lsfgkfi.tk/
172.67.168.179200 OK 13 kB IP 172.67.168.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF line terminators
Hash 916026c819775c413dfdab7b630423ed
1d4752e1b11d837209b0292c2abfb3118da7ea71
761f125c84f081008a53874f57cb51d236e531dd51f96fe701a73197e484b83b
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: lsfgkfi.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:24:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Set-Cookie: ab_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FM%2Fd0GJ2NpSItn%2F5vLMGPSajKgNlZykBpUq39be69g5WDLAS3YNlBiv8kfn%2BOpjqKirk2GUbnUFKJFx5tmeg3VrwNrbpx27APf3nv0ecwfD9uglxnztTkQXLHCA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7451356c0ff30b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 19:43:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 31F2neRGItVOCI6ssukr5CzMg-zi67GQ--qJ_G5PxYezNeRYCnXHAg==
Age: 2472
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9819
Expires: Sat, 03 Sep 2022 23:08:02 GMT
Date: Sat, 03 Sep 2022 20:24:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UFs1a-A_NYuJFPZC0fKEQhbarZqlf0D-vpVZGsrpd9jEmfn46M8tqw==
age: 68946
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
46.148.125.182200 OK 13 kB URL HTTP/2 js.nextpsh.top/ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg
IP 46.148.125.182:0
ASN #35277 Llhost Inc. Srl
File type ASCII text, with very long lines (12996), with no line terminators
Hash 91aacc00b648d5f2acb7523a681bcbc7
093f4fabe81ef5286e5933737e7075d18e34c0f9
0c54d78d25f31aa46ec113679c4439a914120b0ad4208e22747812a597398ee5
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/ps.js?id=AbvykU-p1kuzLUz1NhqCVg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/javascript
content-length: 12996
set-cookie: __psu=edf350d5-f8f4-4bcb-9c89-e288cb00df33; expires=Tue, 03 Sep 2024 20:24:24 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
js.nextpsh.top/ps/config.js?id=AbvykU-p1kuzLUz1NhqCVg
46.148.125.182200 OK 360 B URL HTTP/2 js.nextpsh.top/ps/config.js?id=AbvykU-p1kuzLUz1NhqCVg
IP 46.148.125.182:0
ASN #35277 Llhost Inc. Srl
File type ASCII text, with CRLF line terminators
Hash eae6ec126c87767ad26c82c7e1da75d1
2a7fd5fefa6e64a5c24257f85567659b42fcaae0
fd3fbf290d3e137153d82251b3c8fdd0c0b7caeebaf3e520c74fb11f6b94151c
Analyzer Verdict Alert quad9 Sinkholed
GET /ps/config.js?id=AbvykU-p1kuzLUz1NhqCVg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Cookie: __psu=edf350d5-f8f4-4bcb-9c89-e288cb00df33
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/javascript
content-length: 360
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdb35e9282ea6a88ae4635a045c7c868
27477f435691134687093456ddf064e244551cbf
1e7fed88342816670765fa44cc1205c70bdc14e612f9eab4a94a2ab08e20722c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E7FED88342816670765FA44CC1205C70BDC14E612F9EAB4A94A2AB08E20722C"
Last-Modified: Fri, 02 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3161
Expires: Sat, 03 Sep 2022 21:17:05 GMT
Date: Sat, 03 Sep 2022 20:24:24 GMT
Connection: keep-alive
lsfgkfi.tk/images/video-1/puzzle.jpg
172.67.168.179200 OK 11 kB URL HTTP/1.1 lsfgkfi.tk/images/video-1/puzzle.jpg
IP 172.67.168.179:0
Hash c964889e52c6e06fb5eb4082a0e7bf20
28eb7c33186e66e1d129ca2c7800a3dc355ec313
0f9cd6bad76a73c114398dc975c8f9fd75e13caefeb4eab3de545155b2368031
GET /images/video-1/puzzle.jpg HTTP/1.1
Host: lsfgkfi.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lsfgkfi.tk/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 20:24:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.8
Access-Control-Allow-Origin: *
CF-Cache-Status: BYPASS
Set-Cookie: ab_referer=http%3A%2F%2Flsfgkfi.tk%2F; expires=Wed, 02-Nov-2022 20:24:24 GMT; Max-Age=5184000; path=/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7JaLwfYKV9d1GCZmat7gGuatG%2Bv0GCXrROcsUMT5zNqNjQgpJuyPU%2FoCoPEEiEfzd5E%2FFu7dTMKLNlVDZArbOFVz%2Fw5MWDOpAZAC0euuYP6tNtFiD2b%2FAqqMIl2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745135708c5f0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:24:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
b5ed4ea68f.8d26e3a7f3.com/f8b097e0fd838e412d11db556e6496db.js
45.133.44.25200 OK 39 kB URL HTTP/2 b5ed4ea68f.8d26e3a7f3.com/f8b097e0fd838e412d11db556e6496db.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 32a4f8cea108e82c2cff759c23e18f42
c146b2f9eafb4e8efb4e0e256fc3931bf47a5f91
7b18634893b289ce371bbd90d3d8991966451945c899770ce7d75f78777de4fd
GET /f8b097e0fd838e412d11db556e6496db.js HTTP/1.1
