Overview

URL4.us.silverwinds.xyz/feed/?link=true&tid=4&subid=4.us.linux.chrome&ref=pdxx-7fmavzpxk2xlm-4-2.lowsea.fun&s1=638624c4fd2f6e03060211d0
IP 23.235.251.114 (United States)
ASN#19437 SS-ASH
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-29 15:27:26 UTC
StatusLoading report..
IDS alerts0
Blocklist alert4
urlquery alerts No alerts detected
Tags None

Domain Summary (22)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
www.linkonclick.com (2) 107259 2018-07-03 01:42:51 UTC 2020-04-07 19:59:13 UTC 35.186.193.41
ocsp.pki.goog (5) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-29 07:36:52 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
leche.labtrffc.com (1) 0 2021-02-18 14:08:36 UTC 2022-11-26 14:33:22 UTC 51.83.143.92 Domain (labtrffc.com) ranked at: 87846
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun (1) 0 2022-08-21 08:58:43 UTC 2022-11-29 12:46:17 UTC 5.161.78.177 Unknown ranking
ron.trffclb.com (1) 0 2022-09-30 13:04:48 UTC 2022-11-29 09:00:19 UTC 51.83.143.92 Unknown ranking
tracking.prtrackings.com (1) 136276 No data No data 34.147.21.42
code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2020-04-21 12:46:20 UTC 69.16.175.10
fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-11-29 09:35:58 UTC 142.250.74.106
r3.o.lencr.org (12) 344 No data No data 23.36.77.32
4.us.silverwinds.xyz (1) 0 2022-03-31 16:01:00 UTC 2022-11-29 12:46:35 UTC 23.235.251.114 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-29 05:48:55 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-29 05:51:44 UTC 34.117.237.239
popmyads.com (1) 44134 2019-01-09 18:43:38 UTC 2022-11-29 09:00:32 UTC 188.114.96.1
torrent-protection.com (5) 0 2019-08-15 16:39:44 UTC 2022-11-29 12:46:20 UTC 167.99.123.14 Unknown ranking
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
redir.tealwinds.xyz (1) 0 2022-07-28 05:22:11 UTC 2022-11-29 12:46:01 UTC 198.211.113.186 Domain (tealwinds.xyz) ranked at: 178693
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.35.190.173
samba.trffclb.com (3) 0 2022-09-30 11:20:25 UTC 2022-11-29 12:46:00 UTC 51.83.143.92 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-29 2 trffclb.com Sinkholed
2022-11-29 2 trffclb.com Sinkholed
2022-11-29 2 trffclb.com Sinkholed
2022-11-29 2 trffclb.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 23.235.251.114
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114
2023-01-25 06:47:03 +0000 0 - 0 - 1 21.us.tealwinds.xyz/feed/?link=true&tid=21&su (...) 23.235.251.114
2023-01-19 15:47:03 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114


Last 5 reports on ASN: SS-ASH
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-02-01 20:53:46 +0000 0 - 0 - 22 www.montereycountyclinicservices.org/ 131.153.100.222
2023-01-31 07:05:58 +0000 0 - 0 - 4 www.afamag.com/ 131.153.100.9
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114


Last 5 reports on domain: silverwinds.xyz
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-01-07 13:28:13 +0000 0 - 1 - 0 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-01-07 00:59:48 +0000 0 - 1 - 0 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-12-25 03:49:03 +0000 0 - 1 - 0 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-12-23 00:58:03 +0000 0 - 2 - 5 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-08 19:56:50 +0000 0 - 0 - 1 setupspeedyhighlyinfo-file.info/SmeJUOQy0mHqg (...) 3.226.146.143
2023-01-08 04:49:31 +0000 0 - 0 - 1 setupsophisticatedhighlyinfo-file.info/B_2wYH (...) 3.226.146.143
2023-01-06 19:00:07 +0000 0 - 0 - 2 torrent-protection.com/download-now/ 167.99.123.14
2023-01-06 00:19:42 +0000 0 - 0 - 1 setupsophisticatedhighlyinfo-file.info/jsyUD0 (...) 3.226.146.143
2023-01-05 22:29:40 +0000 0 - 0 - 1 setuphighlysophisticatedinfo-file.info/ZFkIGK (...) 3.226.146.143

