t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.
51.161.115.163200 OK 519 B URL HTTP/1.1 t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.
IP 51.161.115.163:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (617)
Hash 0659c29339b7ae8e237c54f963f84b86
d3ff6480b674e0ce04198e173ff201d68089cbd1
cea0f130ae0ae9d0ba96eeb10ac3196e5762c948443902ca1e4504dda100c71e
GET /l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome. HTTP/1.1
Host: t1.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 08:51:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-63208671784bc04a7b5b1ad6=638c5f94b7c09d243330743b; expires=Wed, 07-Dec-2022 08:51:32 GMT; Max-Age=259200; path=/; domain=t1.lowtid.com; HttpOnly
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6449
Expires: Sun, 04 Dec 2022 10:39:02 GMT
Date: Sun, 04 Dec 2022 08:51:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5367
Cache-Control: max-age=97746
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:33 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 12:00:39 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 04 Dec 2022 12:48:32 GMT
Date: Sun, 04 Dec 2022 08:51:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 08:20:05 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1888
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1hzmru5bgBoSuhp3q3PoFgOc/gQhlb3FzypOUaAxrS0v4G83246iI2AEE3DX5falYCHefjaqCm4=
x-amz-request-id: 7VE0QG53JAACBFE9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 08:47:29 GMT
age: 244
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 08:51:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.&bv=1
51.161.115.163302 Found 0 B URL HTTP/1.1 t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.&bv=1
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.&bv=1 HTTP/1.1
Host: t1.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.
Cookie: bt-63208671784bc04a7b5b1ad6=638c5f94b7c09d243330743b
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 08:51:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11r6m6nbgk
Raund: 25s
Location: https://kanvo.cogliatu.com/rc/a33384834e?affclick=638c5f94b7c09d243330743b&pubid=101.333.888.us.chrome..us.chrome.
t1.lowtid.com/favicon.ico
51.161.115.163200 OK 20 B URL HTTP/1.1 t1.lowtid.com/favicon.ico
IP 51.161.115.163:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /favicon.ico HTTP/1.1
Host: t1.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0&d=63208671784bc04a7b5b1ad6&s=101.333.888.us.chrome..us.chrome.&d1=track.gositego.live&d2=333.888.us.chrome..us.chrome.
Cookie: bt-63208671784bc04a7b5b1ad6=638c5f94b7c09d243330743b
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 08:51:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2db533de94a2e4b7d9591747961fa41c
cc829219333b6c16955e353dba4f110d3c3c931e
9687bf0ddf2976f55bac2f68d148df5fe730aacb01696b77e3451f8108d03e7e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9687BF0DDF2976F55BAC2F68D148DF5FE730AACB01696B77E3451F8108D03E7E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13064
Expires: Sun, 04 Dec 2022 12:29:17 GMT
Date: Sun, 04 Dec 2022 08:51:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 08:08:58 GMT
cache-control: public,max-age=3600
age: 2555
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2db533de94a2e4b7d9591747961fa41c
cc829219333b6c16955e353dba4f110d3c3c931e
9687bf0ddf2976f55bac2f68d148df5fe730aacb01696b77e3451f8108d03e7e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9687BF0DDF2976F55BAC2F68D148DF5FE730AACB01696B77E3451F8108D03E7E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13064
Expires: Sun, 04 Dec 2022 12:29:17 GMT
Date: Sun, 04 Dec 2022 08:51:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5360
Cache-Control: max-age=92678
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:33 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:36:11 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4e02fd98239ad29b23f887cfb72ef895
9b508b66fcabf3d61695c3b105d5a4acafc3bf2b
f5355360e4a7adc4c0e8415bd1763dc4c482d94e3a8bb8d97a030b5bbf94050f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:33 GMT
Etag: "638ae4b8-117"
Server: ECS (amb/6BC5)
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4e02fd98239ad29b23f887cfb72ef895
9b508b66fcabf3d61695c3b105d5a4acafc3bf2b
f5355360e4a7adc4c0e8415bd1763dc4c482d94e3a8bb8d97a030b5bbf94050f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=162209
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:34 GMT
Etag: "638c3637-117"
Expires: Tue, 06 Dec 2022 05:55:03 GMT
Last-Modified: Sun, 04 Dec 2022 05:55:03 GMT
Server: nginx
Content-Length: 279
push.services.mozilla.com/
35.164.186.39101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.186.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HMsb1outMvQIZ7pGJA+5lA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HjjAJytoIxSD8ITaDxycl0qH13E=
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 76cd00e5dbb3ac432497e702991073c2
68d1f6e7f263b82712fa56f963495d8da98e74e7
123881f4d5f0309461b5ed83a23074cf8a9f77410ab3c88abb98af3817ff3c5d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 08:51:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 15:34:04 GMT
Expires: Sat, 10 Dec 2022 15:34:03 GMT
Etag: "68d1f6e7f263b82712fa56f963495d8da98e74e7"
Cache-Control: max-age=541948,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77434d0aa8c2b4fd-OSL
track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pubd15cb33480de4911a0fedc882769a57d&sub2=ce5edf9f_101.333.888.us.chrome..us.chrome.
