Report - tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka

Report Overview

Submitted URL
tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso
IP
207.244.67.216
ASN
#30633 LEASEWEB-USA-WDC
Submitted
2023-01-31 02:03:35
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
mybettermb.com	unknown	2022-11-02T12:39:39Z	2023-03-13T07:55:50Z	2.1 kB	1.1 kB	52.116.53.155
qvikar.com	unknown	2015-09-17T17:14:33Z	2023-03-12T16:18:57Z	453 B	237 B	192.254.234.214
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	2.0 kB	151.101.194.133
www.clkmg.com	112778	2016-03-24T07:51:15Z	2023-03-13T08:24:37Z	1.4 kB	3.8 kB	50.97.244.203
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	340 B	964 B	104.18.32.68
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.117.124
cdn.clickmagick.com	unknown	2015-01-07T14:37:38Z	2023-03-12T23:00:53Z	1.4 kB	314 kB	54.230.111.88
p274639.mybettermb.com	unknown	2022-11-02T20:35:15Z	2023-03-13T01:51:06Z	1.3 kB	514 B	52.116.53.155
tpbproxyone.org	unknown	2018-03-02T13:58:24Z	2023-03-12T22:26:07Z	409 B	617 B	207.244.67.216
btpnative.com	108657	2018-10-28T07:54:26Z	2023-03-13T01:51:16Z	1.4 kB	9.7 kB	192.99.158.241
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
cdn.clkmg.com	762943	2015-01-01T09:43:46Z	2023-03-12T23:00:53Z	822 B	6.6 kB	54.230.111.107

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0	132 B	2023-03-13	2023-03-13
Pretty URL p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0 IP 52.116.53.155 ASN #36351 SOFTLAYER Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:36:03 Last Seen2023-03-13 14:36:05 Times Seen1 Hash 78c0b39eca7e120554c90d866ae9bef9 0ed7d60c91f3c3b833b219fc17d06319b44699b3 01f07d23babc0836f1882d403e7a8bfe865f121ee2924dfa9d0ee532ebd21d6c Loading...

	btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded	4.1 kB	2023-03-07	2023-04-05
Pretty URL btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded IP 192.99.158.241 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2023-04-05 01:56:36 Times Seen24 Hash a95ebc524317681eea9a586db022de39 4971459c3a5c26de04f1ca1edaa9c7ba225ee161 0bdbdaa3f492019a740ce5685efd434006c22801330be205bd590974e73c1b82 Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8183
Expires: Tue, 31 Jan 2023 04:19:47 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10309
Expires: Tue, 31 Jan 2023 04:55:13 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 01:43:15 GMT
content-type: application/json
age: 1209
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Tue, 31 Jan 2023 03:37:20 GMT
Date: Tue, 31 Jan 2023 02:03:24 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: g6c09rJ82BPUfZOqN6HWRAVaIMGYBUL55CoeG1j0H+kFijWu76sDjoUnVmMjXpB/cd8QZCtG9ro=
x-amz-request-id: ZE8TNAVFCZQH6STZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 01:22:01 GMT
age: 2483
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:03:24 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 01:41:41 GMT
age: 1304
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso

207.244.67.216

302 Found

11 B

URL HTTP/1.1
tpbproxyone.org/torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso
IP
207.244.67.216:0
ASN
#30633 LEASEWEB-USA-WDC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /torrent/22871872/Dr-Aly_KARLotto-l_auml_r-oss-tanka_C24524.iso HTTP/1.1
Host: tpbproxyone.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Tue, 31 Jan 2023 02:03:24 GMT
location: http://btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
server: nginx
set-cookie: sid=71d3a790-a10b-11ed-9a6f-16924a9c7922; path=/; domain=.tpbproxyone.org; expires=Sun, 18 Feb 2091 05:17:32 GMT; max-age=2147483647; HttpOnly

