgy-JnxIYShui7_-0tdYx32DORyesRI8dgEbLwgvdGzNeI4vI8M8g-3xbBE5jn-yePPsT4iOVoOX8hBooFWpHq1APklkRhIecoEzYnUgQzR0qXcxhrOCLfAx3NiwBvTf6qGGjJO23huMhwR-LTg19cTodNaN9VoNBfJM3YxTFxRPmZP-v3JtYtb3X53liI-V5LdDgKGe0q8S_NGXX6WHQ8b5-dFOMzSPq8qraRvw_J3cpts7-c9AcxUWoF-R51jDWC2Ix9BYYBVRpAfPFY0BCQmhXqGavC8UTU5h64uN7oE5f9t97ACmId9uJZg40OeNDE_NNTjbwWDNrtKUWR_RjVAw-yg0Tcd5Xh2qmqcNRstsn6iBjXVeeeQg-UlsVw8fl2NmGvzt28yPRSD_Qfj7mxgzrN_LHFzB9gS8sUv2dV0iAWm0kxdrp529v7RGlhzW1M6JMPW6-UOgAiOlRfMc5dGt4EKqGWK4_gm0Nmp2hH33NuQ5eeqD-5suyDj1KdfFqA40vhK-sp_vlGI_z8lWJyiSEGyMRjaqydWc0Ot4s7dhxCvcV9P28waHmyT9KqwXrpSgHk7j2uxeBg4XGB3tVbkWCdTA4I5z4hWuk2J8vYqf_lstxq7Tfe6AXqslIkkDddFXPUexWgbOjnW8_elXW0KIH9C1cuiinvcZRJrCfUZcjASun0K_vZWDrbfuRDEUt-hDzMIh_k-h4z6kCi44oWRkyDMExljP6PVaA8zYsGiazzR-2xNa6H970wcJgn_cF2_Qk6WjtgiE0fx4vfEVb55RWLZ5JdH6kq6A4kTarnkp-KEIB9KS9RmZGMzLCGM9IuZFJ9RCLx5U31bNM56Qw==&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1911811&pb=bde2e63273df90efd5c6ad8de05cfb821674855678&psp=52_-ZKbOh5y7gvsP7xNSZmQKbKPDX0NYIaJlNBFRvunOGcgnS6I0tcktV2ieA-3lODPsavapLOl8OV1GSDFRvRqPFYNgN7Blxsq3rFfQyqnjwbmfjIVhwScyrWF2Ngp-zL5H4xYGlsPeOUtPl4xPVZjX0EUUocRrWQUWXZzdkZ_cEriJQ1togztyazIusU5xZGU_Fc8bLmYhLorxrYdTXGRErsSaLwCWFlcEJ0C_5h6vszWur88EeIkywnRrHoRj-L2kFvUBKu6g1itlBokUT6caRzVL3GtFjHUe-Hif0GzVfz81oNO3UjrpHT4qXKT9i3koKHE4-lTn4dOEIUM-tFatj78QYXcsd7_Z1GJ-DQyHOoO-FtCnOkfjrCkXr39lablvBPoh6FF_uH-OFxgg4aRk6BZ9AeOhI_yzXyoqr5l6RdYGb4P4iLfT-qI-90hDDgI8SJRF_9sL3KSWAakzdstazU6i3mGnULp4Wh4VETmNDtYkYPnop1PDLv5Zr-orW2RvOfYcKhGoolmpdrM3cdr9ZaqQIKrKZflwliRPVNEngJ_2oc6IgPMXMqJI_vWzUiuZIAOlMmIjQ8OO-NKijqD0UmnRFiYLOUqwi1Fla3pOz3FE6Cw06lkfuC-vR3ODbsNykhb5GsK3cAqRl3mU_m4HlpKiO7Q2kZQ2AMBmv9SzgkypdbMNij138nGKgTcIHw8bN52GrHbmgrDJWUFCmFgErdqXHFMd25Xb1hE8ACWH24r08V8URk27nuhTQ5CJ_8vpJxYWdKPFoxeLakTnxStXCgpzHPH_8ufhd6Iemvhddb_UtLtUOZCoS3Xcy9cAzLnwNwoTebFtyPTVXIrntsOHI__9YNAPhz7ltdCPXzImFVRaxL0c3QuWSx_-i4zNkhG4eBCnc6dHDcpqZZYwP7m-MlcjzE-QUr4_aaRGwRNOxw4E_w8v0DfRbwh8_T_EQ42kNNFI2QYimEkvYQS9Z2tYXpXuuhA48mskTmWysFsJ3zAFgT70uta422Yn-eWLJmYNSob3Tzg4kVAk6yc6cm5TjcZoJV-DaBZBNnraAM5j_IlHpkq828fYoB5FMv07_gTfcdhozmRTio2qDr9Cbe1IdWkDew1Spc-H91EJTEr34DkVgT68SwwVxUGnZS46Cq9tt4wsXyFIJ4A3KosBxVCbDYaHbScpa40VHSL7lxIQw0D4tkpUSLHSATTElYb0D7qCjUwgLqHDCdqkJVUQhSlVj_TSKv4whEqM8YYTlMOXZC7i1Yv8uJMFUJ0CTqzmijHmPq4c4nGbMmgy-JnxIYShui7_-0tdYx32DORyesRI8dgEbLwgvdGzNeI4vI8M8g-3xbBE5jn-yePPsT4iOVoOX8hBooFWpHq1APklkRhIecoEzYnUgQzR0qXcxhrOCLfAx3NiwBvTf6qGGjJO23huMhwR-LTg19cTodNaN9VoNBfJM3YxTFxRPmZP-v3JtYtb3X53liI-V5LdDgKGe0q8S_NGXX6WHQ8b5-dFOMzSPq8qraRvw_J3cpts7-c9AcxUWoF-R51jDWC2Ix9BYYBVRpAfPFY0BCQmhXqGavC8UTU5h64uN7oE5f9t97ACmId9uJZg40OeNDE_NNTjbwWDNrtKUWR_RjVAw-yg0Tcd5Xh2qmqcNRstsn6iBjXVeeeQg-UlsVw8fl2NmGvzt28yPRSD_Qfj7mxgzrN_LHFzB9gS8sUv2dV0iAWm0kxdrp529v7RGlhzW1M6JMPW6-UOgAiOlRfMc5dGt4EKqGWK4_gm0Nmp2hH33NuQ5eeqD-5suyDj1KdfFqA40vhK-sp_vlGI_z8lWJyiSEGyMRjaqydWc0Ot4s7dhxCvcV9P28waHmyT9KqwXrpSgHk7j2uxeBg4XGB3tVbkWCdTA4I5z4hWuk2J8vYqf_lstxq7Tfe6AXqslIkkDddFXPUexWgbOjnW8_elXW0KIH9C1cuiinvcZRJrCfUZcjASun0K_vZWDrbfuRDEUt-hDzMIh_k-h4z6kCi44oWRkyDMExljP6PVaA8zYsGiazzR-2xNa6H970wcJgn_cF2_Qk6WjtgiE0fx4vfEVb55RWLZ5JdH6kq6A4kTarnkp-KEIB9KS9RmZGMzLCGM9IuZFJ9RCLx5U31bNM56Qw==&abvar=0&os=0 HTTP/1.1
