r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2474
Expires: Tue, 25 Oct 2022 01:41:21 GMT
Date: Tue, 25 Oct 2022 01:00:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 050bfd0155f265780e88dabcdde8b147
93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 00:53:04 GMT
Expires: Tue, 25 Oct 2022 01:41:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 92SKWQrQNRH3C_2rwvHMERC9eINbgQunauilpA7-JHX8OboiorCY7A==
Age: 423
so.slytrk06.com/t/clk
104.21.63.188302 Found 0 B IP 104.21.63.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /t/clk HTTP/1.1
Host: so.slytrk06.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 25 Oct 2022 01:00:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: AWSALB=K6kdNwY1hSe++obNYrxQY8p1KyB6WookqSC3nSk4KJ5xPkVO9QS4Oh/R/mk/P3SSwPmDav+hAJAM8lgboEk+ej40GFOIlOK7x/MOLAVnT5KjoNHY5xkDJAK1JMjR; Expires=Tue, 01 Nov 2022 01:00:07 GMT; Path=/
AWSALBCORS=K6kdNwY1hSe++obNYrxQY8p1KyB6WookqSC3nSk4KJ5xPkVO9QS4Oh/R/mk/P3SSwPmDav+hAJAM8lgboEk+ej40GFOIlOK7x/MOLAVnT5KjoNHY5xkDJAK1JMjR; Expires=Tue, 01 Nov 2022 01:00:07 GMT; Path=/; SameSite=None
Location: https://so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98
Vary: Cookie, Origin
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFIx7ZPkN3o5FTVECuhLK3TIwsh0qkB5KJp9HRz3F%2Fr8xzd0a3yh1Wkzf2OhlSmVBb5fmJXgSBWzT%2Bb6%2B0Bkk5YY6XfWtLyRksquufWhqvk7INZjshHUj0PGcBmjb45ZDGw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75f703736dfbb512-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6444
Expires: Tue, 25 Oct 2022 02:47:31 GMT
Date: Tue, 25 Oct 2022 01:00:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: t+ubTpGsoC1+JaBCL54Wad4h6KS9VMoEGbSu8iXcTFC5MEgSgLsF+ZFVCl8gytfiu9bRY/bB9jU=
x-amz-request-id: CD1GPQKVQJSD0TFS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 00:08:43 GMT
age: 3084
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:00:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 845b6aa50cb4b474bbb1a15eb3b557d3
7a0b0d4a48655f1cb7eba2bc424deafc35187a33
816be059f6acb893d05b94bf77706ae5c6225095aaf76345adb21fad9c80bd7c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138639
Date: Tue, 25 Oct 2022 01:00:08 GMT
Etag: "6356afa7-1d7"
Expires: Wed, 26 Oct 2022 15:30:47 GMT
Last-Modified: Mon, 24 Oct 2022 15:30:47 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kd2uluuixvncZFzA3ozxkar5IaEe7JSM6OMlCEWRcI-hECOAYR6jOA==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 25 Oct 2022 00:33:32 GMT
Expires: Tue, 25 Oct 2022 01:01:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KD0kp83Rt2QGFkyx9zIuk6i3kRfpIs7fyqj_etenridamwTBO0tWXw==
Age: 1596
so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98
52.28.59.112302 Found 0 B URL HTTP/2 so-glo.yoptv33.com/t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98
IP 52.28.59.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t/clk?id=DQqT5fxjrUGKRmCl&rl=Dkxpn&rcode=R09&rseq=R09,R99,R98 HTTP/1.1
Host: so-glo.yoptv33.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 25 Oct 2022 01:00:08 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=6b9cf4ec-467d-4b42-aba3-86137fad12ca
server: nginx/1.12.2
cache-control: no-transform
x-frame-options: SAMEORIGIN
vary: Cookie, Origin
set-cookie: uip="[\"9ZCRwBgzsr\"\054 {\"dVeAv\": \"M6Jk02Q\"}]:1on8Ia:DrwjtfSxk9dDSlIf0T_t-oj5bEI"; expires=Thu, 24 Nov 2022 01:00:08 GMT; Max-Age=2592000; Path=/
ydt_69a756d9a2a44370a5365f82fbdfa6e5="[\"6b9cf4ec-467d-4b42-aba3-86137fad12ca\"]:1on8Ia:U4yrwqbN4EjgRSmxI8PBf2496P4"; expires=Thu, 24 Nov 2022 03:00:08 GMT; Max-Age=2599200; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7c6fdc8e76ef5875b5c965ade2df503e
45d548aa2a9d7ede163743274790700878eaea62
d2ff6eacd48af4892a2642e5d7bb925ca683062139f5a5cb4047f6f706830618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2318
Cache-Control: max-age=114314
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 01:00:08 GMT
Etag: "63564795-1d7"
Expires: Wed, 26 Oct 2022 08:45:22 GMT
Last-Modified: Mon, 24 Oct 2022 08:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.227.80101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.227.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6IJRaRlRAeCWIlDR57XE7g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QyPkWKx7FxzgrFkD0M0AEjmwTzY=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:00:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:00:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6909