34.91.234.242302 Found 0 B URL HTTP/2 track.gositego.live/sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pubd15cb33480de4911a0fedc882769a57d&sub2=ce5edf9f_101.333.888.us.chrome..us.chrome.
IP 34.91.234.242:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=6372315a14cb732daa6b203e&pid=930&sub1=pubd15cb33480de4911a0fedc882769a57d&sub2=ce5edf9f_101.333.888.us.chrome..us.chrome. HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 04 Dec 2022 08:51:34 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638c5f96158ea900011dfc6f&s=930_ce5edf9f_101.333.888.us.chrome..us.chrome.
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=638c5f96158ea900011dfc6f; expires=Mon, 04 Dec 2023 08:51:34 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f26b87c5828561d288c7c679c81478ac
ba655e746228f6ce1f243d817928fb1661d6a828
6502d3e7f132b97cc38881f7a0a6156b0ac1c7fc05d0892d88ec842d420c6374
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6502D3E7F132B97CC38881F7A0A6156B0AC1C7FC05D0892D88EC842D420C6374"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1114
Expires: Sun, 04 Dec 2022 09:10:08 GMT
Date: Sun, 04 Dec 2022 08:51:34 GMT
Connection: keep-alive
t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638c5f96158ea900011dfc6f&s=930_ce5edf9f_101.333.888.us.chrome..us.chrome.
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638c5f96158ea900011dfc6f&s=930_ce5edf9f_101.333.888.us.chrome..us.chrome.
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=638c5f96158ea900011dfc6f&s=930_ce5edf9f_101.333.888.us.chrome..us.chrome. HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 08:51:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: xi
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc71680bab407e4c8895a7f62d67d8e8
868a75ea31bfc47f32a3228b1929e9e5c17bba0e
f6b90485ffbea439a5a37beba8811be7c659486847b2c00b36cd307b126f3b0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6B90485FFBEA439A5A37BEBA8811BE7C659486847B2C00B36CD307B126F3B0F"
Last-Modified: Fri, 02 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5372
Expires: Sun, 04 Dec 2022 10:21:06 GMT
Date: Sun, 04 Dec 2022 08:51:34 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.
51.83.143.92200 OK 518 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (580)
Hash 8fbc8764eddf5e5bdc7541cf330ec575
6fd258717c6f41450a0be8d25a0c2ebb16f57c37
6cab76268d030def38dc341eace54e5bbc8cc14329631f641998f84402af6803
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome. HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kanvo.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 08:51:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=638c5f96ba245568f348e263; expires=Wed, 07-Dec-2022 08:51:34 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.