Host: b5ed4ea68f.8d26e3a7f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsfgkfi.tk
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 01 Sep 2022 16:10:19 GMT
etag: W/"6310d96b-15a9b"
content-encoding: gzip
expires: Sat, 03 Sep 2022 20:29:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
b5ed4ea68f.8d26e3a7f3.com/ffb79ab4f2b3b8b1b2edeaf1d76a8a6f/43957?version_name=a
45.133.44.25200 OK 1.4 kB URL HTTP/2 b5ed4ea68f.8d26e3a7f3.com/ffb79ab4f2b3b8b1b2edeaf1d76a8a6f/43957?version_name=a
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (1354), with no line terminators
Hash 07a264882d953c65347a9cccb44396ac
b6f56d14e839d269b5e62e931a2313cde01eaa9d
6d4184b6ddb4ead64e113eeb3776b34247c112c4df1c32ad95db819f3eab210f
GET /ffb79ab4f2b3b8b1b2edeaf1d76a8a6f/43957?version_name=a HTTP/1.1
Host: b5ed4ea68f.8d26e3a7f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsfgkfi.tk
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/json
content-length: 1354
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 03 Sep 2022 20:29:24 GMT
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:24:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3860
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 20:24:24 GMT
Last-Modified: Sat, 03 Sep 2022 19:20:05 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 919933e8e1e6013662a532e6d1bbabaf
b155f7a79d90c076b2545159398d732c5eac56f0
8095a078190f241e30545609b91b4d02b469566fad45b75d64fe167d3d08f03c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8095A078190F241E30545609B91B4D02B469566FAD45B75D64FE167D3D08F03C"
Last-Modified: Fri, 02 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4024
Expires: Sat, 03 Sep 2022 21:31:28 GMT
Date: Sat, 03 Sep 2022 20:24:24 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 03 Sep 2022 20:29:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2c6611f10d034d741a738a419e4a3be8
c30e6616efd49c1e67e33dbf48e860a2ded30834
d26e6290f7eb61ee2d2dfdd5ba75b031c7ba4ff302a6f3a61ce8143fbea298d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D26E6290F7EB61EE2D2DFDD5BA75B031C7BA4FF302A6F3A61CE8143FBEA298D1"
Last-Modified: Sat, 03 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18922
Expires: Sun, 04 Sep 2022 01:39:46 GMT
Date: Sat, 03 Sep 2022 20:24:24 GMT
Connection: keep-alive
domainanalyticsapi.com/api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator[_0x279cc1(...)]%20is%20undefined
46.148.125.75200 OK 0 B URL HTTP/1.1 domainanalyticsapi.com/api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator[_0x279cc1(...)]%20is%20undefined
IP 46.148.125.75:0
ASN #35277 Llhost Inc. Srl
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator[_0x279cc1(...)]%20is%20undefined HTTP/1.1
Host: domainanalyticsapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://lsfgkfi.tk/
Origin: http://lsfgkfi.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Sep 2022 20:24:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf62ff4e8ce0b415697601ad654af7a4
130166b82ea2dbf4f3c6946cc5048f0b3c7a095e
1193fa41f52fb6d1db0672db27ba8015a98366969fe293b80157a42011e85e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1193FA41F52FB6D1DB0672DB27BA8015A98366969FE293B80157A42011E85E7E"
Last-Modified: Fri, 02 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3061
Expires: Sat, 03 Sep 2022 21:15:26 GMT
Date: Sat, 03 Sep 2022 20:24:25 GMT
Connection: keep-alive
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dwsOuDUiTpQfEhwQGB29sw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lJaRZlnqBwK6OXAMzvS8+QAphpc=
4935756144.19028a7caf.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTQ2NjY4ODg3NTk1NTIyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNi4xIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJWaWRlbyUyMCJ9
45.133.44.24200 OK 0 B URL HTTP/2 4935756144.19028a7caf.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTQ2NjY4ODg3NTk1NTIyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNi4xIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJWaWRlbyUyMCJ9
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MTQ2NjY4ODg3NTk1NTIyMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNi4xIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJWaWRlbyUyMCJ9 HTTP/1.1
Host: 4935756144.19028a7caf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsfgkfi.tk
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:25 GMT
content-length: 0
server: nginx/1.20.2