Host: cwqljsecvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2301271441447e8c466cc3421390ca2c674f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:20 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMPmQAAAAAAAAAB; Path=/; Expires=Sun, 26 Feb 2023 19:41:20 GMT; Secure; SameSite=None
OACIBLOCK=ACMPmQAAAABj1B8w; Path=/; Expires=Sun, 26 Feb 2023 19:41:20 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 28 Jan 2023 19:41:20 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
buqkrzbrucz.com/aas/r45d/vki/1964294/fdd6d78f.js
62.122.171.6200 OK 0 B URL HTTP/2 buqkrzbrucz.com/aas/r45d/vki/1964294/fdd6d78f.js
IP 62.122.171.6:0
GET /aas/r45d/vki/1964294/fdd6d78f.js HTTP/1.1
Host: buqkrzbrucz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 13:21:09 GMT
vary: Accept-Encoding
etag: W/"63d27e45-10d38"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
cwqljsecvr.com/i/npage/1911811/code.js
62.122.171.6200 OK 0 B URL HTTP/2 cwqljsecvr.com/i/npage/1911811/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /i/npage/1911811/code.js HTTP/1.1
Host: cwqljsecvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 13:21:09 GMT
vary: Accept-Encoding
etag: W/"63d27e45-34b3e"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
cwqljsecvr.com/get/1911811?zoneid=1911811&jp=_clfnfqhq52oljlsc96lvx6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457787427379852
62.122.171.6200 OK 0 B URL HTTP/2 cwqljsecvr.com/get/1911811?zoneid=1911811&jp=_clfnfqhq52oljlsc96lvx6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457787427379852
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1911811?zoneid=1911811&jp=_clfnfqhq52oljlsc96lvx6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457787427379852 HTTP/1.1
Host: cwqljsecvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2301271441447e8c466cc3421390ca2c674f; Path=/; Expires=Sat, 27 Jan 2024 19:41:18 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
buqkrzbrucz.com/get/1964294?zoneid=1964294&jp=_cllher3ir10k9ie2lmyahm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924512636998156
62.122.171.6200 OK 0 B URL HTTP/2 buqkrzbrucz.com/get/1964294?zoneid=1964294&jp=_cllher3ir10k9ie2lmyahm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924512636998156
IP 62.122.171.6:0
GET /get/1964294?zoneid=1964294&jp=_cllher3ir10k9ie2lmyahm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924512636998156 HTTP/1.1
Host: buqkrzbrucz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxx-ts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:41:18 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=230127144159f0a6dab99244c2bc8644873b; Path=/; Expires=Sat, 27 Jan 2024 19:41:18 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2