earnme.club/safe2.php?link=kBgOC
200 OK 435 B URL HTTP/1.1 earnme.club/safe2.php?link=kBgOC
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 78971dac3291a89dc4f93fd912642222
11ca13f7ac28148f003cc20a8619964b16b8190b
c35965c0b3b3ea8d3b0c7b80a45f1557fe1d3ac878e5866a2d70327b627351b7
Analyzer Verdict Alert fortinet Malware
GET /safe2.php?link=kBgOC HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Set-Cookie: tp2=kBgOC; expires=Mon, 28-Nov-2022 15:13:25 GMT; Max-Age=180
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 435
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 15:10:25 GMT
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7423
Expires: Mon, 28 Nov 2022 17:14:08 GMT
Date: Mon, 28 Nov 2022 15:10:25 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3378
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:25 GMT
Last-Modified: Mon, 28 Nov 2022 14:14:07 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 14:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3053
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5393
Expires: Mon, 28 Nov 2022 16:40:18 GMT
Date: Mon, 28 Nov 2022 15:10:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WiUV9IAQhZDpcU5YDsXrBPJ9tcB6++xbW7LCze4BCvRcs6m1CFVsOdLtjwaqEVSFX9Gs4NRBRa0=
x-amz-request-id: BJJ1PK5JS9X2XG2A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 14:42:06 GMT
age: 1699
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:10:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?sa=t&source=web&rct=j&url=https://earnme.club/v20-se-from-vivo/&ved=2ahUKEwjT86ry4fL1AhVByTgGHSsrAJM4MhAWegQIBBAB&usg=AOvVaw2YGwYfwpzJn4lx6uIZFxuI
200 OK 478 B URL HTTP/2 www.google.com/url?sa=t&source=web&rct=j&url=https://earnme.club/v20-se-from-vivo/&ved=2ahUKEwjT86ry4fL1AhVByTgGHSsrAJM4MhAWegQIBBAB&usg=AOvVaw2YGwYfwpzJn4lx6uIZFxuI
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (810)
Hash f0e28a3ae06d122e1434c0569153b33b
2debeb8f4909391deaed9edfc6851ce4b4823d56
22ded7b8b36c4331489b2abb17bd073ef1407ff9de1d3a757da9cbdef164be50
GET /url?sa=t&source=web&rct=j&url=https://earnme.club/v20-se-from-vivo/&ved=2ahUKEwjT86ry4fL1AhVByTgGHSsrAJM4MhAWegQIBBAB&usg=AOvVaw2YGwYfwpzJn4lx6uIZFxuI HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 478
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
earnme.club/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
200 OK 12 kB URL HTTP/2 earnme.club/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-includes/css/classic-themes.min.css?ver=1
200 OK 144 B URL HTTP/2 earnme.club/wp-includes/css/classic-themes.min.css?ver=1
IP
ASN #24940 Hetzner Online GmbH
Hash fcbd239f30d9a6dd1f3637f291143d37
2871bf7d98af3f43e42f7fa32808048e7134fabf
c2f98e9d71f782b7a3266cd337c61ae6c8dcbb7203669c07852aa2ab65ab6144
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 144
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2
200 OK 8.8 kB URL HTTP/2 earnme.club/wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (739)
Hash b4588be584fdfc6f3c8997ce49940a0f
f1b50682d29aa349889fea0469a12ed31deb25cb
c609f96251492512f62d975430d7d977a812b78031dad2797d12dbdf34d562db
GET /wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: text/css
last-modified: Sun, 26 Jun 2022 02:57:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8842
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
200 OK 6.7 kB URL HTTP/2 earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (30837)
Hash 97c6ce9b4936f66aa388ad33c39aba2d
3f14a7e78fbb4935cf35c20779dc2035531849a9
1eea453c424793fc56ef14093c10b373e3ca8388a70e847394e8084048c5ce38
GET /wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: text/css
last-modified: Sun, 26 Jun 2022 02:57:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6658
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash ebc7eeff85e1cb1c98a56b6120e06744
3980e5e71e059822d5bd404e3f6c336c3e30a91f