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 03 Sep 2022 20:29:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1515b2c3b8f762fe876c2a7c83069d53
ea40d374f804fd9f6256132539a96dccf80319f0
0c49b190e52575192957b7456642f6f06368a4e2cafcd6157ee935d3e8cf7e8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C49B190E52575192957B7456642F6F06368A4E2CAFCD6157EE935D3E8CF7E8D"
Last-Modified: Sat, 03 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2870
Expires: Sat, 03 Sep 2022 21:12:15 GMT
Date: Sat, 03 Sep 2022 20:24:25 GMT
Connection: keep-alive
nereserv.com/in/dip?site=native-push&wl=0&event_id=3478a918-f651-48f6-a177-24f0f1d0d473&subid=416473681&sid=618670611&spot_id=26103&created_at=2022-09-03&timezone=0&ver=7.2.0&is_native=1
168.119.25.22200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=0&event_id=3478a918-f651-48f6-a177-24f0f1d0d473&subid=416473681&sid=618670611&spot_id=26103&created_at=2022-09-03&timezone=0&ver=7.2.0&is_native=1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=0&event_id=3478a918-f651-48f6-a177-24f0f1d0d473&subid=416473681&sid=618670611&spot_id=26103&created_at=2022-09-03&timezone=0&ver=7.2.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsfgkfi.tk
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
b5ed4ea68f.8d26e3a7f3.com/e5724f7f7a13315bb6024234794790d4.js
45.133.44.25200 OK 13 kB URL HTTP/2 b5ed4ea68f.8d26e3a7f3.com/e5724f7f7a13315bb6024234794790d4.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash ef964fe04b9d1f92d31ab1c199b733d8
8491c209296f27277ded927c28a9056e930992de
5ee6e7330badfcd83753ce191baa632a307b433c745b1cedc606b3d69424bd52
GET /e5724f7f7a13315bb6024234794790d4.js HTTP/1.1
Host: b5ed4ea68f.8d26e3a7f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 29 Aug 2022 10:45:16 GMT
etag: W/"630c98bc-d180"
content-encoding: gzip
expires: Sat, 03 Sep 2022 20:29:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 135f393604c3553eb864cf99f194c75e
182e6350fa120b9db3c721b75c6aa6b252f5d060
f56de62749894d9368d60985cca7cb2d9f048093a199e86fbac69f0930b3ac1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F56DE62749894D9368D60985CCA7CB2D9F048093A199E86FBAC69F0930B3AC1F"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8749
Expires: Sat, 03 Sep 2022 22:50:14 GMT
Date: Sat, 03 Sep 2022 20:24:25 GMT
Connection: keep-alive
0c25092667.19028a7caf.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 0c25092667.19028a7caf.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: 0c25092667.19028a7caf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://lsfgkfi.tk/
Origin: http://lsfgkfi.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:25 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9903
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9903
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9903
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9903
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9903
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: 43535b37-15c9-4a28-a7c0-f43482948382
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqlhGFX4IAMF9oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630db606-77bd935d4364050f230ba5da;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 07:02:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y_-knSwUodyBxS8I8PAoUexT6Z4o0Aq7m62v7HrRjm7vV-jP0VuCpw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 06:26:07 GMT
age: 50299
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5SORUPJgJ_gKKs4hSa4EzCCQA6B1dmyO1EC-gCBvFKl2R2hV0mYTeA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:39:01 GMT
age: 78325
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
0c25092667.19028a7caf.com/in/multy
168.119.25.22200 OK 14 kB URL HTTP/2 0c25092667.19028a7caf.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (13560), with no line terminators
Hash 781667374b5fb7198f0fcbb0b829f3bf
c97838ee16a58e6724e7e0beb86e1fa29ee50d5f
369b5d3b88b08d00bf90d279c112b0b6491661b740456ff1bd736c1ccdaa9b55
Analyzer Verdict Alert quad9 Sinkholed
POST /in/multy HTTP/1.1
Host: 0c25092667.19028a7caf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 639
Origin: http://lsfgkfi.tk
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:26 GMT
content-type: application/json
content-length: 13563
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 80512
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GHd4FOjIO1OP7wSOVcnOryE5ux4hlr_kC0dfJs3LqgQUbxMzuFxc1A==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:37:28 GMT
age: 82018