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (54)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12353
Expires: Tue, 29 Nov 2022 18:53:09 GMT
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6086
Cache-Control: max-age=161121
Date: Tue, 29 Nov 2022 15:27:16 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 12:12:37 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6804
Expires: Tue, 29 Nov 2022 17:20:40 GMT
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: MKwVvO+HzYvd4wxY7+AcI08tKfhCWs0tlTNP9nwzrlMf2Ea89M5m7YQzeHoiFxiTt9S61r85tUs=
x-amz-request-id: AP85G76FST1BFM9W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 14:45:30 GMT
age: 2506
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 15:19:38 GMT
cache-control: public,max-age=3600
age: 458
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 29 Nov 2022 15:27:16 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /feed/?link=true&tid=4&subid=4.us.linux.chrome&ref=pdxx-7fmavzpxk2xlm-4-2.lowsea.fun&s1=638624c4fd2f6e03060211d0 HTTP/1.1 
Host: 4.us.silverwinds.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=4&subid=4.us.linux.chrome
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 15:11:13 GMT
cache-control: public,max-age=3600
age: 963
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CE81858F7C342D2A47CBBAE4752E5C14C6E594F22480DC719D960562C7978FF1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16465
Expires: Tue, 29 Nov 2022 20:01:41 GMT
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive

                                        
                                            GET /click/invalid/?tid=4&subid=4.us.linux.chrome HTTP/1.1 
Host: redir.tealwinds.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4
Vary: Accept
Content-Length: 230
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   230
Md5:    bf1ea261d68c3cae104a4434b2ed8723
Sha1:   5c2720cc951f801f2f7091867636e73490adcc78
Sha256: 67be18803779206c2595f60be36782945e42e8ba6ce70f8595a405c6861670d0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2522
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 15:27:16 GMT
Last-Modified: Tue, 29 Nov 2022 14:45:14 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4D617AD4750CE1F131EF8F0BB7EEC76638154C1B3217B05CD3A9859A837A9636"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4590
Expires: Tue, 29 Nov 2022 16:43:46 GMT
Date: Tue, 29 Nov 2022 15:27:16 GMT
Connection: keep-alive

                                        
                                            GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs_4 HTTP/1.1 
Host: leche.labtrffc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 15:27:16 GMT
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638624d426f23f6f956780ba&fid=888fb

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pG1B2l1nouEm/IHEHOHGdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.35.190.173
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jh/+oapLDtWbPZYbMfW1AKFFiKw=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3A97C2923C7C21A74A6B36A9E23045FEA5A6CA4FD3B42B699972CF4A1FFE56BA"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12196
Expires: Tue, 29 Nov 2022 18:50:33 GMT
Date: Tue, 29 Nov 2022 15:27:17 GMT
Connection: keep-alive

                                        
                                            GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=638624d426f23f6f956780ba&fid=888fb HTTP/1.1 
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         5.161.78.177
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
date: Tue, 29 Nov 2022 15:27:17 GMT
content-length: 164
location: https://ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b
set-cookie: emwxcid_4_1=xOExTQ2lE3avl4npIpUdcqrS42AVVPbapeUHlEZjODOMVHvvT3; expires=Wed, Nov 29 2023 15:27:17 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   164
Md5:    813f9846b49c0ada805648edf1b2fdbd
Sha1:   caa24890460f73e6a72bb49426351e67e83b053d
Sha256: 8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4D617AD4750CE1F131EF8F0BB7EEC76638154C1B3217B05CD3A9859A837A9636"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4589
Expires: Tue, 29 Nov 2022 16:43:46 GMT
Date: Tue, 29 Nov 2022 15:27:17 GMT
Connection: keep-alive