d5c8a264e548f5f634fed4265a68b8e511bc5c860756cfca8340513e9288af51
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5603
Cache-Control: max-age=122747
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Etag: "6383f5fa-116"
Expires: Wed, 30 Nov 2022 01:16:13 GMT
Last-Modified: Sun, 27 Nov 2022 23:42:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
earnme.club/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 30 kB URL HTTP/2 earnme.club/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.0 kB URL HTTP/2 earnme.club/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
earnme.club/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2
200 OK 13 kB URL HTTP/2 earnme.club/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (21960)
Hash 98574c14319f5ff56c6780de37593f2a
fd83667f007543824efddb81cbd2454db625ac80
ce0aad6c07f9909cae105e11c0a3c430a91065fd832eb1ad54526dbb80d41767
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Sun, 26 Jun 2022 02:57:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12569
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
200 OK 4.6 kB URL HTTP/2 earnme.club/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
earnme.club/wp-includes/js/comment-reply.min.js?ver=6.1.1
200 OK 1.2 kB URL HTTP/2 earnme.club/wp-includes/js/comment-reply.min.js?ver=6.1.1
IP
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2946)
Hash 7d8acf37582bf5212cbf4e31105de2ac
19581f31ceed66b11804eb6a2b3d00d43f73f071
d48d28cdb9d3dd8b812129663e5cc8b373b67629e2e65988d2b274960f7b847f
GET /wp-includes/js/comment-reply.min.js?ver=6.1.1 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 02:57:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1228
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
tg1.playstream.media/api/adserver/spt?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f
200 OK 7.0 kB URL HTTP/1.1 tg1.playstream.media/api/adserver/spt?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (3499)
Hash 56d182502661ddcdda999647f0cbdab3
ab9b4a3b6504d248b427e95d0eb09e1533f4373c
6f2beed6234ac140ce5af12486f12421e3bbccb08fbd3784ee338528316be135
GET /api/adserver/spt?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f HTTP/1.1
Host: tg1.playstream.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
Access-Control-Allow-Headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With,avsptstaging
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 6997
Cache-Control: max-age=300
Expires: Mon, 28 Nov 2022 15:15:26 GMT
Date: Mon, 28 Nov 2022 15:10:26 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
200 OK 278 B IP
Hash ebc7eeff85e1cb1c98a56b6120e06744
3980e5e71e059822d5bd404e3f6c336c3e30a91f
d5c8a264e548f5f634fed4265a68b8e511bc5c860756cfca8340513e9288af51
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5603
Cache-Control: max-age=122747
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Etag: "6383f5fa-116"
Expires: Wed, 30 Nov 2022 01:16:13 GMT
Last-Modified: Sun, 27 Nov 2022 23:42:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
www.googletagmanager.com/gtag/js?id=G-LY1N2M6E7Y
200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-LY1N2M6E7Y
IP
File type ASCII text, with very long lines (19102)
Hash fccc725f7b268b51d36dac5942096fe0
c7eaf3932caacf61705024efa6f75f141a2af33e
ae630381db4fe9f62affdc753c75851df487276fb916c9c26706f3af53916a6b
GET /gtag/js?id=G-LY1N2M6E7Y HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 15:10:26 GMT
expires: Mon, 28 Nov 2022 15:10:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 14:11:12 GMT
cache-control: public,max-age=3600
age: 3554
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3491
Cache-Control: max-age=154480
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:05:06 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 280 B IP
Hash 5132689a8f97d42c17450e61e328435a
3f0cf7b168d4f91683b7e76d88db34c7e217c54f