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Tue, 25 Oct 2022 01:00:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b949df0edd9d64aa962e3bf4b267889e
3ef04f8c638dddf8bb8b70aae74770892307c814
e6c42bdd84bc9661c25a201599c29257b843d86d638ec479e7b5fa7bf81bc961
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11622
x-amzn-requestid: 2d6c3eb8-6a67-40bb-b970-a92caf783a4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYPSZFWpoAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63532c0f-14a2cd9f68bda5a01a765a2d;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 23:32:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _AwDcPb8X7mPlOseeJZxw4kaQsR4d_HDyqEUM7I4RfurX2iDap87YA==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 03:36:20 GMT
age: 77030
etag: "3ef04f8c638dddf8bb8b70aae74770892307c814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 80bab61eeda285e378b86b3efc4f87f9
5c690531e195332c04092ce22e7bdcecccc3c9d5
0c4dec046835501b598b5165acd592c3baeb2d6e21b6ac5fd549e790a802cd02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7977
x-amzn-requestid: 3e217877-33a2-4efc-a21f-b75764a8ced9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3FWGRooAMFagw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570555-2bc77cb653ef022b4aab7f71;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CWRIYnB8Zcc-9L-EdFq_ahTPlv8AMqnBGlZmRTN-0BsZIUWF3eUOfg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:37:08 GMT
age: 12182
etag: "5c690531e195332c04092ce22e7bdcecccc3c9d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e41dda631c7f2ee5e664d43e48af31
5a8579a70d8791a19e0192995c46594e242e864d
c26bec6c4527220272777fe7b3209d8726c94105955ef15f05a584bae50ae719
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8239
x-amzn-requestid: c37a1abe-9823-4181-a64f-5cc074cfdf2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3OeGxOoAMFtJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357058f-10c7cfed331c043e00a600e0;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:37:19 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ltiKOh8lG4pGE5tYpouvCu-KMHifbcFs9LgYLbEfYTD36Aw9xYEsKw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:49:13 GMT
age: 11457
etag: "5a8579a70d8791a19e0192995c46594e242e864d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89448f1a52030b28e9ecfcdc190787d4
5080ba75c230fd2b303f29a9b64868c6e8771df8
10a736997d441e274a54e9689c349d407087fef7aa7c0f4d0a7a603e446fdabd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: 94dad7b4-9c12-4bda-9202-3b7427185182
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aLiElGzEIAMFnOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e16e9-3c79cd392d5bc4312a730cda;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 03:00:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c5_B2RXKJx7FHrQvHdCG50zcDFWUqaaZu0GYuCxEI8fpK019dSlD3Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 13:16:16 GMT
age: 42234
etag: "5080ba75c230fd2b303f29a9b64868c6e8771df8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3aeb6b1835d08c55cf42c944741534ed
2009d471c426326137be99f0becf8a04b51aae1f
368e0fc26b5cae86c8e3d4ea761a0cf8006853834b6c7d721b4ca53a0ced7bc0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4f6855f-9ed8-45f8-8210-2a1c3775084c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4461
x-amzn-requestid: bdb7a920-13ae-41b3-8f8c-0938d2570e36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aCMzbFGmIAMFgqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634a5b48-5f9dd35b3ba2a28712bcddee;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 07:03:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tyFXV5mZY5EtRtR3--T7bnd83zXq-2r-7fJpA3H2Uk7UDys9_h-2dQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:57:17 GMT
age: 10973
etag: "2009d471c426326137be99f0becf8a04b51aae1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cf322f19151bcfa374c2e32b9ac986f
e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jiu-Z6DMgXxXdZ5BDwjNoq5Y15kBgM894k4EY2qSRZKdvk0bfkn89A==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:16 GMT
age: 11394
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
go.monetizer.mobi/favicon.ico
198.143.165.221200 OK 1.2 kB URL HTTP/2 go.monetizer.mobi/favicon.ico
IP 198.143.165.221:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/?utm_term=7158248514235924533&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=026bffc03f2ef123fcfade36b00db4a7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:00:10 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Wed, 26 Oct 2022 01:00:10 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2