Cookie: bt-603611c5b7eaf46891533240=638c5f96ba245568f348e263
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 08:51:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4c117f290bb481e51ef6abbe97d090f0
bd6becedb9ac3e8701b33df0b44659811576d9ac
7318cd7480b3d1f248b125d4019f20d3883fd592743bcf768419e0938320c115
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 161
Cache-Control: max-age=151552
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:35 GMT
Etag: "638c0bf6-117"
Expires: Tue, 06 Dec 2022 02:57:27 GMT
Last-Modified: Sun, 04 Dec 2022 02:54:46 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279
ron.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_930_ce5edf9f_101.333.888.us.chrome..us.chrome.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 08:51:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
popcash.net/world/go/134600/317194
104.21.52.38301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 104.21.52.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 08:51:35 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAAQag5zkXBcK0OIUA8u6NPHzPZr2SxKmnr1VOjDw2mmXpSYBp0CbezVrlokaN7Wkwq8I94nlPtjUyf4iQDBJRdHslru4AuEvNpJ61byCGCvIsrKuBh%2FfexNe%2BGz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77434d108f670b55-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8177
Expires: Sun, 04 Dec 2022 11:07:52 GMT
Date: Sun, 04 Dec 2022 08:51:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8177
Expires: Sun, 04 Dec 2022 11:07:52 GMT
Date: Sun, 04 Dec 2022 08:51:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8177
Expires: Sun, 04 Dec 2022 11:07:52 GMT
Date: Sun, 04 Dec 2022 08:51:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 591104ff3c76193fe3c24fbbbb332f7d
aa134912d4f5ddfb371c45d9975506246af68400
af0cbb5c37c901019c1e684fe9a019bb7a2fb8359909ab831b7ff86cbc3d0fec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9356
x-amzn-requestid: 11f22578-a356-4f74-99bf-6d8462e25fdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ckdKGG8RIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b4240-5c5fa5332d60db084c8d3bb6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 12:34:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LHI_AR5lwe0vmuK0mOQapt3YQW0WE7BLN-PSn4pVMBTWoYbv4IV9ow==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:19:12 GMT
age: 16343
etag: "aa134912d4f5ddfb371c45d9975506246af68400"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 39537
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 5094
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:16:07 GMT
age: 5728
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t1vmY4fBoLpFjqHbLyMewgUrpvRjqG4QTAuA4BeB4Gl2jqbxI0gYQA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:08 GMT
age: 39687
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c37ed587ee5e3fbdc8cab86ef1345f9
364a32a224b2cacc26b138d57a8945c191e537b1
3c66654da4670e0d5ec87afb6c62f0a420d90875c57b280710f2592269a9303e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8285
x-amzn-requestid: 882c673f-4e3f-4f84-a51d-bbac56f716eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAAEWUoAMFWuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-3a2c571d6272b3493ec2a1c5;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wAFD-w3-gBFoOjjOYdnZRDPDkkeCf89uS38upjXPknfUZxtSxRpxvg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:50 GMT
age: 39525
etag: "364a32a224b2cacc26b138d57a8945c191e537b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
3.228.63.1200 OK 272 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 3.228.63.1:0
File type HTML document, ASCII text
Hash b86992ef008fef020344492a6e7c8ed3
c63a4fed3ad3a69432ddc5373a96cdbc7cb2d02b
d1e38914fa2a929756ac2c492ed80a07f35e87999dbc538441e7abceed63c522
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 04 Dec 2022 08:51:35 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=90b884f89d022c3e&r=&vw=1280&vh=0
3.228.63.1303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=90b884f89d022c3e&r=&vw=1280&vh=0
IP 3.228.63.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=90b884f89d022c3e&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sun, 04 Dec 2022 08:51:35 GMT
Location: http://dipaka-ead.com/zcvisitor/dbc78dc3-73b0-11ed-84ff-0a5af0e8e43f/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
dipaka-ead.com/zcvisitor/dbc78dc3-73b0-11ed-84ff-0a5af0e8e43f/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
3.208.247.235302 0 B URL HTTP/1.1 dipaka-ead.com/zcvisitor/dbc78dc3-73b0-11ed-84ff-0a5af0e8e43f/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
IP 3.208.247.235:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/dbc78dc3-73b0-11ed-84ff-0a5af0e8e43f/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Sun, 04 Dec 2022 08:51:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000170
Server: tDtlelcb