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: d4695cb0-76ed-495c-b548-d7819edd6d90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwqDSGuDIAMF6kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631023ae-7ba42ae9407c626a02d10e7f;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:14:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: paxjtCjggGuEMbpwW1HmCdQOemdktodVUl-grweVuYke_NynMIHMlg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:54:34 GMT
age: 59392
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1yjBt3dqEztIRHo4yR3ZzI67J4lWUMS8R44-PpkeDJ4KNdCTPkmh-w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 04:45:35 GMT
age: 56331
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
0c25092667.19028a7caf.com/in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13359&price=0.00047999999999999996&is_cpm=0&cpm=0&ecpm=0.002090288866308608&crid=3577992&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=2&auction_queue=0&burl=2z-O9ZU3t07o1o_OkZIR0_AIE8jt66perF0ptvboDxy8ck7fRNCGbmpcIePngCqgX9vy_HPEUlNprlu3WfiZfdvGaF502Es0P3Ix0EU6IZtH1sqgAnFVfN_bCGuNyJYwsvASZ0aojqvkZi2KyOW1I4hB3yj1xWHBqbJSTreIhc0lilmicOhN7DKq6ZmubALW3uETjtPw3-QGKd8fKXWuM1pFP-yX8cFAElOtjJcdh23-SyN4qQHuf8-Yq6HeskX9OlrjMcKx1cuvsxvQlFg9q0givZDEXXNzutIrzaRYM9Qlc1eMPlD12epzhgtbj3MdvnF3Wg_OssPSIy7ceHYaOtgVJYovKQpKryrZrjM3Mp4yZM1bwVAwDQJQM6B3ZWG6TuL-K5yoWJAT1T8TvIUmxlYShxrif0hFFz4B2HMJytfZPJwQiNtz3k-kfeJyqtgbwkk-Z4UK3WzLM5zyWlJ-OoGIxhuMkzxS0YLj_EPDORKwpavc9v1dMTkfPaI4UWkQouyjAcyY0JrZaTaElxWqcVF9msy9SzWDD3Q6xxFelEZwiES4dk23_hamaJDaET8W5jEFSH-mCvX62opxpRGGCD6vZhqQgXW-60vKyqbiZ1Rq8pcX9Zlz6kOQK0sNXNZuMF44g6iA9bFOLILQPJirZDVrwN-9n0hYlQa_uu9W_ddr4_vrAQHJSDLE0XKRN-5ONofvAwPBGUMip8o3BSJRWQS4Afb2hSDNO1VS5dqBIuu7LRxglgYnzYrloCsde2QJ1mRunQkboXxpweEU7kDoTFuVuwxx8kO3cFRztHHXJSY-KZyj1PH1pHrxReRGuzGPcGJFzXGuj8SAUGuy2HaXbGNvovTkrap2TLe46cBnC0nCLNk3YeaROL0ld1pKnG62yTOlNfeqV9pcToILiJ1Ql9Nl3Cdv-rGVo5XCAk-hHMbL1vLCkdqSqAY9BtPMbzw59ifWBy90agFfnzJd_ms5wJea_s74pMJlIHnvWJcB-V01zjCGaqv4kGMJvQ33Qf35LGOVTYIT1OsN0anPK0uZF7EEx4jmJXTbc3IrXKeVGLjUWlbARciLyaEAwRkBL-y5y6quMObRkVqJgyLAMY7KIJHY0iP_vjicnaSkD23vztV0qS-RZIBk3XTDzHLKv0dV4G6SLO4feZ-qAZfpA5CahmSHIS7MPP6e6NztoMSmvjvrweuxCV6Depelr0DL1CZ5oRoG24PL0dV7A3gMjigdbS6Fao_u1jueI5t9Jta026RalArkSUh70JqIpfCVFQbYMU2WxX8qUd5xJhT41Ef91qmD6n1Ikg17g-GPWeDFnzjUse_iFxbil5ECJN7B1dwTZCQ7zsDW8nUpXud6bsRuGSbIBghLOXjCYbjd7y4sTsU8z8HGieQHelRTEVtI-QAq_LPNcwrpcvIvAZ_FreouW8iDdTFoIrMQ5B6BedhlQ579YH-Fy_gx6JgxktLho4n-G2SBniD54VBuQkkk-WkYFjJbhoVIwn89_nCGG7o7Lmvl7IxY12InFVKTgmf6AZBPXJafhBqp5UWF9hJ4hBIHCW3Ji0sm6pgB1E44-PWGes5ORL1dUZ_9me_NrNGgEkQeW1Eyc_tKGDu85Tt_T4W_s6DAAduJKwJSHZ_cmnnS7g9G5rzfeXT1moM3RIxg1A_saQV4Wje5AKF1MGLKPUVMWjEX1Pz0vSo5sBv67nqaYCM0vtcf4aZTL2diB_XxkCStySsDDYcVx_cgOJxkg8bpQ_avVKgfurWIIv8tfJAaSLynXOIQi6uMKsxPYS994AOMgHSemDLdm3WtO96B0hEUnpZZ7SV0YKnrW-gXjDTU_349SwGnb41v_J4l6JUzTylGTD7XfcbMEaCoBEHIdjSNqrqr34HhdqOQmGxYT46T_9M&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.00024444003483814773&placement_type_id=&skin_test=0&verify_hash=17eaa2944fbcaacf2bb954eb6a34652b&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.00047999999999999996&v2_track=0&url=3vDrLOIagn2XvDsiGZ7afL4YNgPv45yciNBWpRBmTVTMOtQK7_ywXljiMBBULhojov55jK03UkmUsue1E9_ysyL0YBAdcV8-2XaWMxjFkJW4Zzb2VLltuAX-sTFGGMCs4L0NeQYVN0EJswsmVChgs6jo9kgAEkOi8r8RA7GxPbn877O4WA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00047999999999999996&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=f1e81752-ab78-4cc9-af8c-45d6b2305c99
168.119.25.22302 Found 0 B URL HTTP/2 0c25092667.19028a7caf.com/in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13359&price=0.00047999999999999996&is_cpm=0&cpm=0&ecpm=0.002090288866308608&crid=3577992&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=2&auction_queue=0&burl=2z-O9ZU3t07o1o_OkZIR0_AIE8jt66perF0ptvboDxy8ck7fRNCGbmpcIePngCqgX9vy_HPEUlNprlu3WfiZfdvGaF502Es0P3Ix0EU6IZtH1sqgAnFVfN_bCGuNyJYwsvASZ0aojqvkZi2KyOW1I4hB3yj1xWHBqbJSTreIhc0lilmicOhN7DKq6ZmubALW3uETjtPw3-QGKd8fKXWuM1pFP-yX8cFAElOtjJcdh23-SyN4qQHuf8-Yq6HeskX9OlrjMcKx1cuvsxvQlFg9q0givZDEXXNzutIrzaRYM9Qlc1eMPlD12epzhgtbj3MdvnF3Wg_OssPSIy7ceHYaOtgVJYovKQpKryrZrjM3Mp4yZM1bwVAwDQJQM6B3ZWG6TuL-K5yoWJAT1T8TvIUmxlYShxrif0hFFz4B2HMJytfZPJwQiNtz3k-kfeJyqtgbwkk-Z4UK3WzLM5zyWlJ-OoGIxhuMkzxS0YLj_EPDORKwpavc9v1dMTkfPaI4UWkQouyjAcyY0JrZaTaElxWqcVF9msy9SzWDD3Q6xxFelEZwiES4dk23_hamaJDaET8W5jEFSH-mCvX62opxpRGGCD6vZhqQgXW-60vKyqbiZ1Rq8pcX9Zlz6kOQK0sNXNZuMF44g6iA9bFOLILQPJirZDVrwN-9n0hYlQa_uu9W_ddr4_vrAQHJSDLE0XKRN-5ONofvAwPBGUMip8o3BSJRWQS4Afb2hSDNO1VS5dqBIuu7LRxglgYnzYrloCsde2QJ1mRunQkboXxpweEU7kDoTFuVuwxx8kO3cFRztHHXJSY-KZyj1PH1pHrxReRGuzGPcGJFzXGuj8SAUGuy2HaXbGNvovTkrap2TLe46cBnC0nCLNk3YeaROL0ld1pKnG62yTOlNfeqV9pcToILiJ1Ql9Nl3Cdv-rGVo5XCAk-hHMbL1vLCkdqSqAY9BtPMbzw59ifWBy90agFfnzJd_ms5wJea_s74pMJlIHnvWJcB-V01zjCGaqv4kGMJvQ33Qf35LGOVTYIT1OsN0anPK0uZF7EEx4jmJXTbc3IrXKeVGLjUWlbARciLyaEAwRkBL-y5y6quMObRkVqJgyLAMY7KIJHY0iP_vjicnaSkD23vztV0qS-RZIBk3XTDzHLKv0dV4G6SLO4feZ-qAZfpA5CahmSHIS7MPP6e6NztoMSmvjvrweuxCV6Depelr0DL1CZ5oRoG24PL0dV7A3gMjigdbS6Fao_u1jueI5t9Jta026RalArkSUh70JqIpfCVFQbYMU2WxX8qUd5xJhT41Ef91qmD6n1Ikg17g-GPWeDFnzjUse_iFxbil5ECJN7B1dwTZCQ7zsDW8nUpXud6bsRuGSbIBghLOXjCYbjd7y4sTsU8z8HGieQHelRTEVtI-QAq_LPNcwrpcvIvAZ_FreouW8iDdTFoIrMQ5B6BedhlQ579YH-Fy_gx6JgxktLho4n-G2SBniD54VBuQkkk-WkYFjJbhoVIwn89_nCGG7o7Lmvl7IxY12InFVKTgmf6AZBPXJafhBqp5UWF9hJ4hBIHCW3Ji0sm6pgB1E44-PWGes5ORL1dUZ_9me_NrNGgEkQeW1Eyc_tKGDu85Tt_T4W_s6DAAduJKwJSHZ_cmnnS7g9G5rzfeXT1moM3RIxg1A_saQV4Wje5AKF1MGLKPUVMWjEX1Pz0vSo5sBv67nqaYCM0vtcf4aZTL2diB_XxkCStySsDDYcVx_cgOJxkg8bpQ_avVKgfurWIIv8tfJAaSLynXOIQi6uMKsxPYS994AOMgHSemDLdm3WtO96B0hEUnpZZ7SV0YKnrW-gXjDTU_349SwGnb41v_J4l6JUzTylGTD7XfcbMEaCoBEHIdjSNqrqr34HhdqOQmGxYT46T_9M&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.00024444003483814773&placement_type_id=&skin_test=0&verify_hash=17eaa2944fbcaacf2bb954eb6a34652b&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.00047999999999999996&v2_track=0&url=3vDrLOIagn2XvDsiGZ7afL4YNgPv45yciNBWpRBmTVTMOtQK7_ywXljiMBBULhojov55jK03UkmUsue1E9_ysyL0YBAdcV8-2XaWMxjFkJW4Zzb2VLltuAX-sTFGGMCs4L0NeQYVN0EJswsmVChgs6jo9kgAEkOi8r8RA7GxPbn877O4WA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00047999999999999996&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=f1e81752-ab78-4cc9-af8c-45d6b2305c99
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13359&price=0.00047999999999999996&is_cpm=0&cpm=0&ecpm=0.002090288866308608&crid=3577992&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=2&auction_queue=0&burl=2z-O9ZU3t07o1o_OkZIR0_AIE8jt66perF0ptvboDxy8ck7fRNCGbmpcIePngCqgX9vy_HPEUlNprlu3WfiZfdvGaF502Es0P3Ix0EU6IZtH1sqgAnFVfN_bCGuNyJYwsvASZ0aojqvkZi2KyOW1I4hB3yj1xWHBqbJSTreIhc0lilmicOhN7DKq6ZmubALW3uETjtPw3-QGKd8fKXWuM1pFP-yX8cFAElOtjJcdh23-SyN4qQHuf8-Yq6HeskX9OlrjMcKx1cuvsxvQlFg9q0givZDEXXNzutIrzaRYM9Qlc1eMPlD12epzhgtbj3MdvnF3Wg_OssPSIy7ceHYaOtgVJYovKQpKryrZrjM3Mp4yZM1bwVAwDQJQM6B3ZWG6TuL-K5yoWJAT1T8TvIUmxlYShxrif0hFFz4B2HMJytfZPJwQiNtz3k-kfeJyqtgbwkk-Z4UK3WzLM5zyWlJ-OoGIxhuMkzxS0YLj_EPDORKwpavc9v1dMTkfPaI4UWkQouyjAcyY0JrZaTaElxWqcVF9msy9SzWDD3Q6xxFelEZwiES4dk23_hamaJDaET8W5jEFSH-mCvX62opxpRGGCD6vZhqQgXW-60vKyqbiZ1Rq8pcX9Zlz6kOQK0sNXNZuMF44g6iA9bFOLILQPJirZDVrwN-9n0hYlQa_uu9W_ddr4_vrAQHJSDLE0XKRN-5ONofvAwPBGUMip8o3BSJRWQS4Afb2hSDNO1VS5dqBIuu7LRxglgYnzYrloCsde2QJ1mRunQkboXxpweEU7kDoTFuVuwxx8kO3cFRztHHXJSY-KZyj1PH1pHrxReRGuzGPcGJFzXGuj8SAUGuy2HaXbGNvovTkrap2TLe46cBnC0nCLNk3YeaROL0ld1pKnG62yTOlNfeqV9pcToILiJ1Ql9Nl3Cdv-rGVo5XCAk-hHMbL1vLCkdqSqAY9BtPMbzw59ifWBy90agFfnzJd_ms5wJea_s74pMJlIHnvWJcB-V01zjCGaqv4kGMJvQ33Qf35LGOVTYIT1OsN0anPK0uZF7EEx4jmJXTbc3IrXKeVGLjUWlbARciLyaEAwRkBL-y5y6quMObRkVqJgyLAMY7KIJHY0iP_vjicnaSkD23vztV0qS-RZIBk3XTDzHLKv0dV4G6SLO4feZ-qAZfpA5CahmSHIS7MPP6e6NztoMSmvjvrweuxCV6Depelr0DL1CZ5oRoG24PL0dV7A3gMjigdbS6Fao_u1jueI5t9Jta026RalArkSUh70JqIpfCVFQbYMU2WxX8qUd5xJhT41Ef91qmD6n1Ikg17g-GPWeDFnzjUse_iFxbil5ECJN7B1dwTZCQ7zsDW8nUpXud6bsRuGSbIBghLOXjCYbjd7y4sTsU8z8HGieQHelRTEVtI-QAq_LPNcwrpcvIvAZ_FreouW8iDdTFoIrMQ5B6BedhlQ579YH-Fy_gx6JgxktLho4n-G2SBniD54VBuQkkk-WkYFjJbhoVIwn89_nCGG7o7Lmvl7IxY12InFVKTgmf6AZBPXJafhBqp5UWF9hJ4hBIHCW3Ji0sm6pgB1E44-PWGes5ORL1dUZ_9me_NrNGgEkQeW1Eyc_tKGDu85Tt_T4W_s6DAAduJKwJSHZ_cmnnS7g9G5rzfeXT1moM3RIxg1A_saQV4Wje5AKF1MGLKPUVMWjEX1Pz0vSo5sBv67nqaYCM0vtcf4aZTL2diB_XxkCStySsDDYcVx_cgOJxkg8bpQ_avVKgfurWIIv8tfJAaSLynXOIQi6uMKsxPYS994AOMgHSemDLdm3WtO96B0hEUnpZZ7SV0YKnrW-gXjDTU_349SwGnb41v_J4l6JUzTylGTD7XfcbMEaCoBEHIdjSNqrqr34HhdqOQmGxYT46T_9M&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.00024444003483814773&placement_type_id=&skin_test=0&verify_hash=17eaa2944fbcaacf2bb954eb6a34652b&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.00047999999999999996&v2_track=0&url=3vDrLOIagn2XvDsiGZ7afL4YNgPv45yciNBWpRBmTVTMOtQK7_ywXljiMBBULhojov55jK03UkmUsue1E9_ysyL0YBAdcV8-2XaWMxjFkJW4Zzb2VLltuAX-sTFGGMCs4L0NeQYVN0EJswsmVChgs6jo9kgAEkOi8r8RA7GxPbn877O4WA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.00047999999999999996&pr=&user_keywords=&auc_type=1&aid=116&ext_cid=0&device_theme=light&mlc=1&format=default-slide-b_r-body&mlf=1&cpa=f1e81752-ab78-4cc9-af8c-45d6b2305c99 HTTP/1.1