go.monetizer.mobi/sw.js?v=1666659608522
198.143.165.221200 OK 776 B URL HTTP/2 go.monetizer.mobi/sw.js?v=1666659608522
IP 198.143.165.221:0
Hash f72a11763f13b05c1f2379d13387dd05
002fbf7672d3f4655b89b6413d160e4185ce9900
70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11
GET /sw.js?v=1666659608522 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=026bffc03f2ef123fcfade36b00db4a7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:00:10 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
51.68.85.158200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 51.68.85.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3751)
Hash f23f43c3035b24abe5c77392980b815a
b8307a789b459b4133373a14330845b749145adf
3e9a66d3894e2df9beb65ead0afd90314eef5f7c04015ce4a893a30fd0c50d1a
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 01:00:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=98110c342c0e223654a6a375919b83aa&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=98110c342c0e223654a6a375919b83aa&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=98110c342c0e223654a6a375919b83aa&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 25 Oct 2022 01:00:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.11527600077852684&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=go.monetizer.mobi HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 25 Oct 2022 01:00:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000b6d139aa3521f5d9908c2dc3d5402ba61025-202210-flb*5467509-4538f*M7158248514235924533*sl_5467509-4538f*0b5f0a1cd5b2a27fbcef0eb1fb34983056e6bb9e*797-403c551a*797
www.wewillserv.com/favicon.ico
51.68.85.158204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 25 Oct 2022 01:00:11 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 68b0c7c03a472e89bdf8e42b936cea22
7ba6a9257f8691aa9696371d904a5b2c90dbb2f3
aafbf5bf2025670c7a109fabb7a177d73b2d6943135400956ad59289af909d39
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 25 Oct 2022 01:00:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 25 Oct 2022 00:17:22 GMT
Expires: Wed, 26 Oct 2022 00:17:22 GMT
ETag: "7ba6a9257f8691aa9696371d904a5b2c90dbb2f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000b6d139aa3521f5d9908c2dc3d5402ba61025-202210-flb*5467509-4538f*M7158248514235924533*sl_5467509-4538f*0b5f0a1cd5b2a27fbcef0eb1fb34983056e6bb9e*797-403c551a*797
34.147.1.177302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000b6d139aa3521f5d9908c2dc3d5402ba61025-202210-flb*5467509-4538f*M7158248514235924533*sl_5467509-4538f*0b5f0a1cd5b2a27fbcef0eb1fb34983056e6bb9e*797-403c551a*797
IP 34.147.1.177:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000b6d139aa3521f5d9908c2dc3d5402ba61025-202210-flb*5467509-4538f*M7158248514235924533*sl_5467509-4538f*0b5f0a1cd5b2a27fbcef0eb1fb34983056e6bb9e*797-403c551a*797 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 25 Oct 2022 01:00:11 GMT
content-length: 0
location: https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6357351bc4ccbc00016e1e72&s=503
set-cookie: afclick=6357351bc4ccbc00016e1e72; expires=Wed, 25 Oct 2023 01:00:11 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d7c9dffc82c617a40a999724992c3d3b
c8199d405a3abcac97438e45145319a867e2f1d6
76d8a963e55f4cb4e9c600604e670054b38feec30340c793bbdec41a3481fd08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76D8A963E55F4CB4E9C600604E670054B38FEEC30340C793BBDEC41A3481FD08"
Last-Modified: Sat, 22 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10329
Expires: Tue, 25 Oct 2022 03:52:20 GMT
Date: Tue, 25 Oct 2022 01:00:11 GMT
Connection: keep-alive
t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6357351bc4ccbc00016e1e72&s=503
51.161.115.163302 Found 0 B URL HTTP/1.1 t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6357351bc4ccbc00016e1e72&s=503
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6357351bc4ccbc00016e1e72&s=503 HTTP/1.1
Host: t2.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 25 Oct 2022 01:00:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12bbr5cth7
Raund: 19q
Location: https://48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=6357351be2854b16d47d2910
go.monetizer.mobi/sw.js?v=1666659608522
198.143.165.221304 Not Modified 0 B URL HTTP/2 go.monetizer.mobi/sw.js?v=1666659608522