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8914
Expires: Tue, 31 Jan 2023 04:31:59 GMT
Date: Tue, 31 Jan 2023 02:03:25 GMT
Connection: keep-alive

btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded

192.99.158.241

200 OK

5.5 kB

URL HTTP/1.1
btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
IP
192.99.158.241:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Size
5.5 kB (5470 bytes)
Hash
d91b8bb049c40e5ce742f1fca96651c6
e18bba048ef76e6cf2513783e4a524407e4166f7
b19dd9daba655d60c0fc17de75c18279bc02405d8568f670687ac85fb69387ec

HTTP Headers

GET /click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: UtnIKonQMeAeTXt=UtnIKonQMeAeTXt; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 02:03:24 GMT
Content-Length: 5470

push.services.mozilla.com/

54.149.117.124

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.117.124:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u2afvXLPTbLNwZ6uLmgCfw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: N/ChueDkvOsjuBIXn7xy9+TpCHw=

btpnative.com/Redirect/

192.99.158.241

302 Found

1.8 kB

URL HTTP/1.1
btpnative.com/Redirect/
IP
192.99.158.241:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1737), with CRLF line terminators
Size
1.8 kB (1809 bytes)
Hash
fb947b44f474d3617b0bcd83c9d2a16f
912ba1d2f2920e3442a3a4fcf9eb7206c8bfc100
0840371c7b502d8cd52ebbfb75d4e5f23c372971cb9fa36de642c8c5b5c25a07

HTTP Headers

POST /Redirect/ HTTP/1.1
Host: btpnative.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 359
Origin: http://btpnative.com
Connection: keep-alive
Referer: http://btpnative.com/click?data=YS1OWTFaZnB1YVN1U3BWSDJfby1KTG1LQzVRZGNHZ19jaE5JdGh5VEIwcmtObS1WS05rbUZXV1NLMC1KNW5rUE5SODMyUE9JZzBLS2N5bWVESFg5WHdxekJael80b0Y5dHZBU2xuSHBlZTdFVGtnUFA0VFlLaW1ZZXprd1MzVHB5ZEk5Mmg4andJa3BEa1RkU1pfYldnMg2&id=98217bf6-f159-43f2-a9ca-9191004d2ded
Cookie: UtnIKonQMeAeTXt=UtnIKonQMeAeTXt
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Tue, 31 Jan 2023 02:03:25 GMT
Content-Length: 1809

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
bc288310c7a5f80bbc8e5dbeace292af
d68ca97515594770b04f3c3ae943d186e75ad2c5
6def27992aed1f32911f4820b432dca388db29e13b623596229f8e2ccfb9435f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 19:25:42 GMT
Expires: Sun, 05 Feb 2023 19:25:41 GMT
Etag: "d68ca97515594770b04f3c3ae943d186e75ad2c5"
Cache-Control: max-age=493934,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 791edef07d81b500-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 02:03:26 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8529 bytes)
Hash
ee0e708ca11a9468634d2a7dff56510f
40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3
e944a184377a91dae9fbc38ebc686fb95e261cb16ae09c7d69ababacffa75e57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8529
x-amzn-requestid: 633fc342-7b5a-4103-970e-74730c08679b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbhguFesIAMFqVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d47c6a-38e274c36d39ef4f2dd6034a;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 01:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: URqrtcPijXsHDSPMQ3K9PHbq20O0KYuk3YyO91rNW7t10zCuF3g5wg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 15:47:08 GMT
age: 36978
etag: "40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9700 bytes)
Hash
1e575f4c5e3aa793f846cadc8baf386c
f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d
09a5bbe4fb7f23ee43228267f30c1ef0cd8747e515e01c963df0756b866f23ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 059475a7-d7de-4a44-9fc7-11fb24e201b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_9G8DIAMF64A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e399-57fea3031d1e93ec02308fac;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vzubP2I1xR5NF1amWIPiIlp6yPykWhz-CEbwDiJOs-eTWkTE-fvfjA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 04:12:11 GMT
age: 78675
etag: "f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5394 bytes)
Hash
60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FoTKdVc567GRCEDn8JoMOs4-enQPpdvFhPafmSRsgCFZC78q8ba5pA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 12:51:52 GMT
age: 47494
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13853 bytes)
Hash
d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T5CaUojMEG8x8vki59UdIhI8IbbBRY_7w3xgiW3RCZlHTyeHPLIy2Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:47:13 GMT
age: 15373
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10898 bytes)
Hash
4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: djoQmYTv7Rlq9tKKkJ5U1J3YeVSIs5yzSts_xRN3bdi27Ra8UfM6OQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:44:45 GMT
age: 15521
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4634 bytes)
Hash
b43468b05cd1fd11c398263a80e4edb2
02e964ea5a88c866267ac6c5601bfcde26ffd42b
19783f05297f7ed5d7ca8cec0fc0e1676831275ac48f1510a4f410dbe2802314