                                        
                                            GET /a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888b HTTP/1.1 
Host: ron.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 15:27:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Round: 11hx4alk7e
Raund: 1zd
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   158
Md5:    c87457594ef907d482eb114aaab14561
Sha1:   a528b0dfb11add9a369a0ad1f1dd462ea345f86e
Sha256: 83c06d15d0da3d5a81c885e5c71ba39c406d464738a421bb732a69f1c7dabf72

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 15:27:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=638624d572c34558524773f5; expires=Fri, 02-Dec-2022 15:27:17 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (541)
Size:   494
Md5:    ddcd1c0555ffc7a9a956a9b92d2ba892
Sha1:   b80262fb4c813aea5661fa8aee0fe02cf60fa0f0
Sha256: 000551961e61a86c5e82322ee7863095c9ade632f96288463ab3cab23b5712fe

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b&bv=1 HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Cookie: bt-603611c5b7eaf46891533240=638624d572c34558524773f5
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 15:27:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 11kgq037yu
Raund: 2si
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2533
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 15:27:17 GMT
Etag: "6385ae27-117"
Last-Modified: Tue, 29 Nov 2022 14:45:04 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Tue, 29 Nov 2022 15:27:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2534
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 15:27:18 GMT
Last-Modified: Tue, 29 Nov 2022 14:45:04 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 15:27:18 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 15:27:18 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 15:27:18 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 15:27:18 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 29 Nov 2022 16:19:42 GMT
Date: Tue, 29 Nov 2022 15:27:18 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 43747
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7347
Md5:    c18253815814eb8575e1561c28c0b504
Sha1:   2fc5eb038dc5bfc441fbb6e1f96a604f7734c3c2
Sha256: 067219e85386cd58a1e6ef3d4c16c7b578036611021963769531f61e2b50db4e
                                        
                                            GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1 
Host: popmyads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         188.114.96.1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 29 Nov 2022 15:27:18 GMT
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ldEm9OTUZp0OJCbPE8BJh1CrVO6h2MJw0gfsfdVylLoDBAaD8fbwvEmN0ylp7P7B77lnWFnmnmbhl8OSpHfcF4YjQ6ijdS0M1NbQ34JR8w5%2FakNbhhqsHwcjXMESeQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771c5dd8fd601c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   3421
Md5:    b4a2757ccc6ec5abc3e7bbcdb14456f7
Sha1:   ad99e4af68cb0eecfd45909f94bb9c8a797a479a
Sha256: 99fb9c9c6d5626a4c144bea967a4d7a17eede66a63beae9016433f2891e7fcb6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 63624
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4417
Md5:    a2a5c8d4113d282600462749315f2c4f
Sha1:   e2b4d2e15bb7c086333c0da438873e4c139ba931
Sha256: 9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 19066
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9376
Md5:    cce27a1fe8c0222811a5ce0e7f89e1cb
Sha1:   28c165bac8cf68cd1b0763c311aece00672cb3a5
Sha256: 4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 38248
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10176
Md5:    03014221d7f49b50ffc2d1b0a0e75457
Sha1:   772d86ad983042a728ee3490630a9cf1134ad0dd
Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 62723
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9fRfgj9_S00P8fI_T-tVt7khJ1kYZux_55K_yLYUsiyVEoiWRM9QAw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:07:26 GMT
age: 62392
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /jump/next.php?stamat=m%257C%252Coo2djdjarB1dQO0dEdHP3xP.681%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6bFmvq_XsOZ11dNi5wjwW8w%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614100&cbur=0.7009659983577022&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1 
Host: www.linkonclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         35.186.193.41
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Tue, 29 Nov 2022 15:27:18 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQ2ImtjFuoGU3B_-GH0dEdHP3xP.172%252CQbBbfNcWkmVMWi_NVz7Qnu1T3Xc0adBx22fHAJun9RA-56uzNgdhI_TRogO0E6WEQJRBDQfSwxD3dbrvdDF8AF-ZWBentsdereBZUYIMtIDEgJbitt0vWKCyVr26UMqTZba8vPzgWOelcXfI6StEj12ZdteXsPWoZVTz8AdDTRIoLerwE6xDP3N8tXV0E-p8VQvLPrZpuyJZ-qvlGHcWjN4-5DbPfN1kwrVRJm8adKwWH0IcH2TIvVLcu_OrVXF1rcb5vLpgyWz9NfIqAnZOdO-Y244_QtLE8DhmbgvzoikCHwH2e0RKEx-vB1097NNSkTgxKHP2XelnI1wLZVxb72bQFwXfkRNXGxci0V-PYUnaCXm-G1tfbbsVmL42pznqs2pwJ2h_MuHQk84v2jONYRdYkfcPH3Aadqgmj2FhGtGy7dU8Gkta7NEerECrcycp7VatcvmFJj39IlZDSIvNRl7-bhef_FZmpIxM_muzFe2Lv7iB-913-0G0Hib9PuVwTMeYoEO_bQZyw2Ta3pAQOt8GMQFkbZGu_VDh5eJwWFt996VmUPS10xvZ5V7zt1Ef
Via: 1.1 google