IP 198.143.165.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw.js?v=1666659608522 HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=026bffc03f2ef123fcfade36b00db4a7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 03 Oct 2022 07:40:54 GMT
If-None-Match: "633a9206-308"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Tue, 25 Oct 2022 01:00:11 GMT
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4fc47f6ce7f7f2b86e6bf3b4cd87c901
9a0cd0b23f97c3141308cf6678f3592652de9137
ec546f375dc1b1fffc0f6c676229d6d77fd7666b75a863701917fe8b49c175a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC546F375DC1B1FFFC0F6C676229D6D77FD7666B75A863701917FE8B49C175A4"
Last-Modified: Mon, 24 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15435
Expires: Tue, 25 Oct 2022 05:17:27 GMT
Date: Tue, 25 Oct 2022 01:00:12 GMT
Connection: keep-alive
48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=6357351be2854b16d47d2910
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=6357351be2854b16d47d2910
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=48&subid=48.503&ref=&s1=6357351be2854b16d47d2910 HTTP/1.1
Host: 48.us.findthewnd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=4b890776674a8025177b79a650cbd6d1:08805b7cd926b6633c08ca5707820d86ac1236ce624419168775afbfa41db845d74546a9f1e9aad6a04c8576cc4277a840d5633882f68f178d7617ad60f578c10cacb4dcacd029c528bbbe7b7206def72b87c87b737edd94b9d729f76c7c1947f21399112cbf11ca1a34eb3aa22f55d182bba99549639ad559a1da2701ae4a4403e1f76046f6daaa82747310930fec9e9e70314404e81ef8a0de8de491229739f146a4df1e76db2b9ad73b89f4a2eec16da820973b97a8795c589029564427435dea96e313b53228c0bf8eb1b893c38ab65fc9a137545696a7945876d533cf520fb90b5c04e91bf145adb659bae5590003b301f8db35e1c8bc73ba9ab5f2a109e5fb4982471008118715bc07c5b46f920e4875499c381fb09267536c3994fe4f76d7f949e57e1e7d5ce32504b9277881d4ca69a10b928f8007d2e856648c51959d770d6ea724887d6c7de7f10a966fcbcd060d84db477d0d853d29e09d5b812600f89d83ea212171ebffa3f32b2bd40e57d2e010810d96a8226092bf8aa3584e04b8103c652757bfacda09a98df92f8a3959a3805b9392bebfaa5d76c752778ff7e322e2f9c895e640bc1c2b5ce0954e40d76b57c7eefefc4db9a7c16213115f1297b2af91c936e8b78e88e9977f4a282d9619cc75a985342fbf6b3af95711331603a50820222323a227fe0317819e4643f6e5963b8ec452cd8cb4cd94aa8af121ebd42d31ece625cdad4496562cdd0c761766f5e8e2b8301c799a35e15542dddfa5fed0de681c59bc9d035b03759b26dceac2532e27f9567eeb8ce0720f879e891645f58d7d269552c32c06d9311c3b73bd7851275c6b8cee43c3873f44a8216495de52fb0b54986d29ebea2ba6c357e88f038efcbb0c35f89861d63141ac8bc86d0d6a4ced0fb7e398dec4efd33302771b41861a7d06ef56f3a83c2b3da7c983f458f0c9c13a36ba711a0738de4a49f0e491cca6004aac9b39f39f486d5ad26d1a50096e6f29d036088c5ca857687e69e338073eb4af9de639b2becff649beccc3728ea1fc7a615e35c0a64a169c18dd7153050ecb4ea8f36c9a742a4453d424a205c7d06a3283078072f6ec672d45a7f19adfa78e35af298d80b7b9ab76535e2c56ba68d7d76b1f576d40779fa24a7f08c6a7b056f1b7b5e4ac8b38f01006168b65211d6fc5d2cfed1dc465b37cbbb5b5877233977e2f5a9a50729b0b5ff84ff2c1f9384551dfca1bb1b6ef05f3cfaf03cc4895adf513b15930dff3abddeac5e45af434a2f4f45fb72127be1b09a13a9eedba61c52bc7400cdd4ba3baf072719cecf4ec64e0980401fb154ecd38b7dfc5c5d1c16c28e37df0cd96e27bfdff56669dcb7b5c892ab3d3009c8fa4f4cb63f4bd0a31d905edefd1ee84f894f3da688d1dee91611d2412b09776d2cf08b5&s1=6357351be2854b16d47d2910
Date: Tue, 25 Oct 2022 01:00:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2a224bc3dda79a991022978124f5888
ef82878d17ad9715a5e2ffb41bf8a016516a07da
9b1bfbe16f3b1bfd867ffa92246bf1346369c7c918e4e1dd02f8c703fe7b7d7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B1BFBE16F3B1BFD867FFA92246BF1346369C7C918E4E1DD02F8C703FE7B7D7C"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15450
Expires: Tue, 25 Oct 2022 05:17:43 GMT
Date: Tue, 25 Oct 2022 01:00:13 GMT
Connection: keep-alive
redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=4b890776674a8025177b79a650cbd6d1:08805b7cd926b6633c08ca5707820d86ac1236ce624419168775afbfa41db845d74546a9f1e9aad6a04c8576cc4277a840d5633882f68f178d7617ad60f578c10cacb4dcacd029c528bbbe7b7206def72b87c87b737edd94b9d729f76c7c1947f21399112cbf11ca1a34eb3aa22f55d182bba99549639ad559a1da2701ae4a4403e1f76046f6daaa82747310930fec9e9e70314404e81ef8a0de8de491229739f146a4df1e76db2b9ad73b89f4a2eec16da820973b97a8795c589029564427435dea96e313b53228c0bf8eb1b893c38ab65fc9a137545696a7945876d533cf520fb90b5c04e91bf145adb659bae5590003b301f8db35e1c8bc73ba9ab5f2a109e5fb4982471008118715bc07c5b46f920e4875499c381fb09267536c3994fe4f76d7f949e57e1e7d5ce32504b9277881d4ca69a10b928f8007d2e856648c51959d770d6ea724887d6c7de7f10a966fcbcd060d84db477d0d853d29e09d5b812600f89d83ea212171ebffa