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4634
x-amzn-requestid: 2941da94-203c-47d1-99ee-d864bdbf6993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCAHF9kIAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e39a-78bb7189351d830a7ef70c67;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uwVY2yJq8mZgVFAkrRx3OPU0qJ7uI5aehpxP_ULNJX9BQJLCiUwo7g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 03:45:40 GMT
age: 80266
etag: "02e964ea5a88c866267ac6c5601bfcde26ffd42b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ

52.116.53.155

302 Found

0 B

URL HTTP/2
mybettermb.com/aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ
IP
52.116.53.155:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /aS/feedclick?s=HFz5zNIIs95ROWPasgEEzx8Me0kzRtReLyT4nqgY4lUIKv2ZHTfRFmdNRMz_dvhc29XXvCS9-JLFXNSHgbbvMDcVgn291AC8_M1Mmbofr-ZKceZDQZtXA_b5np8cxJs0YFos_XX7JtPGVWViaJip_gzuORprI4qlt_7kfAZbXZ_3hitpdaEoqb0ydhoZZBqkiOFUSTI7wWesQ9eRj1dK3N-v8BIHlO6ic7m3ynBUcsyUE6MorZxE-9hV4AbS8Fh36g3txk1fZiBIiEGfLCfKHnQQ2Kfo2H--uEn4AkkWG5W9dKDCqaorJkjp3kQ3vjXpxcMc9t0-Ifg5jNi2LLofFcwWK4f86GKtq-BTbUqoyOTW-JGyDg7SXXq85s0cP1DnpEsfwoCuln4rymMpy1wzSkkYz9F6VKwaNuydrbih0BPnoqGn5uHZoui9WEKVZxZX9eOGDO9xP9fgY3t6xIW8DZiZGyfLoIBm_Y6UtOqiQgcDDhC0jlEh9x3A4I2R5IkXxuS3zXNnE691SLYXqlB_pYJBoTPX5eccLGIoYMCT98-0bEjzXcuSWhT39u56G-BU3LSDKxUn4VX7RHopvncO6dqysHoRPoUkMa13p3zeYeqiepGvAlG_wM2GQGd_ZuDPTr7HT5BJdwFm7--4_7Et-fH_WYho3R3zQPiuzYfez3NWjKAro-UUNnDX0gpdFb3-zxIbTGhkzHWaIy-R46lUGgfh3Y1MH56Zm1QpQRJMYmB2ECJBt9vwd-OwZWWftn_5RMLHybMVhST2W37oH6xfmZ_BxgeVkJ36yPH48JebCjsDaToxERLd_aCIlGoVRQJDpsednW4pcl0lD0N8hDzFtLU2t-tWAeTkbGb5ttCbdarrh42FPPTIkatSStWeSexnBDUsAjReqsD_9vB8WeHOtXUVHRmDslSPNvzYUtP77Oe6DV-rqsQUnfGr3Wvy5tECNI2FTAUk1qqQtnNaQPHGUhkjemynkCqKUOtMagxmGVbg77nVSLeFkmXsUdhJ3qUmqM1YFzne7G365sQcnyeNSvZxc3Fd9UC-rtg5Yuugvl7nAA319rQT5Ud6a0Dn6eNJizYKweXujG-J7JnMs7EaWDzJE_6X2Ti4dOAadnGy3NlTx__A9RYUFvznADb-k-FvaPhhgtFwNiv1Zuxk9W74o-5mHSollN8_R_t7s-Wbdx2iW8yKyuTfRJpQ2ge7Uo-9Z8QWW7j6bn4-5zQAw_SMiJ2RWHusoL5zUJcK-tCgLZ_7tmCu0FGrrjjfuAeiMhH9i09DnHmQ_YXZr6uKawK-aMbb8JYUiQxlIfzFlSAXcs7_CNBpFgUsmPZxCf7Wd9tziQt0yfNulW-keGVioozHqbvOGAPg_ei_xXl-GyBnccLJzFuWbFOdlU9i_TRclVxeB_XmHDAjA4b-fVU8keHSqZdYkU_DNJVyudMAcAZikWDNvXFr9TiobNwStkQ3BLEVJh8MbOqq4oL2MCSpNQpOroVV4ZZAOeRBGW2M-edZHsAlzsFMzYGLPkZgDphevg7WD81WSt9dIK1Rlbiaxp54rQ4ZUirtJAe3_wsPGkMWr4h1rP0FF769nCH8xZUgF3LOzpV3p2woOwA1ZtKmSv8w1SH8xZUgF3LO5lBB2RbRzyFlkkLEB146pQ HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Tue, 31 Jan 2023 02:03:26 GMT
content-length: 0
set-cookie: rhid=82800897449; Max-Age=15552000; Expires=Sun, 30-Jul-2023 02:03:26 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
702a14a5d5ca52a018d1158820d36ee7
6d546d6b6a5cfc014acc30e05c1ef02c41ef3e5a
dfd698d4867f97838da13eaf9c3542f223e64d2d64e9443a60784d10d0fab6c7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFD698D4867F97838DA13EAF9C3542F223E64D2D64E9443A60784D10D0FAB6C7"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 31 Jan 2023 08:03:27 GMT
Date: Tue, 31 Jan 2023 02:03:27 GMT
Connection: keep-alive