b3b88e2a12f149b89ef6e8013c6804d3b1a5589cf4d0130c1531f39e487bc334
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5200
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:26 GMT
Last-Modified: Mon, 28 Nov 2022 13:43:46 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
a.teads.tv/analytics/tag.js
200 OK 3.4 kB URL HTTP/2 a.teads.tv/analytics/tag.js
IP
File type ASCII text, with very long lines (4822)
Hash 6ddfb3a828a563a7719081ff9aeedaba
80286455b7c85311df5f997714b83380ac02fd6d
826524e59a21d4190f923f804a17db1513e1ee3cb4a5ed12f3bb6a5b4f370835
GET /analytics/tag.js HTTP/1.1
Host: a.teads.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +hi3J8gLh7odTbzzwPTTi1cNLRiMIMeCbLwhFS3fdhvnkPc6F/KidF+aylAlaVgqP4umQC5X3TY=
x-amz-request-id: VYTSDGA8QVA7F7Y0
last-modified: Wed, 02 Nov 2022 09:38:15 GMT
etag: "6ddfb3a828a563a7719081ff9aeedaba"
x-amz-server-side-encryption: AES256
x-amz-version-id: Y6qsPmt0o95KDo3Ibo2euzqSnxQebNV8
accept-ranges: bytes
content-type: text/javascript;charset=utf-8
content-length: 3391
cache-control: private, max-age=3600
date: Mon, 28 Nov 2022 15:10:26 GMT
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
c.amazon-adsystem.com/aax2/apstag.js
301 Moved Permanently 167 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 167
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
server: CloudFront
date: Mon, 28 Nov 2022 00:09:39 GMT
via: 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront), 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-P1
x-amz-cf-id: NjFTxKwyn6jMPJxZmhXt29xgkEuismRkHqLK-PWHbgW5TxxhvtQkiQ==
age: 54047
X-Firefox-Spdy: h2
htlbid.com/v3/earnme.club/adsstarbid.css
200 OK 0 B URL HTTP/2 htlbid.com/v3/earnme.club/adsstarbid.css
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/earnme.club/adsstarbid.css HTTP/1.1
Host: htlbid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 0
date: Mon, 28 Nov 2022 15:10:27 GMT
last-modified: Tue, 25 Oct 2022 01:26:49 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
cache-control: max-age=600
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wFKu3gpp7ZAaEMe2JigpmnMigEmAf_aoEpU9YDMd7eH5OorNMjrKzg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 87c98a1210e04280ae16fbbd1caeaaae
c409a93ea772b3797ba4ef658df44782fc03b615
ca9aa29115c9d5284c90547d101d4a876a9c379255b498697c0830e30a267719
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA9AA29115C9D5284C90547D101D4A876A9C379255B498697C0830E30A267719"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11333
Expires: Mon, 28 Nov 2022 18:19:20 GMT
Date: Mon, 28 Nov 2022 15:10:27 GMT
Connection: keep-alive
player.avplayer.com/script/2/v/avcplayer.js
200 OK 61 kB URL HTTP/2 player.avplayer.com/script/2/v/avcplayer.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9dff0335699f04080269947f40c366ae
8447df4f8b168d9c506630f96ef95002c2c6eb28
157b5912ad26a879f38d0dafb1fce2def6df3168a08f991d6203463375fa32fc
GET /script/2/v/avcplayer.js HTTP/1.1
Host: player.avplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 03 Mar 2022 17:18:44 GMT
etag: "9dff0335699f04080269947f40c366ae"
x-guploader-uploadid: ADPycdtu-4lkKnewYrLZAQ6C3FYocqKyAEpTHAcTl1fhfCPCh7vxR-IJqbD_5jBst3P2Kl4LF2YOsUpbgaREFcUSdQ
server: UploadServer
x-goog-generation: 1646327924579580
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 61326
content-type: application/javascript
content-encoding: gzip
content-language: en
x-goog-hash: crc32c=DITkQg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 61326
cache-control: public, max-age=300
expires: Mon, 28 Nov 2022 15:15:27 GMT
date: Mon, 28 Nov 2022 15:10:27 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bT82Xl9l6jpmi2GcIxZLMA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aY0YZxnO6S5qy3uhx9vtMhdgaog=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600
200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600
IP