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    68b329da9893e34099c7d8ad5cb9c940
Sha1:   adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Sha256: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
                                        
                                            GET /script/i.php?stamat=m%257C%252C%252CQ2ImtjFuoGU3B_-GH0dEdHP3xP.172%252CQbBbfNcWkmVMWi_NVz7Qnu1T3Xc0adBx22fHAJun9RA-56uzNgdhI_TRogO0E6WEQJRBDQfSwxD3dbrvdDF8AF-ZWBentsdereBZUYIMtIDEgJbitt0vWKCyVr26UMqTZba8vPzgWOelcXfI6StEj12ZdteXsPWoZVTz8AdDTRIoLerwE6xDP3N8tXV0E-p8VQvLPrZpuyJZ-qvlGHcWjN4-5DbPfN1kwrVRJm8adKwWH0IcH2TIvVLcu_OrVXF1rcb5vLpgyWz9NfIqAnZOdO-Y244_QtLE8DhmbgvzoikCHwH2e0RKEx-vB1097NNSkTgxKHP2XelnI1wLZVxb72bQFwXfkRNXGxci0V-PYUnaCXm-G1tfbbsVmL42pznqs2pwJ2h_MuHQk84v2jONYRdYkfcPH3Aadqgmj2FhGtGy7dU8Gkta7NEerECrcycp7VatcvmFJj39IlZDSIvNRl7-bhef_FZmpIxM_muzFe2Lv7iB-913-0G0Hib9PuVwTMeYoEO_bQZyw2Ta3pAQOt8GMQFkbZGu_VDh5eJwWFt996VmUPS10xvZ5V7zt1Ef HTTP/1.1 
Host: www.linkonclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         35.186.193.41
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Tue, 29 Nov 2022 15:27:18 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://tracking.prtrackings.com/click?pid=4&offer_id=2717&sub1=166973563810000TNOTV415326358024V2a&sub2=3744083-695982968-0
Via: 1.1 google


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    68b329da9893e34099c7d8ad5cb9c940
Sha1:   adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Sha256: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 04:34:01 GMT
Expires: Sun, 04 Dec 2022 04:34:00 GMT
Etag: "82a62874d424ce6b6d78d71f35a2bad2b2210044"
Cache-Control: max-age=392200,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771c5ddf9bfcb50b-OSL

                                        
                                            GET /click?pid=4&offer_id=2717&sub1=166973563810000TNOTV415326358024V2a&sub2=3744083-695982968-0 HTTP/1.1 
Host: tracking.prtrackings.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.147.21.42
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 29 Nov 2022 15:27:19 GMT
content-length: 0
location: https://torrent-protection.com/download-now?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=638624d71c3a130001ddfe69; expires=Wed, 29 Nov 2023 15:27:19 GMT; secure; SameSite=None afoffers={"2717":1669735639}; expires=Wed, 29 Nov 2023 15:27:19 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B65A7C415311C5E7C225765C211F932C50FACB64B7A61902A0C3F88590A3DFA6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10818
Expires: Tue, 29 Nov 2022 18:27:37 GMT
Date: Tue, 29 Nov 2022 15:27:19 GMT
Connection: keep-alive