qvikar.com/symantec/security/436947333

192.254.234.214

302 Found

0 B

URL HTTP/2
qvikar.com/symantec/security/436947333
IP
192.254.234.214:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /symantec/security/436947333 HTTP/1.1
Host: qvikar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.clkmg.com/qvikar/symantec/security/436947333/
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 02:03:28 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

151.101.194.133

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
151.101.194.133:0
ASN
#54113 FASTLY

File type
data
Size
1.4 kB (1423 bytes)
Hash
394033aafed0cb3ac21ac491a405cc08
12bfeec535725bcde4217ec90c703f26269aa38f
4f2c4c448d958d61e5a5f4216eef80c0b45e001de6689b6b5ce7a38d23684cbc

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1423
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 04 Feb 2023 00:44:47 GMT
ETag: "12bfeec535725bcde4217ec90c703f26269aa38f"
Last-Modified: Tue, 31 Jan 2023 00:44:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 31 Jan 2023 02:03:28 GMT
Age: 4721
X-Served-By: cache-qpg1280-QPG, cache-bma1624-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 8, 1
X-Timer: S1675130609.536875,VS0,VE1

www.clkmg.com/qvikar/symantec/security/436947333/

50.97.244.203

302 Found

252 B

URL HTTP/1.1
www.clkmg.com/qvikar/symantec/security/436947333/
IP
50.97.244.203:0
ASN
#36351 SOFTLAYER

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
252 B (252 bytes)
Hash
f8e0d84321b2e3784347d18576532a0c
4618d65b989caf526cdd39434e52a42c74dd93ec
f886f67905fa02b7c13894be500f5a1736fe20542e0a57561444ce84be3824a5

HTTP Headers

GET /qvikar/symantec/security/436947333/ HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 02:03:28 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 252
Connection: keep-alive
P3P: CP="This is not a P3P policy! See https://www.clkmg.com for more info."
Set-Cookie: alc=1; domain=.clkmg.com; expires=Tue Jan 31 02:03:33 2023; path=/;
lids=1537844-152398+; domain=.clkmg.com; expires=Wed Jan 31 02:03:28 2024; path=/;
Location: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-02.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403