3f32b2bd40e57d2e010810d96a8226092bf8aa3584e04b8103c652757bfacda09a98df92f8a3959a3805b9392bebfaa5d76c752778ff7e322e2f9c895e640bc1c2b5ce0954e40d76b57c7eefefc4db9a7c16213115f1297b2af91c936e8b78e88e9977f4a282d9619cc75a985342fbf6b3af95711331603a50820222323a227fe0317819e4643f6e5963b8ec452cd8cb4cd94aa8af121ebd42d31ece625cdad4496562cdd0c761766f5e8e2b8301c799a35e15542dddfa5fed0de681c59bc9d035b03759b26dceac2532e27f9567eeb8ce0720f879e891645f58d7d269552c32c06d9311c3b73bd7851275c6b8cee43c3873f44a8216495de52fb0b54986d29ebea2ba6c357e88f038efcbb0c35f89861d63141ac8bc86d0d6a4ced0fb7e398dec4efd33302771b41861a7d06ef56f3a83c2b3da7c983f458f0c9c13a36ba711a0738de4a49f0e491cca6004aac9b39f39f486d5ad26d1a50096e6f29d036088c5ca857687e69e338073eb4af9de639b2becff649beccc3728ea1fc7a615e35c0a64a169c18dd7153050ecb4ea8f36c9a742a4453d424a205c7d06a3283078072f6ec672d45a7f19adfa78e35af298d80b7b9ab76535e2c56ba68d7d76b1f576d40779fa24a7f08c6a7b056f1b7b5e4ac8b38f01006168b65211d6fc5d2cfed1dc465b37cbbb5b5877233977e2f5a9a50729b0b5ff84ff2c1f9384551dfca1bb1b6ef05f3cfaf03cc4895adf513b15930dff3abddeac5e45af434a2f4f45fb72127be1b09a13a9eedba61c52bc7400cdd4ba3baf072719cecf4ec64e0980401fb154ecd38b7dfc5c5d1c16c28e37df0cd96e27bfdff56669dcb7b5c892ab3d3009c8fa4f4cb63f4bd0a31d905edefd1ee84f894f3da688d1dee91611d2412b09776d2cf08b5&s1=6357351be2854b16d47d2910
198.211.113.186302 Found 1.7 kB URL HTTP/1.1 redir.findthewind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=4b890776674a8025177b79a650cbd6d1:08805b7cd926b6633c08ca5707820d86ac1236ce624419168775afbfa41db845d74546a9f1e9aad6a04c8576cc4277a840d5633882f68f178d7617ad60f578c10cacb4dcacd029c528bbbe7b7206def72b87c87b737edd94b9d729f76c7c1947f21399112cbf11ca1a34eb3aa22f55d182bba99549639ad559a1da2701ae4a4403e1f76046f6daaa82747310930fec9e9e70314404e81ef8a0de8de491229739f146a4df1e76db2b9ad73b89f4a2eec16da820973b97a8795c589029564427435dea96e313b53228c0bf8eb1b893c38ab65fc9a137545696a7945876d533cf520fb90b5c04e91bf145adb659bae5590003b301f8db35e1c8bc73ba9ab5f2a109e5fb4982471008118715bc07c5b46f920e4875499c381fb09267536c3994fe4f76d7f949e57e1e7d5ce32504b9277881d4ca69a10b928f8007d2e856648c51959d770d6ea724887d6c7de7f10a966fcbcd060d84db477d0d853d29e09d5b812600f89d83ea212171ebffa3f32b2bd40e57d2e010810d96a8226092bf8aa3584e04b8103c652757bfacda09a98df92f8a3959a3805b9392bebfaa5d76c752778ff7e322e2f9c895e640bc1c2b5ce0954e40d76b57c7eefefc4db9a7c16213115f1297b2af91c936e8b78e88e9977f4a282d9619cc75a985342fbf6b3af95711331603a50820222323a227fe0317819e4643f6e5963b8ec452cd8cb4cd94aa8af121ebd42d31ece625cdad4496562cdd0c761766f5e8e2b8301c799a35e15542dddfa5fed0de681c59bc9d035b03759b26dceac2532e27f9567eeb8ce0720f879e891645f58d7d269552c32c06d9311c3b73bd7851275c6b8cee43c3873f44a8216495de52fb0b54986d29ebea2ba6c357e88f038efcbb0c35f89861d63141ac8bc86d0d6a4ced0fb7e398dec4efd33302771b41861a7d06ef56f3a83c2b3da7c983f458f0c9c13a36ba711a0738de4a49f0e491cca6004aac9b39f39f486d5ad26d1a50096e6f29d036088c5ca857687e69e338073eb4af9de639b2becff649beccc3728ea1fc7a615e35c0a64a169c18dd7153050ecb4ea8f36c9a742a4453d424a205c7d06a3283078072f6ec672d45a7f19adfa78e35af298d80b7b9ab76535e2c56ba68d7d76b1f576d40779fa24a7f08c6a7b056f1b7b5e4ac8b38f01006168b65211d6fc5d2cfed1dc465b37cbbb5b5877233977e2f5a9a50729b0b5ff84ff2c1f9384551dfca1bb1b6ef05f3cfaf03cc4895adf513b15930dff3abddeac5e45af434a2f4f45fb72127be1b09a13a9eedba61c52bc7400cdd4ba3baf072719cecf4ec64e0980401fb154ecd38b7dfc5c5d1c16c28e37df0cd96e27bfdff56669dcb7b5c892ab3d3009c8fa4f4cb63f4bd0a31d905edefd1ee84f894f3da688d1dee91611d2412b09776d2cf08b5&s1=6357351be2854b16d47d2910
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (1650), with no line terminators
Hash 1020d9c1dd7d890d3e535613789c5326
740ec67be45cddec44b65fabbeb14bd0996ec4a7
17c7ac038209fdcb0a1a91e2ceebe7236083fcaed20a8b4b92900785e6b1121d
GET /feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=4b890776674a8025177b79a650cbd6d1:08805b7cd926b6633c08ca5707820d86ac1236ce624419168775afbfa41db845d74546a9f1e9aad6a04c8576cc4277a840d5633882f68f178d7617ad60f578c10cacb4dcacd029c528bbbe7b7206def72b87c87b737edd94b9d729f76c7c1947f21399112cbf11ca1a34eb3aa22f55d182bba99549639ad559a1da2701ae4a4403e1f76046f6daaa82747310930fec9e9e70314404e81ef8a0de8de491229739f146a4df1e76db2b9ad73b89f4a2eec16da820973b97a8795c589029564427435dea96e313b53228c0bf8eb1b893c38ab65fc9a137545696a7945876d533cf520fb90b5c04e91bf145adb659bae5590003b301f8db35e1c8bc73ba9ab5f2a109e5fb4982471008118715bc07c5b46f920e4875499c381fb09267536c3994fe4f76d7f949e57e1e7d5ce32504b9277881d4ca69a10b928f8007d2e856648c