Host: 0c25092667.19028a7caf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:26 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
X-Firefox-Spdy: h2
0c25092667.19028a7caf.com/in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13061&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.027572258117861317&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=1&auction_queue=0&burl=HGKXnMuUJ2suZgt6mC1mpLPzk8loTC_4bG-QOy5T4Bw2MWG5CajJMg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.0001113234590369528&placement_type_id=&skin_test=0&verify_hash=d7fc77bab3ce5fba96b48125ea3910e8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.01675000024959445&v2_track=0&url=P-ke81GCxFYqGum9ozD2B1zuYHdV5s6CiWnqHWwREdTtm62cl0K7XtKuJDI-IqnB4uW91vHL9FvESnLpCI4-60ZrDKQxYrQk0AJjNdNnlcDuK5QNUN0SnojeFbcndITj3OyXGd9jIOID3hrfXoL8Cy4pLAcW9Kw7VcSIYZmSwj-3xP8XFQFVg1RkeW0qMqfMF_e5-l8D8MGXFlW6_WQK97KLz5oI3_P4Tgxa9cChyua0kOZFM_WGsiUDc8nOC04MtQkyzMydw1DuqwCW_Hhavy7dxFKSJMJtZDtHet927z7WXFrBzZtjzYF6ckYQYPIwJBnfWunj1PC9JyUxsFbpnCe05H2zlOCbYcjjmOIy1ufxqA64WRVDWIwB0Nhf0MHRqQnqwrk3TwOyBmtSJNxlkoq6vNhKQRGxYsB2IYCJw26IW-u4qgDXwjQz3002VzrjEtlvYorHoifMcYnl4X1xxVWXlKHQX5M-bxOCzgZZ_zKSyRwHvLa0G0wID619nkkNW8F8UFUD-knyXZsJ2AAvJXRjR4Qb37g9_7jBUBWPUdqdZWklefT9suHT06KFv6ChC0q7JRct7Ta2HH58BwZA4paDc1Sm-GzLxQ3K64GahJiKySORYvzf9F_s1pCxIJiyzbk_DOVpwrNId_NAfoz_nC2g80YHB2wXr7XJ6HCt67tNOwsp5Vuw3huZKFldCYmITAE6BmV9GKhJNviOe4OhiPMRCN6zcQZhCW-k_CNethFcD0-5bh7_R9Z3E28Scxyj_sqr_DLgnm3juVywJBoxnnptUUlF6rXe4paW_pDYnta2I8OpENoUPXKl7QpE4n14NEwnTDel5ZBLChAO-K6Kzhh_EiZpVM1v_xaRl5riO4c__Ce53eiEsF-WtqHytrMoO4VlUb86WiCcO_SqA5w-igIdM0lxHkG7Cbovv8cuk2mdyRl9MW9GZctOj_3Kzt74plF_FaPIy_as72_FdzOLjK3XekZ4B8mw9tp_YRMz4FNbd1P605-cUsMdP4r6BGYWMQHAVvS3BTu5MWWrsCFQgcmtKZU7m5UAAa6LAIs7p12BPC5ZCn_QWhrykwxg-XuU87_eGdZAN4I3eiL0qusZww&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=2&vertical_id=0&real_bid=0.013902500207163392&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&format=default-slide-b_r-body&cpa=13580b21-9103-4d29-9519-24e472f84fff
168.119.25.22302 Found 0 B URL HTTP/2 0c25092667.19028a7caf.com/in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13061&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.027572258117861317&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=1&auction_queue=0&burl=HGKXnMuUJ2suZgt6mC1mpLPzk8loTC_4bG-QOy5T4Bw2MWG5CajJMg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.0001113234590369528&placement_type_id=&skin_test=0&verify_hash=d7fc77bab3ce5fba96b48125ea3910e8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.01675000024959445&v2_track=0&url=P-ke81GCxFYqGum9ozD2B1zuYHdV5s6CiWnqHWwREdTtm62cl0K7XtKuJDI-IqnB4uW91vHL9FvESnLpCI4-60ZrDKQxYrQk0AJjNdNnlcDuK5QNUN0SnojeFbcndITj3OyXGd9jIOID3hrfXoL8Cy4pLAcW9Kw7VcSIYZmSwj-3xP8XFQFVg1RkeW0qMqfMF_e5-l8D8MGXFlW6_WQK97KLz5oI3_P4Tgxa9cChyua0kOZFM_WGsiUDc8nOC04MtQkyzMydw1DuqwCW_Hhavy7dxFKSJMJtZDtHet927z7WXFrBzZtjzYF6ckYQYPIwJBnfWunj1PC9JyUxsFbpnCe05H2zlOCbYcjjmOIy1ufxqA64WRVDWIwB0Nhf0MHRqQnqwrk3TwOyBmtSJNxlkoq6vNhKQRGxYsB2IYCJw26IW-u4qgDXwjQz3002VzrjEtlvYorHoifMcYnl4X1xxVWXlKHQX5M-bxOCzgZZ_zKSyRwHvLa0G0wID619nkkNW8F8UFUD-knyXZsJ2AAvJXRjR4Qb37g9_7jBUBWPUdqdZWklefT9suHT06KFv6ChC0q7JRct7Ta2HH58BwZA4paDc1Sm-GzLxQ3K64GahJiKySORYvzf9F_s1pCxIJiyzbk_DOVpwrNId_NAfoz_nC2g80YHB2wXr7XJ6HCt67tNOwsp5Vuw3huZKFldCYmITAE6BmV9GKhJNviOe4OhiPMRCN6zcQZhCW-k_CNethFcD0-5bh7_R9Z3E28Scxyj_sqr_DLgnm3juVywJBoxnnptUUlF6rXe4paW_pDYnta2I8OpENoUPXKl7QpE4n14NEwnTDel5ZBLChAO-K6Kzhh_EiZpVM1v_xaRl5riO4c__Ce53eiEsF-WtqHytrMoO4VlUb86WiCcO_SqA5w-igIdM0lxHkG7Cbovv8cuk2mdyRl9MW9GZctOj_3Kzt74plF_FaPIy_as72_FdzOLjK3XekZ4B8mw9tp_YRMz4FNbd1P605-cUsMdP4r6BGYWMQHAVvS3BTu5MWWrsCFQgcmtKZU7m5UAAa6LAIs7p12BPC5ZCn_QWhrykwxg-XuU87_eGdZAN4I3eiL0qusZww&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=2&vertical_id=0&real_bid=0.013902500207163392&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&format=default-slide-b_r-body&cpa=13580b21-9103-4d29-9519-24e472f84fff