ocsp.sca1b.amazontrust.com/
65.9.54.104200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 65.9.54.104:0
Hash 200d28e6a9655889b1a39b013f132941
7af8e008ea286c5b63d04bab1ef64dbaa5aabb8e
4fdf8ab38984ca3d620431117540c61f76539f3f6cd09330acfd14aa595bab5d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169443
Date: Sun, 04 Dec 2022 08:51:36 GMT
Etag: "638c3d1e-1d7"
Expires: Tue, 06 Dec 2022 07:55:39 GMT
Last-Modified: Sun, 04 Dec 2022 06:24:30 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: D1Fso99f-ou96EwFqCCcL29NKLjeloMRuC4OyQlVPYEDAdVo0kv6OA==
Age: 5469
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000170
54.82.151.162200 OK 1.6 kB URL HTTP/2 bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000170
IP 54.82.151.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (793)
Hash 1426bbaac4cd0e63c46d71152c90357d
b058363ac99f3eace74a9cdf6d63f30db33cc119
3dc3be1e752a1af92ed035ae68ebeed9ec1be91b7a4c15e4ec8028e3d48e1230
GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000170 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Sun, 04 Dec 2022 08:51:36 GMT
content-type: text/html
content-length: 1571
X-Firefox-Spdy: h2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
143.204.42.138200 OK 184 kB URL HTTP/2 d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP 143.204.42.138:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size 184 kB (184529 bytes)
Hash ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5
GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Dec 2022 00:13:27 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rAKLdVqs9mLCiljUVESaIK9i7Z6BJ9zXOb7B4gK_-BUH7lFcgFFcrA==
age: 31090
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
65.9.54.104200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 65.9.54.104:0
Hash 2b48af1070c4e86e661b3b37efb1dafb
f65cf291c16326f527e7422f1fff15c1204984d3
f913ce31b070d7f5673094829ed5462888043fed057ba1d4900c02ad4a6d5c2e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=141613
Date: Sun, 04 Dec 2022 08:51:37 GMT
Etag: "638bcf80-1d7"
Expires: Tue, 06 Dec 2022 00:11:50 GMT
Last-Modified: Sat, 03 Dec 2022 22:36:48 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: o248TUT1AOTEuQwnhrJ3hvtzq4eU1k-JUZYYZWhNpawZCs9p1uxUzw==
Age: 5702
lnk.clickadsolutions.com/js/c.js
34.234.231.229200 OK 7.8 kB URL HTTP/2 lnk.clickadsolutions.com/js/c.js
IP 34.234.231.229:0
Hash 28f147c32edde42fcfabfc9cfa93edcd
4540d4c6db74de7651a1fe723ea0aa563b4c0678
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7
GET /js/c.js HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000170&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1798:1798:1; rls=291094:1798:1798:1; com=16573:166:NO:1798:1798:1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:37 GMT
content-type: application/javascript
content-length: 7804
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 24 Oct 2022 15:54:00 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
65.9.52.95200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 65.9.52.95:0
Hash 16882543d2d90f97c2323d213bae823d
a47f9c87eab0bd2094aeaeb34277259846a7f43d
6fddab7aa2df1d705cae22a77942c8949837102c37bc66757b2649b1976c57ab
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Dec 2022 08:51:38 GMT
Last-Modified: Sun, 04 Dec 2022 08:47:21 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: SLUJagOsH1qI-7ZdzJ44IAfnk6L7VlLv36Tc2YHYdXBj6wCLhraJ-Q==
Age: 257
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fa51dff36f0b2b7d39c7713af5cb03f
ad0123908ac3a508e5c5f30da4a6a9bc5c3a9a33
20ba3184e8140a17dbb61167dfc907cc2618bc5446dad3e9ff51435f4e582189
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2502
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:38 GMT
Last-Modified: Sun, 04 Dec 2022 08:09:56 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fa51dff36f0b2b7d39c7713af5cb03f
ad0123908ac3a508e5c5f30da4a6a9bc5c3a9a33
20ba3184e8140a17dbb61167dfc907cc2618bc5446dad3e9ff51435f4e582189
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2674
Cache-Control: max-age=143625
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:38 GMT
Etag: "638be331-117"
Expires: Tue, 06 Dec 2022 00:45:23 GMT
Last-Modified: Sun, 04 Dec 2022 00:00:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a825bada62ae68d6b7feece91b1c4759
c4fcc39fe357c3a16f1a7088a9e7d528b4974aa2
74012ada7644d9ef9ebf6712bc71578cbd998b39afad4f95bc3e63eea75056b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5992
Cache-Control: max-age=136849
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:38 GMT
Etag: "638bbbc3-116"
Expires: Mon, 05 Dec 2022 22:52:27 GMT
Last-Modified: Sat, 03 Dec 2022 21:12:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a825bada62ae68d6b7feece91b1c4759
c4fcc39fe357c3a16f1a7088a9e7d528b4974aa2
74012ada7644d9ef9ebf6712bc71578cbd998b39afad4f95bc3e63eea75056b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2318