50.97.244.203

200 OK

1.4 kB

URL HTTP/1.1
www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
IP
50.97.244.203:0
ASN
#36351 SOFTLAYER

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.4 kB (1354 bytes)
Hash
fbf6005663528fbffb7fdf9c8fa995bc
de4dc1559fd1bd3026d94887738125a83b4012b6
972ee94dbdbea4c5e3a75afbb7d2b5ee9dd6e5558b8d09603491b51b7ccbb704

HTTP Headers

GET /err/?u=qvikar&l=symantec&s=A&e=403 HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: lids=1537844-152398+
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="This is not a P3P policy! See http://www.clkmg.com for more info."
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-02.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

cdn.clickmagick.com/images/logo.gif

54.230.111.88

200 OK

4.3 kB

URL HTTP/2
cdn.clickmagick.com/images/logo.gif
IP
54.230.111.88:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 300 x 64\012- data
Size
4.3 kB (4252 bytes)
Hash
1bfe88368945f71f6b145f8fdc431c3f
2650030369e5c327d5eaf4a6b9fd175786bda751
b069053ff474120a849ba3e9f1d4110f4311608883e9ec1cdbe68e1b181dcc73

HTTP Headers

GET /images/logo.gif HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 4252
date: Mon, 30 Jan 2023 22:52:35 GMT
last-modified: Wed, 27 Jul 2022 23:18:30 GMT
etag: "62e1c7c6-109c"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
expires: Sun, 30 Apr 2023 22:52:35 GMT
cache-control: max-age=7776000, public, no-transform
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TvNNNz6F5UpzweyUPsIz1JAj3gZ8BSo421S59Vkf2HEkMv9jlDf7ew==
age: 11454
x-robots-tag: noindex
X-Firefox-Spdy: h2

cdn.clkmg.com/misc/css/style.css

54.230.111.107

200 OK

4.5 kB

URL HTTP/1.1
cdn.clkmg.com/misc/css/style.css
IP
54.230.111.107:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
4.5 kB (4498 bytes)
Hash
e540f61448a0e598774be6738463a0c5
75c83228491705c9a412383803decd6878c3f163
263bd19121ab72d1db5109850141dd62598ee8d4240b4cbfb3bce40a85c5da3c

HTTP Headers

GET /misc/css/style.css HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4498
Connection: keep-alive
Date: Sun, 08 Jan 2023 01:39:24 GMT
Last-Modified: Sat, 06 Aug 2022 19:05:46 GMT
ETag: "62eebb8a-1192"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Tue, 07 Feb 2023 01:39:24 GMT
Cache-Control: max-age=2592000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: k9PfUVl_hKie3TmpRFgOJL1D0Z0Psjc9LJ1PdfFJG1aDXciqJ9zD9g==
Age: 1988645
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

cdn.clkmg.com/images/spacer.gif

54.230.111.107

200 OK

43 B

URL HTTP/1.1
cdn.clkmg.com/images/spacer.gif
IP
54.230.111.107:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/spacer.gif HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Date: Mon, 09 Jan 2023 02:31:58 GMT
Last-Modified: Thu, 23 Feb 2017 23:21:15 GMT
ETag: "58af6e6b-2b"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Sun, 09 Apr 2023 02:31:58 GMT
Cache-Control: max-age=7776000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: d0f67qhORFDthJoq3MxrDW8q-6MJ3qJuQg6MWesyFeqwYRKRpLLVCw==
Age: 1899091
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff

54.230.111.88

200 OK

158 kB

URL HTTP/2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
IP
54.230.111.88:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 157888, version 0.0\012- data
Size
158 kB (157888 bytes)
Hash
6b5a42f0603ea013e7099c2160e007e7
1a817b28d15fba7537a6ac0ed28126589062f303
860f80f683dd2cca3acc4680a798cd8a1a8dd8d6a0e18312692d9504f3792242