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=278669188&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=618670611&cid=13061&price=0.01675000024959445&is_cpm=0&cpm=0&ecpm=0.027572258117861317&crid=5713643&crtid=1c81c2cc33a9d6c8cd6172aeefa0077e&tcid=0&out_id=0&ver=7.2.0&ver_c=&refdom=lsfgkfi.tk&hostname=auc-inpage-hz-4&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1662323066&created_at=2022-09-03&is_native=1&auction_queue=0&burl=HGKXnMuUJ2suZgt6mC1mpLPzk8loTC_4bG-QOy5T4Bw2MWG5CajJMg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=3126103&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB24&min_cpm=0.0001113234590369528&placement_type_id=&skin_test=0&verify_hash=d7fc77bab3ce5fba96b48125ea3910e8&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttp%253A%252F%252Flsfgkfi.tk%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=a&original_bid=0.01675000024959445&v2_track=0&url=P-ke81GCxFYqGum9ozD2B1zuYHdV5s6CiWnqHWwREdTtm62cl0K7XtKuJDI-IqnB4uW91vHL9FvESnLpCI4-60ZrDKQxYrQk0AJjNdNnlcDuK5QNUN0SnojeFbcndITj3OyXGd9jIOID3hrfXoL8Cy4pLAcW9Kw7VcSIYZmSwj-3xP8XFQFVg1RkeW0qMqfMF_e5-l8D8MGXFlW6_WQK97KLz5oI3_P4Tgxa9cChyua0kOZFM_WGsiUDc8nOC04MtQkyzMydw1DuqwCW_Hhavy7dxFKSJMJtZDtHet927z7WXFrBzZtjzYF6ckYQYPIwJBnfWunj1PC9JyUxsFbpnCe05H2zlOCbYcjjmOIy1ufxqA64WRVDWIwB0Nhf0MHRqQnqwrk3TwOyBmtSJNxlkoq6vNhKQRGxYsB2IYCJw26IW-u4qgDXwjQz3002VzrjEtlvYorHoifMcYnl4X1xxVWXlKHQX5M-bxOCzgZZ_zKSyRwHvLa0G0wID619nkkNW8F8UFUD-knyXZsJ2AAvJXRjR4Qb37g9_7jBUBWPUdqdZWklefT9suHT06KFv6ChC0q7JRct7Ta2HH58BwZA4paDc1Sm-GzLxQ3K64GahJiKySORYvzf9F_s1pCxIJiyzbk_DOVpwrNId_NAfoz_nC2g80YHB2wXr7XJ6HCt67tNOwsp5Vuw3huZKFldCYmITAE6BmV9GKhJNviOe4OhiPMRCN6zcQZhCW-k_CNethFcD0-5bh7_R9Z3E28Scxyj_sqr_DLgnm3juVywJBoxnnptUUlF6rXe4paW_pDYnta2I8OpENoUPXKl7QpE4n14NEwnTDel5ZBLChAO-K6Kzhh_EiZpVM1v_xaRl5riO4c__Ce53eiEsF-WtqHytrMoO4VlUb86WiCcO_SqA5w-igIdM0lxHkG7Cbovv8cuk2mdyRl9MW9GZctOj_3Kzt74plF_FaPIy_as72_FdzOLjK3XekZ4B8mw9tp_YRMz4FNbd1P605-cUsMdP4r6BGYWMQHAVvS3BTu5MWWrsCFQgcmtKZU7m5UAAa6LAIs7p12BPC5ZCn_QWhrykwxg-XuU87_eGdZAN4I3eiL0qusZww&image_url=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fq85%2Fimage%2Fvk%2F3643%2F643%2Frect_626aadf074621t1651158512r522.png.webp&skin_id=2&vertical_id=0&real_bid=0.013902500207163392&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&format=default-slide-b_r-body&cpa=13580b21-9103-4d29-9519-24e472f84fff HTTP/1.1
Host: 0c25092667.19028a7caf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:26 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://s.viifixi.com/n/1154/pniesytebj5vubdapf7fg2kamfqq44c6avsxm72xnbfg3qe4k2gdqxrnpnktchjsniffw3qhmf7hqv3ejnglluc2jhenhw4imnqhs3ccndfwa2r6f72lf6olwhxnb5nngm7lnjfpzb7cjuxmugztolrryfqaa4f7r7sew4jmm5huwypq4hg4wbybc5fvmt2lmfihrjdnxbegrosxixnwbuodltrdtnhlc3xe5flksb437d7ejosdgqpytjmyk6k6qunxfdbttobyoxnypffk6ok633rw5z2kl3qhsv7kheu3cm7eslq4su4ykxqoly6bgg7e4sutkf5qcal4ybvug22fttbcbhllyi5erqzqkunbqjpapk2jfrglshg2tmfumcjhu7c3hbewtewp23jf4qjk5rgelicpunux6x2ziq4qn2rggsabjr3qdjqva6cuki4lsvx2kq7jsy2qublfbwcl5w4zttsmsfjh3xsrgavauvdefz5fgnxik5izqsqxtjku563ckhafphwu6zupevmfu7pfdccxr63o5tzq2rfuuygaptdfbicnncjffnvev7eh57cwhh4w3sgt3oejhxgfk3vdzknjz3klpne6v6dvlcb4ibpqg3tzpriwmslf6i6uq===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbb6ba2d8566b6d2a260d618e02a97de
aef2804e70611fe1097b42477c33105c30ff4fe3
d0953aa076b5cc0cddef306918f48522fe5c8704dc010dc69f77618576d23fc8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0953AA076B5CC0CDDEF306918F48522FE5C8704DC010DC69F77618576D23FC8"
Last-Modified: Sat, 03 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3666
Expires: Sat, 03 Sep 2022 21:25:32 GMT
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
88.198.209.36200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 88.198.209.36:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 03 Sep 2022 20:24:26 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
i.cdnkimg.com/auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp
45.133.44.37200 OK 10 kB URL HTTP/2 i.cdnkimg.com/auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp
IP 45.133.44.37:0
ASN #39572 DataWeb Global Group B.V.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 68329d624a42af6145117bed5c9a2f03
4439b8d8b7e2dc706b5e9a417852bf16e6eb17dd
ede7a9f931abc7e53d07dbf4a82e992cfc38ebb280158f7fa4d12d00cab03bc6
GET /auto/492x328/q85/image/vk/3643/643/rect_626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:26 GMT
content-type: image/webp
content-length: 10348
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Sat, 17 Sep 2022 20:24:26 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=43957
23.88.85.6204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=43957
IP 23.88.85.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://lsfgkfi.tk/
Origin: http://lsfgkfi.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 03 Sep 2022 20:24:26 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: http://lsfgkfi.tk
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3a66ddbaf61212cb91ee639b5a58ff31