Cache-Control: max-age=133175
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 08:51:38 GMT
Etag: "638bbbc3-116"
Expires: Mon, 05 Dec 2022 21:51:13 GMT
Last-Modified: Sat, 03 Dec 2022 21:12:35 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
65.9.54.104200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 65.9.54.104:0
Hash 4ee03e4c638ac0fb625fcfd0f2bdbecd
619fd55282588b6a6fa879d613d5d189365fc228
246904760ae67f6009307ad5f440bae82ebb3dfeea3ca1f2534882dd77a5b3e3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109270
Date: Sun, 04 Dec 2022 08:51:38 GMT
Etag: "638b5268-1d7"
Expires: Mon, 05 Dec 2022 15:12:48 GMT
Last-Modified: Sat, 03 Dec 2022 13:43:04 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 b862e3687b36a4ee0dbc1b9352fbfbb2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: NTxMuPHkNKDiQ6oOhXvcYIUP4xh3zF_4BYXBmeUZpEdI9Y-G1o-M6g==
Age: 5384
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CecypnFIqBUe1HiDwqpaaDHTLtlLz6xjaVWKKypn7Wwcv&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
65.9.44.47303 See Other 0 B URL HTTP/2 api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CecypnFIqBUe1HiDwqpaaDHTLtlLz6xjaVWKKypn7Wwcv&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
IP 65.9.44.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CecypnFIqBUe1HiDwqpaaDHTLtlLz6xjaVWKKypn7Wwcv&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 303 See Other
content-length: 0
location: https://www.gamezone.no
x-gravitee-transaction-id: 27ce64e5-b128-4625-8e64-e5b128462527
x-gravitee-request-id: 27ce64e5-b128-4625-8e64-e5b128462527
clickid: 107698149_1670143899150_11905330
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=AK_EulAnnWjUI_Wjn8yXIm53J8cEPFr2XlKK~Ezgll0WRafjK8erD7KpZlt_i7ARuKjDsgb5XWC4SPsz~PFBoHT0Gp5cSwkyxHl5RvqOeJFnXbuKCDgCb8R1H5UzCt2; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:39 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6295-184dc55760e-392806; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:39 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.015955S
x-robots-tag: noindex,nofollow
referrer-policy: origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Sun, 04 Dec 2022 08:51:39 GMT
x-cache: Miss from cloudfront
via: 1.1 ed87681648230d81cfe4a69364ab730c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: heW6JGB3uv_p5Studf5RRZ8OxGvoXls3_6_pigiITGrE1o0CcD2Agg==
X-Firefox-Spdy: h2
www.gamezone.no/
80.86.135.22301 Moved Permanently 143 B IP 80.86.135.22:0
ASN #21119 Braathe Gruppen AS
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fe02ba24a46719f530235ee4d8ad5a5e
abd4b424f60d510cfabbfa948bb6afc90954ff8e
b03292525efcbb04814e994e634589ce3561bc30248740a19dae49765c08af72
GET / HTTP/1.1
Host: www.gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://gamezone.no/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sun, 04 Dec 2022 08:51:38 GMT
content-length: 143
X-Firefox-Spdy: h2
as.ad4m.at/ad/tur?a=916&c=https%3A%2F%2Fgamezone.no&b=638c5f99569f615415ff958f-RL-291094
172.67.74.129307 Temporary Redirect 0 B URL HTTP/2 as.ad4m.at/ad/tur?a=916&c=https%3A%2F%2Fgamezone.no&b=638c5f99569f615415ff958f-RL-291094
IP 172.67.74.129:0
GET /ad/tur?a=916&c=https%3A%2F%2Fgamezone.no&b=638c5f99569f615415ff958f-RL-291094 HTTP/1.1
Host: as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sun, 04 Dec 2022 08:51:38 GMT
location: https://www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
expires: 0
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
pragma: no-cache
surrogate-control: no-store
cross-origin-embedder-policy: unsafe-none
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
vary: accept-encoding
referrer-policy: no-referrer-when-downgrade
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
strict-transport-security: max-age=86400; includeSubDomains; preload
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77434d24ba9eb4f1-OSL
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000170&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&c2=true&vpw=1280&vph=1024
34.234.231.229200 OK 0 B URL HTTP/2 lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000170&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&c2=true&vpw=1280&vph=1024
IP 34.234.231.229:0
GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000170&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:37 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:37 GMT; Secure; SameSite=None
cas=3451:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:37 GMT; Secure; SameSite=None
rls=291094:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:37 GMT; Secure; SameSite=None
com=16573:166:NO:1798:1798:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 04 Dec 2023 08:51:37 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D638c5f99569f615415ff958f-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=638c5f99569f615415ff958f&br=false