                                        
                                            GET /download-now?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download HTTP/1.1 
Host: torrent-protection.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         167.99.123.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.15.9 (Ubuntu)
Date: Tue, 29 Nov 2022 15:27:19 GMT
Content-Length: 178
Location: https://torrent-protection.com/download-now/?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    b11641fd881afc4adf8803ca198bfd84
Sha1:   6bdc18dcf318b9f89017617cc09cbfbb31143a3f
Sha256: 0b5a9558df13d970934d9fcbc95a054a09660684072ce369c51cacd0696dd821
                                        
                                            GET /download-now/?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download HTTP/1.1 
Host: torrent-protection.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         167.99.123.14
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.15.9 (Ubuntu)
Date: Tue, 29 Nov 2022 15:27:19 GMT
Last-Modified: Fri, 20 May 2022 15:43:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6287b728-3a2b"
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2616)
Size:   5250
Md5:    2da0dae9438f7ba87ba1a52f8815f66b
Sha1:   0978bdcc8de13c7f3e9e4c09a802a29f4e588628
Sha256: 69f56629ad1858eef91a935a0d4c75d9faaf0f330ed94e919e4ffcfbc45a4a63
                                        
                                            GET /jquery-1.12.0.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 29 Nov 2022 15:27:19 GMT
content-encoding: gzip
content-length: 33820
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669735639.dop013.sk1.t,1669735639.cds253.sk1.hn,1669735639.cds229.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32060)
Size:   33820
Md5:    e0865bea5b028ce4d913dc4d6166c751
Sha1:   b2df1f4068ce3040ba56512e7fa7674db72f8fcb
Sha256: 0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Varela+Round&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 15:27:19 GMT
date: Tue, 29 Nov 2022 15:27:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://torrent-protection.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 74078
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 15:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /download-now/img/gear.png HTTP/1.1 
Host: torrent-protection.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/download-now/?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         167.99.123.14
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.15.9 (Ubuntu)
Date: Tue, 29 Nov 2022 15:27:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   123
Md5:    bbc0202734cbdf78fc1d532657b6dd51
Sha1:   c9315391afb54fbd7da800a2ad4be6fe6eec02eb
Sha256: 23edba966cd69a70af72ae2548c7fb17560c0239c159ce2b9513c7bbe51b0566
                                        
                                            GET /images/firefox.png HTTP/1.1 
Host: torrent-protection.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/download-now/?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         167.99.123.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.15.9 (Ubuntu)
Date: Tue, 29 Nov 2022 15:27:19 GMT
Content-Length: 8409
Last-Modified: Thu, 11 Aug 2022 09:51:06 GMT
Connection: keep-alive
ETag: "62f4d10a-20d9"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 295 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size:   8409
Md5:    ebabc9ce9e6e973572f8f1d22a52dce6
Sha1:   7dd2515e812500a75e5469e5645a1b847dba88fb
Sha256: 49bfc451853b13ecb8c7fb910c3639402b59a01258e863acd84d595281412312
                                        
                                            GET /download-now/favicon.png HTTP/1.1 
Host: torrent-protection.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/download-now/?domain=totaladblock.com&hash=62ab3b5a3d5ef&s1=4&s2=638624d71c3a130001ddfe69&s3=3744083-695982968-0&action=download
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         167.99.123.14
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.15.9 (Ubuntu)
Date: Tue, 29 Nov 2022 15:27:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   123
Md5:    bbc0202734cbdf78fc1d532657b6dd51
Sha1:   c9315391afb54fbd7da800a2ad4be6fe6eec02eb
Sha256: 23edba966cd69a70af72ae2548c7fb17560c0239c159ce2b9513c7bbe51b0566
                                        
                                            GET /css?family=Open+Sans:400,700,800&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://torrent-protection.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 15:27:19 GMT
date: Tue, 29 Nov 2022 15:27:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---