0694e4cef1e1036f9b840ec86f18e16d631c1812
90af2c1f0d0bb80c7daefcadb327cb0cf4d19aa58478881b8ac8e8b6e03dd1a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90AF2C1F0D0BB80C7DAEFCADB327CB0CF4D19AA58478881B8AC8E8B6E03DD1A6"
Last-Modified: Thu, 01 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4112
Expires: Sat, 03 Sep 2022 21:32:59 GMT
Date: Sat, 03 Sep 2022 20:24:27 GMT
Connection: keep-alive
s.viifixi.com/n/1154/pniesytebj5vubdapf7fg2kamfqq44c6avsxm72xnbfg3qe4k2gdqxrnpnktchjsniffw3qhmf7hqv3ejnglluc2jhenhw4imnqhs3ccndfwa2r6f72lf6olwhxnb5nngm7lnjfpzb7cjuxmugztolrryfqaa4f7r7sew4jmm5huwypq4hg4wbybc5fvmt2lmfihrjdnxbegrosxixnwbuodltrdtnhlc3xe5flksb437d7ejosdgqpytjmyk6k6qunxfdbttobyoxnypffk6ok633rw5z2kl3qhsv7kheu3cm7eslq4su4ykxqoly6bgg7e4sutkf5qcal4ybvug22fttbcbhllyi5erqzqkunbqjpapk2jfrglshg2tmfumcjhu7c3hbewtewp23jf4qjk5rgelicpunux6x2ziq4qn2rggsabjr3qdjqva6cuki4lsvx2kq7jsy2qublfbwcl5w4zttsmsfjh3xsrgavauvdefz5fgnxik5izqsqxtjku563ckhafphwu6zupevmfu7pfdccxr63o5tzq2rfuuygaptdfbicnncjffnvev7eh57cwhh4w3sgt3oejhxgfk3vdzknjz3klpne6v6dvlcb4ibpqg3tzpriwmslf6i6uq===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
185.98.54.153302 Found 0 B URL HTTP/2 s.viifixi.com/n/1154/pniesytebj5vubdapf7fg2kamfqq44c6avsxm72xnbfg3qe4k2gdqxrnpnktchjsniffw3qhmf7hqv3ejnglluc2jhenhw4imnqhs3ccndfwa2r6f72lf6olwhxnb5nngm7lnjfpzb7cjuxmugztolrryfqaa4f7r7sew4jmm5huwypq4hg4wbybc5fvmt2lmfihrjdnxbegrosxixnwbuodltrdtnhlc3xe5flksb437d7ejosdgqpytjmyk6k6qunxfdbttobyoxnypffk6ok633rw5z2kl3qhsv7kheu3cm7eslq4su4ykxqoly6bgg7e4sutkf5qcal4ybvug22fttbcbhllyi5erqzqkunbqjpapk2jfrglshg2tmfumcjhu7c3hbewtewp23jf4qjk5rgelicpunux6x2ziq4qn2rggsabjr3qdjqva6cuki4lsvx2kq7jsy2qublfbwcl5w4zttsmsfjh3xsrgavauvdefz5fgnxik5izqsqxtjku563ckhafphwu6zupevmfu7pfdccxr63o5tzq2rfuuygaptdfbicnncjffnvev7eh57cwhh4w3sgt3oejhxgfk3vdzknjz3klpne6v6dvlcb4ibpqg3tzpriwmslf6i6uq===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp
IP 185.98.54.153:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n/1154/pniesytebj5vubdapf7fg2kamfqq44c6avsxm72xnbfg3qe4k2gdqxrnpnktchjsniffw3qhmf7hqv3ejnglluc2jhenhw4imnqhs3ccndfwa2r6f72lf6olwhxnb5nngm7lnjfpzb7cjuxmugztolrryfqaa4f7r7sew4jmm5huwypq4hg4wbybc5fvmt2lmfihrjdnxbegrosxixnwbuodltrdtnhlc3xe5flksb437d7ejosdgqpytjmyk6k6qunxfdbttobyoxnypffk6ok633rw5z2kl3qhsv7kheu3cm7eslq4su4ykxqoly6bgg7e4sutkf5qcal4ybvug22fttbcbhllyi5erqzqkunbqjpapk2jfrglshg2tmfumcjhu7c3hbewtewp23jf4qjk5rgelicpunux6x2ziq4qn2rggsabjr3qdjqva6cuki4lsvx2kq7jsy2qublfbwcl5w4zttsmsfjh3xsrgavauvdefz5fgnxik5izqsqxtjku563ckhafphwu6zupevmfu7pfdccxr63o5tzq2rfuuygaptdfbicnncjffnvev7eh57cwhh4w3sgt3oejhxgfk3vdzknjz3klpne6v6dvlcb4ibpqg3tzpriwmslf6i6uq===?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F192%2Fq85%2Fimage%2Fvk%2F3643%2F643%2F626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: s.viifixi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.19.0
date: Sat, 03 Sep 2022 20:24:27 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
X-Firefox-Spdy: h2
i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
45.133.44.37200 OK 7.7 kB URL HTTP/2 i.cdnkimg.com/auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp
IP 45.133.44.37:0
ASN #39572 DataWeb Global Group B.V.
File type RIFF (little-endian) data, Web/P image\012- data
Hash 311dea4d14f115d233335c6e836384b4
8b92a31d5f07440ea67469f1b2827fe1bde271e4
8136f9d883af8abb2895a1c5946063fc41ed4b3a7f7226ffe2f49e49a3d0c961
GET /auto/192/q85/image/vk/3643/643/626aadf074621t1651158512r522.png.webp HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:27 GMT
content-type: image/webp
content-length: 7712
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: MISS
expires: Sat, 17 Sep 2022 20:24:27 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
b5ed4ea68f.8d26e3a7f3.com/6611700be5255b71574ab3b0e061406d.js
45.133.44.25200 OK 0 B URL HTTP/2 b5ed4ea68f.8d26e3a7f3.com/6611700be5255b71574ab3b0e061406d.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /6611700be5255b71574ab3b0e061406d.js HTTP/1.1
Host: b5ed4ea68f.8d26e3a7f3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 10:10:48 GMT
etag: W/"630de228-4121e"
content-encoding: gzip
expires: Sat, 03 Sep 2022 20:29:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lsfgkfi.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 20:24:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 01 Sep 2022 17:10:21 GMT
etag: W/"6310e77d-df45"
content-encoding: gzip
expires: Sat, 03 Sep 2022 20:29:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2