51959d770d6ea724887d6c7de7f10a966fcbcd060d84db477d0d853d29e09d5b812600f89d83ea212171ebffa3f32b2bd40e57d2e010810d96a8226092bf8aa3584e04b8103c652757bfacda09a98df92f8a3959a3805b9392bebfaa5d76c752778ff7e322e2f9c895e640bc1c2b5ce0954e40d76b57c7eefefc4db9a7c16213115f1297b2af91c936e8b78e88e9977f4a282d9619cc75a985342fbf6b3af95711331603a50820222323a227fe0317819e4643f6e5963b8ec452cd8cb4cd94aa8af121ebd42d31ece625cdad4496562cdd0c761766f5e8e2b8301c799a35e15542dddfa5fed0de681c59bc9d035b03759b26dceac2532e27f9567eeb8ce0720f879e891645f58d7d269552c32c06d9311c3b73bd7851275c6b8cee43c3873f44a8216495de52fb0b54986d29ebea2ba6c357e88f038efcbb0c35f89861d63141ac8bc86d0d6a4ced0fb7e398dec4efd33302771b41861a7d06ef56f3a83c2b3da7c983f458f0c9c13a36ba711a0738de4a49f0e491cca6004aac9b39f39f486d5ad26d1a50096e6f29d036088c5ca857687e69e338073eb4af9de639b2becff649beccc3728ea1fc7a615e35c0a64a169c18dd7153050ecb4ea8f36c9a742a4453d424a205c7d06a3283078072f6ec672d45a7f19adfa78e35af298d80b7b9ab76535e2c56ba68d7d76b1f576d40779fa24a7f08c6a7b056f1b7b5e4ac8b38f01006168b65211d6fc5d2cfed1dc465b37cbbb5b5877233977e2f5a9a50729b0b5ff84ff2c1f9384551dfca1bb1b6ef05f3cfaf03cc4895adf513b15930dff3abddeac5e45af434a2f4f45fb72127be1b09a13a9eedba61c52bc7400cdd4ba3baf072719cecf4ec64e0980401fb154ecd38b7dfc5c5d1c16c28e37df0cd96e27bfdff56669dcb7b5c892ab3d3009c8fa4f4cb63f4bd0a31d905edefd1ee84f894f3da688d1dee91611d2412b09776d2cf08b5&s1=6357351be2854b16d47d2910 HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=21eaccd0bf9685e751cb2c17bb8012cf:c8cfe9f308cb92358020ad5406c3aad925fff0b43b8c9599890754a7e4f7a186008e85c4239c56136d3fb798e3e0207b39a7e86289e798d084ffd9305fd6d52f9f295c6de57bc22e13bed27ac279a2941f5e82ed91ae70adc0bead68b7e980fbb2e4988f7762fe2ffa70141cf6d1ac24434d3efc08b9621061c25b86510e5d6296670d78bd47d0f5a34d24e4844872c6dfa22a7aeedfcfa848c59bc03f48c08fc600baae578e46623e275ca9c2daf6a34ef8f42123e232e3a20eeba0a648beaee25f98f3a2d9766dddf6ee1961b97ad5f646578fa0d899c83345d7140eef482c083b23568f025b0ca4d1404a4c5f87bb11b6b10f387bd6c39d38807ec30693b9615e16105c106b7d148c6bef9e901cc05ebdd21fe050247338c831cbda38564f9a1f2922acd1416c9b601f55cb249cd0a918553754b2f10f8fd88da907a06c49f3b9f9fc3b4d0de3ddf2e42059066f54
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 1650
Date: Tue, 25 Oct 2022 01:00:13 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d8673b3fccec64b7385a6d3187bf95de
82798d1757da99133b3b10bd1ac15201e3c2b9fb
709c330abf819d6d8df14c30e51842916d479edeb150f00fed69d3277192208c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "709C330ABF819D6D8DF14C30E51842916D479EDEB150F00FED69D3277192208C"
Last-Modified: Sat, 22 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5591
Expires: Tue, 25 Oct 2022 02:33:25 GMT
Date: Tue, 25 Oct 2022 01:00:14 GMT
Connection: keep-alive
c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=21eaccd0bf9685e751cb2c17bb8012cf:c8cfe9f308cb92358020ad5406c3aad925fff0b43b8c9599890754a7e4f7a186008e85c4239c56136d3fb798e3e0207b39a7e86289e798d084ffd9305fd6d52f9f295c6de57bc22e13bed27ac279a2941f5e82ed91ae70adc0bead68b7e980fbb2e4988f7762fe2ffa70141cf6d1ac24434d3efc08b9621061c25b86510e5d6296670d78bd47d0f5a34d24e4844872c6dfa22a7aeedfcfa848c59bc03f48c08fc600baae578e46623e275ca9c2daf6a34ef8f42123e232e3a20eeba0a648beaee25f98f3a2d9766dddf6ee1961b97ad5f646578fa0d899c83345d7140eef482c083b23568f025b0ca4d1404a4c5f87bb11b6b10f387bd6c39d38807ec30693b9615e16105c106b7d148c6bef9e901cc05ebdd21fe050247338c831cbda38564f9a1f2922acd1416c9b601f55cb249cd0a918553754b2f10f8fd88da907a06c49f3b9f9fc3b4d0de3ddf2e42059066f54
192.241.144.203302 Found 264 B URL HTTP/1.1 c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=21eaccd0bf9685e751cb2c17bb8012cf:c8cfe9f308cb92358020ad5406c3aad925fff0b43b8c9599890754a7e4f7a186008e85c4239c56136d3fb798e3e0207b39a7e86289e798d084ffd9305fd6d52f9f295c6de57bc22e13bed27ac279a2941f5e82ed91ae70adc0bead68b7e980fbb2e4988f7762fe2ffa70141cf6d1ac24434d3efc08b9621061c25b86510e5d6296670d78bd47d0f5a34d24e4844872c6dfa22a7aeedfcfa848c59bc03f48c08fc600baae578e46623e275ca9c2daf6a34ef8f42123e232e3a20eeba0a648beaee25f98f3a2d9766dddf6ee1961b97ad5f646578fa0d899c83345d7140eef482c083b23568f025b0ca4d1404a4c5f87bb11b6b10f387bd6c39d38807ec30693b9615e16105c106b7d148c6bef9e901cc05ebdd21fe050247338c831cbda38564f9a1f2922acd1416c9b601f55cb249cd0a918553754b2f10f8fd88da907a06c49f3b9f9fc3b4d0de3ddf2e42059066f54
IP 192.241.144.203:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 7c26312ee71f238a20f6b21f329dfada
1a8a92dce5382477e06caba8af610df7a1eef860