34.234.231.229200 OK 0 B URL HTTP/2 lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D638c5f99569f615415ff958f-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=638c5f99569f615415ff958f&br=false
IP 34.234.231.229:0
GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D638c5f99569f615415ff958f-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=638c5f99569f615415ff958f&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000170&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zrdbc78dc373b011ed84ff0a5af0e8e43f9d852806950e47eb92702e53c16b0a7f069464bb827b08d803&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1798:1798:1; rls=291094:1798:1798:1; com=16573:166:NO:1798:1798:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:37 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
srw.bannerwidget.tech/
50.17.84.136200 OK 0 B IP 50.17.84.136:0
POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:38 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
104.21.0.237302 Found 0 B URL HTTP/2 www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
IP 104.21.0.237:0
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 08:51:38 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 Dec 2022 08:51:38 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1O1EEKXMGw09R016XrTRFqSjV%2BK9Brf7ZeZcwQac6IDa%2FeVqRqON0OLtSelnMStIwlXWITxrmfBre8imgTZwj7zBW7oDwSdrRgosJxcWsw17mgStv3aygriiDRteF%2FwZH55MLGCKHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77434d255ad40b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
18.198.169.187302 Found 0 B URL HTTP/2 de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094
IP 18.198.169.187:0
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_638c5f99569f615415ff958f-RL-291094 HTTP/1.1
Host: de.trck.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 08:51:38 GMT
content-type: text/html; charset=UTF-8
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CecypnFIqBUe1HiDwqpaaDHTLtlLz6xjaVWKKypn7Wwcv&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
server: nginx
cache-control: no-cache, private
X-Firefox-Spdy: h2
gamezone.no/
80.86.135.22200 OK 0 B IP 80.86.135.22:0
ASN #21119 Braathe Gruppen AS
GET / HTTP/1.1
Host: gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-frame-options: DENY, DENY
x-aspnet-version: 4.0.30319
set-cookie: .ASPXANONYMOUS=435Pdk8-2QEkAAAANjIxMWZjOGQtNjY5NS00NzQwLWEzODEtMzFiNWI4MTEyOWFhSnw2mrhS2z7TARl2YOENHp8OmKs1; expires=Sat, 11-Feb-2023 19:31:39 GMT; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=xs1yhqwfewufxtb4r34ew0fc; path=/; HttpOnly; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Mon, 04-Dec-2023 08:51:39 GMT; path=/; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Mon, 04-Dec-2023 08:51:39 GMT; path=/; SameSite=Lax
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
date: Sun, 04 Dec 2022 08:51:38 GMT
content-length: 20068
X-Firefox-Spdy: h2
kanvo.cogliatu.com/rc/a33384834e?affclick=638c5f94b7c09d243330743b&pubid=101.333.888.us.chrome..us.chrome.
172.67.195.142200 OK 0 B URL HTTP/2 kanvo.cogliatu.com/rc/a33384834e?affclick=638c5f94b7c09d243330743b&pubid=101.333.888.us.chrome..us.chrome.
IP 172.67.195.142:0
GET /rc/a33384834e?affclick=638c5f94b7c09d243330743b&pubid=101.333.888.us.chrome..us.chrome. HTTP/1.1
Host: kanvo.cogliatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://t1.lowtid.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:33 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=ojsg7BKPdwXm1dsjdDfiGOijvxticms2YTZXz4JPbft11znfj1ed4i+jhqeAwcT9s351gQG5VFAGu33l0RE/Ugu/76rHmS/GZEZ0kQx6qA/y751c00ToX7JxaJcp; Expires=Sun, 11 Dec 2022 08:51:33 GMT; Path=/
AWSALBCORS=ojsg7BKPdwXm1dsjdDfiGOijvxticms2YTZXz4JPbft11znfj1ed4i+jhqeAwcT9s351gQG5VFAGu33l0RE/Ugu/76rHmS/GZEZ0kQx6qA/y751c00ToX7JxaJcp; Expires=Sun, 11 Dec 2022 08:51:33 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9b%2BpSpKgC9lCS%2B%2Bp%2FiLJzSDbKOMDTpU8eYSLI7%2BNbXI5Zl9ec%2FCu%2BJStrK0V%2BpgitqmfLxVcMY%2FI7igoV9MlNDzQsf6ofTjg500LRaTncFhNf0aMk%2Bsqgb1vhdAnyrNEYyLFOLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77434d065f65b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
104.21.74.141200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 104.21.74.141:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kanvo.cogliatu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 08:51:33 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 3316
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ag5pNDxnJAJMp4NyZ2xuMLQMe5Au0JyYmsiZUlPQwpWy1PyKti%2B2fJcm5fOdEUFdtD0cN2m1r8KW2JoACVgd6lQskdaS3k17pv76UC0bVUP50jo5jWQg8PBlZ5uIVMWf4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77434d095aa81c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2