HTTP Headers

GET /misc/fonts/website/v3/Inter-Medium.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff
content-length: 157888
date: Tue, 31 Jan 2023 00:00:19 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-268c0"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-02.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I7YaEm477tonmVxCD9TY9ESzuxkn7a7HfeU99oPAvesz3dLnbw2RZg==
age: 7390
x-robots-tag: noindex
X-Firefox-Spdy: h2

cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff

54.230.111.88

200 OK

149 kB

URL HTTP/2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
IP
54.230.111.88:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 149344, version 0.0\012- data
Size
149 kB (149344 bytes)
Hash
ea2c76b525641c2051cdf7d930e465ba
b3ffc2515b8429e92540e084fd6011f32b8df368
6ab2042219a7bbc2f5523d61ad24c9f1e3627f2cbb891669d981da8bb019c11e

HTTP Headers

GET /misc/fonts/website/v3/Inter-Regular.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff
content-length: 149344
date: Tue, 31 Jan 2023 00:00:19 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-24760"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-01.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zzaO6bOXYkIumUFpY7OTyhUcWb4drE12sfX0hTp_CKONHHUlgKVd5Q==
age: 7390
x-robots-tag: noindex
X-Firefox-Spdy: h2

www.clkmg.com/favicon.ico

50.97.244.203

200 OK

78 B

URL HTTP/1.1
www.clkmg.com/favicon.ico
IP
50.97.244.203:0
ASN
#36351 SOFTLAYER

File type
MS Windows icon resource - 1 icon, 1x1, 2 colors\012- data
Size
78 B (78 bytes)
Hash
c9e1efa761b83f4a25a07dc85c207f95
7c1df040d4119e1c1b4f875c362f363ad1f6ba13
91634633ca6d34044c356a9a0baa832f1927d8326e1ae1a95af22b864d30dd7f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Cookie: lids=1537844-152398+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 02:03:29 GMT
Content-Type: image/x-icon
Content-Length: 78
Last-Modified: Thu, 21 Apr 2022 16:32:44 GMT
Connection: keep-alive
ETag: "6261872c-4e"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Thu, 02 Mar 2023 02:03:29 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes

p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0

52.116.53.155

200 OK

0 B

URL HTTP/2
p274639.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0
IP
52.116.53.155:0
ASN
#36351 SOFTLAYER

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCBBLFBRk1eiQ4ypU_IICyRP5V1c6EPCUBF8zHiEadnIXHca1CsuLEl2kGko8eoV6LiOFwlzkCkbzEzy7OBJtmOXCgzQbPSpPqqSSkl0jHkvawfpNa9imHsM1Pvdhx6h8GcMlvyNQu9ligKNm5HUY_GWjB2fjK6rwTJjim55TmpSzfpExJBMizSdKgbz0VF_-WH_9b8ky2I1bOt49-zifnPahCJDe0fs2e12k4XVJzHJX8mFgHSWE3TZCCpJ_Aq0_LLnTAHAGYpFgXZomooD2vuliVnQIGgxQDiU7ugF2M-yuw6VwzuvR-x3CQtVBA9Wp7n-oJi-H9AZDZAEJiK7vPzixmWNroOA7iDeDOtSQlmdXjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96w8gbO8AoGVPmI0xR1wwxSH3LRhS7yFr44jC5B3JLJRQe6_JWYuELBOHIoRdltXdbQty4LB7K0SXOOmJ-RAV7petVg_MhDOHN1Dhh7ZfSJFQ&si=1&oref=dae16bcb6b93b11e9cbacb290c7cfdf8&optunit=w6VwzuvR-x29ebjHufQcSA&rb=E-qvs9aXu7s&rr=0&abtg=0 HTTP/1.1
Host: p274639.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://btpnative.com/
Connection: keep-alive
Cookie: rhid=82800897449
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 02:03:27 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82800897449; Max-Age=15552000; Expires=Sun, 30-Jul-2023 02:03:27 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_857954_off_361683_aff_11454_cid_274639-575551883-TPBPROXYONE.ORG_ts_1675130607; Max-Age=3600; Expires=Tue, 31-Jan-2023 03:03:27 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type