82c3258e7d0f4d2c3f04e48820646e7458b8cd116b76a4e5c3bf476585cf357b
GET /feed/click/?t1=128&tid=3115&uid=4465&subid=48_48.503&id=21eaccd0bf9685e751cb2c17bb8012cf:c8cfe9f308cb92358020ad5406c3aad925fff0b43b8c9599890754a7e4f7a186008e85c4239c56136d3fb798e3e0207b39a7e86289e798d084ffd9305fd6d52f9f295c6de57bc22e13bed27ac279a2941f5e82ed91ae70adc0bead68b7e980fbb2e4988f7762fe2ffa70141cf6d1ac24434d3efc08b9621061c25b86510e5d6296670d78bd47d0f5a34d24e4844872c6dfa22a7aeedfcfa848c59bc03f48c08fc600baae578e46623e275ca9c2daf6a34ef8f42123e232e3a20eeba0a648beaee25f98f3a2d9766dddf6ee1961b97ad5f646578fa0d899c83345d7140eef482c083b23568f025b0ca4d1404a4c5f87bb11b6b10f387bd6c39d38807ec30693b9615e16105c106b7d148c6bef9e901cc05ebdd21fe050247338c831cbda38564f9a1f2922acd1416c9b601f55cb249cd0a918553754b2f10f8fd88da907a06c49f3b9f9fc3b4d0de3ddf2e42059066f54 HTTP/1.1
Host: c.mybestclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://eu.pushnow.net/postback/click?key=v2-1666659612216-4-5479-1084493-469a5667-4a56-d04c-2596-98be3a552e8c
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 264
Date: Tue, 25 Oct 2022 01:00:14 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ec31b43dd2081cccd7771709477c91f
253f9860c9dd6e5b245616c75a90ebc3fce6bdfb
8d61c83a66ec95fc424b2776615bdf537a82b110c20077bc2ea82787279b8c16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8D61C83A66EC95FC424B2776615BDF537A82B110C20077BC2EA82787279B8C16"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=816
Expires: Tue, 25 Oct 2022 01:13:50 GMT
Date: Tue, 25 Oct 2022 01:00:14 GMT
Connection: keep-alive
eu.pushnow.net/postback/click?key=v2-1666659612216-4-5479-1084493-469a5667-4a56-d04c-2596-98be3a552e8c
38.100.129.195302 Found 0 B URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1666659612216-4-5479-1084493-469a5667-4a56-d04c-2596-98be3a552e8c
IP 38.100.129.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1666659612216-4-5479-1084493-469a5667-4a56-d04c-2596-98be3a552e8c HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 25 Oct 2022 01:00:14 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
platform_user_id_from_ssp=platform:f86f862ff85e673a9c9766752124fbcc
platform_user_id_from_ssp_3rd_party=platform:f86f862ff85e673a9c9766752124fbcc; SameSite=None; Secure; Max-Age=31556952
location: http://c.srvpcn.com/click?id=cdbja738due5899p9ddg&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
X-Firefox-Spdy: h2
c.srvpcn.com/click?id=cdbja738due5899p9ddg&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
23.22.137.206303 See Other 0 B URL HTTP/1.1 c.srvpcn.com/click?id=cdbja738due5899p9ddg&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
IP 23.22.137.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?id=cdbja738due5899p9ddg&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34 HTTP/1.1
Host: c.srvpcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Tue, 25 Oct 2022 01:00:14 GMT
Content-Length: 0
Connection: keep-alive
Location: http://bilqi-omv.com/zcvisitor/60fd9c84-5400-11ed-b92b-12379e0a0fb5/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
bilqi-omv.com/zcvisitor/60fd9c84-5400-11ed-b92b-12379e0a0fb5/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
35.174.150.83302 0 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/60fd9c84-5400-11ed-b92b-12379e0a0fb5/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
IP 35.174.150.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/60fd9c84-5400-11ed-b92b-12379e0a0fb5/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Tue, 25 Oct 2022 01:00:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
Server: DVJCrbbz
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5a2ff9998cb0167da6b6614ed884f55
f0b89b07731946d33d9100e29026e539f1135586
b0d31a82c4bf805dbe6a6cd27221f847ec39c095895d63ba2f9738a5b65149eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0D31A82C4BF805DBE6A6CD27221F847EC39C095895D63BA2F9738A5B65149EB"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2872
Expires: Tue, 25 Oct 2022 01:48:06 GMT
Date: Tue, 25 Oct 2022 01:00:14 GMT
Connection: keep-alive
go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
18.184.197.212200 OK 1.6 kB URL HTTP/1.1 go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
IP 18.184.197.212:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Hash 5e615bf2f64587dee6c380ed6b3ae738
b6a478c7c203b34618596b9ffa4e64be7fed5691
b49daa4a4db8a4f8e11e3d96de43f65a69e31927a31d8a8fb588dffbbf38fc59
GET /s4?sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1557
Date: Tue, 25 Oct 2022 01:00:15 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b4947263357a5cf383a519dcca40228
cfacf43717b7f1d77314dae8390737274d913315
3edf03c09f18dfb6c8677c751e99f9ab6e26890c438338338dcfb218b8d7162a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 01:00:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=422089,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f703a2aba30b3d-OSL
adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
35.190.38.40200 OK 3.2 kB URL HTTP/2 adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq
IP 35.190.38.40:0
Hash 79eee349716daaf18f6ca46a7fc5ebbd
ce9ed6ba087c0e5feacf9c011434a0f3dfc3b55f
380293bdb389c40d7b877de49383d10580f75639bc8c18ca1988f1eda346af76
GET /jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 25 Oct 2022 01:00:15 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4a4cdfbfbf3c02aaaa0a87e0ab96eab0
a2a1286f5b46a103e8dbdfe45c81c3f27b1bc84a
528564691cdc221df0775b38a9db82820ff803cfc0a245917184993f7d3067cc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 01:00:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 24 Oct 2022 21:37:08 GMT
Expires: Mon, 31 Oct 2022 21:37:07 GMT
Etag: "a2a1286f5b46a103e8dbdfe45c81c3f27b1bc84a"
Cache-Control: max-age=592010,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f703a82d630b3d-OSL
go.monetizer.mobi/proc.php?56cbe0f5052e6e2e45bc56ded85de0f9b38bf99c
198.143.165.221200 OK 0 B URL HTTP/2 go.monetizer.mobi/proc.php?56cbe0f5052e6e2e45bc56ded85de0f9b38bf99c
IP 198.143.165.221:0
GET /proc.php?56cbe0f5052e6e2e45bc56ded85de0f9b38bf99c HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.monetizer.mobi/?utm_term=7158248514235924533&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=026bffc03f2ef123fcfade36b00db4a7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:00:10 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7158248514235924533&website=797-403c551a&placement=797
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?stamat=m%257CfzIjIqNhaQdHkAH0dEdHP3xP.01e%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Gx0N4q2ZVkpmqZais3T7o1eHkXWt8WcVkS6Io01AM_qUUwsfA607EzGmGxd2hf8_g%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.9482526017543269&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
35.190.38.40302 Found 0 B URL HTTP/2 adspredictiv.com/jump/next.php?stamat=m%257CfzIjIqNhaQdHkAH0dEdHP3xP.01e%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Gx0N4q2ZVkpmqZais3T7o1eHkXWt8WcVkS6Io01AM_qUUwsfA607EzGmGxd2hf8_g%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.9482526017543269&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
IP 35.190.38.40:0
GET /jump/next.php?stamat=m%257CfzIjIqNhaQdHkAH0dEdHP3xP.01e%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Gx0N4q2ZVkpmqZais3T7o1eHkXWt8WcVkS6Io01AM_qUUwsfA607EzGmGxd2hf8_g%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=november-xis-1ewe8dydpq&cbur=0.9482526017543269&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 25 Oct 2022 01:00:15 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CwjZno3E6tGU3B5-GH0dEdHP3xP.74c%252CFYQJzGtakl0YGGJLl8J4bZgXiCWG9XIzOXmD8SNP5YOjVesknXxbTwND8a7nHRFLxZ1as-S_xmDsWJZGrBXz699XAUblkqi4vW8in63WPTcokXAP04l6E_P2dfAzDW6ntd0-KXs2a9QpSEUX-jVeXbqpVXgGsGwlP2jJ3yF6iNvbEFvSfpkG0V43Ir3dhJQtHSHRBUm7JGSh4hr2YkoKy3nfIBH8ZNRAWySklGdtX5XPEiutkb_WkHOq-OPu6DTfs5reQthF3ZH-gfXSSwYnHk9RUYv0VO44aJX6VdgAwSmnmru4zSr9zAmO_zGRKDafIcYI_J9rq-f0EsJgvn3M6v3fx3HMyqWcdwLK4MVFf5qGxGTfBRPeqlJbGCJAdOKQyjlZIlXSxbajRjkhDEGtwMpMC28KVVMYltIG1p1-bV6Ih6dlJaG9fB7Rqy5h9WhJuyyKHdJQOaf4PfqgJ7kMFd62KPRfZj_lOZzki2lV5JrjRcwTWMOyIRDLt3JDhPplEDwY2GtkuCkGM3QHJgM_smYegM5jphqaqT0XobX-XNJ8V0QNv8NVa7eJ92NbXliee7PpwABnoNsIZqpPreoicg%252C%252C
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=6b9cf4ec-467d-4b42-aba3-86137fad12ca
198.143.165.221200 OK 0 B URL HTTP/2 go.monetizer.mobi/?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=6b9cf4ec-467d-4b42-aba3-86137fad12ca
IP 198.143.165.221:0
GET /?utm_medium=ec4eee60be986151ad56a07d62a9c3fe7802b9db&utm_campaign=mainstream2021&1=1&cid=6b9cf4ec-467d-4b42-aba3-86137fad12ca HTTP/1.1
Host: go.monetizer.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 01:00:09 GMT
content-type: text/html; charset=UTF-8
location: https://go.monetizer.mobi/?utm_term=7158248514235924533&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=026bffc03f2ef123fcfade36b00db4a7; expires=Wed, 25-Oct-2023 01:00:09 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2