Hash bc495e83ee72e983deb5acdae7f24808
c2bf34267fc470fdf2009d71217f819dd28c1ca8
107a1e9f83fb30209c3130ef09aa7f9ea3b8ddde7d4c014f37ebf9092c2b0ceb
GET /css?family=Open+Sans:400,400italic,700,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 15:10:26 GMT
date: Mon, 28 Nov 2022 15:10:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
flashnetic.com/c/uv85s8wiydoa62b7a5wma.json
200 OK 1.6 kB URL HTTP/2 flashnetic.com/c/uv85s8wiydoa62b7a5wma.json
IP
File type JSON data\012- , ASCII text, with very long lines (1553), with no line terminators
Hash 69dae478ddf7e8986fcdaf90bc486766
c34dc685a360ed457577de13459acfb6b93c29ac
9a0fda7bca53807a574a641ba6e1c70b4b335bb745d6bf73c239b3701f167cf8
GET /c/uv85s8wiydoa62b7a5wma.json HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Origin: https://earnme.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 1553
last-modified: Thu, 10 Nov 2022 13:02:29 GMT
x-amz-version-id: vLfcoHrJbiywLviWxCWpJFlKfUSPjPJN
accept-ranges: bytes
server: AmazonS3
date: Sun, 27 Nov 2022 16:34:01 GMT
etag: "69dae478ddf7e8986fcdaf90bc486766"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2iV388NJsDuv9H3olT_9OKuNJm47GozN_NHfHVuq3h6sQF4jsH3YxA==
age: 81387
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
flashnetic.com/c/ao0y4krv21gsuol1v4o82.json
200 OK 1.5 kB URL HTTP/2 flashnetic.com/c/ao0y4krv21gsuol1v4o82.json
IP
File type JSON data\012- , ASCII text, with very long lines (1549), with no line terminators
Hash 1165eba4e9339ec6a75e2840289faa43
db56c86b19395e001685ec547ca62be13cf8065c
ad032d1cf528ab452328c93f4e286e5034be1a9e5c74da91d2828d6a50caa6c9
GET /c/ao0y4krv21gsuol1v4o82.json HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Origin: https://earnme.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 1549
date: Mon, 28 Nov 2022 02:53:25 GMT
last-modified: Thu, 10 Nov 2022 12:56:57 GMT
etag: "1165eba4e9339ec6a75e2840289faa43"
x-amz-version-id: Acn7r8ZMd7YG6M0YfdycNmVJVXl9rg7Z
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YDjew2Vfp5QvGJaHKBG-H8J6kXN5cGyPNLeYSFzAK6Ou1YHBwjMteg==
age: 44223
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
flashnetic.com/c/tvdi2ru09cf0ymc0mwei9.json
200 OK 1.6 kB URL HTTP/2 flashnetic.com/c/tvdi2ru09cf0ymc0mwei9.json
IP
File type JSON data\012- , ASCII text, with very long lines (1553), with no line terminators
Hash 33d98cba57a28b885c123495ff78571c
6e7f0f62bdbe8168ee0a7f714039e7496a81da60
b5bb863c6910d0c861eeeaa51d06324486b9d280f11a11ccfd77c305283fa912
GET /c/tvdi2ru09cf0ymc0mwei9.json HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Origin: https://earnme.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 1553
last-modified: Thu, 10 Nov 2022 13:02:28 GMT
x-amz-version-id: qsp7d0tsTDbCsoRHwVoQTtR594IYsbh7
accept-ranges: bytes
server: AmazonS3
date: Sun, 27 Nov 2022 16:34:02 GMT
etag: "33d98cba57a28b885c123495ff78571c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MabA3tRwQdV6miv15fEpLzxBOUgAumEyDPJlKju9PUuazbaoI6v-pw==
age: 81386
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cat.hbwrapper.com/
200 OK 15 B IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash 0f0479874bf6f4a7281099b15df27c27
55a490e280d48996e564d00492437eb17faadd28
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
POST / HTTP/1.1
Host: cat.hbwrapper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 143
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:27 GMT
Server: Apache
Access-Control-Allow-Origin: https://earnme.club
Access-Control-Allow-Credentials: true
Content-Length: 15
Connection: close
Content-Type: text/html; charset=UTF-8
htlbid.com/v3/earnme.club/adsstarbid.js
200 OK 162 kB URL HTTP/2 htlbid.com/v3/earnme.club/adsstarbid.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (162517 bytes)
Hash 8d0fe5be676768510afab685d6f7b03a
214b4d985b8aef4c35ed4ff0e32fd65fb3e78973
0dafc02bc36588c8d956908e8a44c7f9fa6b9cf99dc06741aa8fa013caccc23e
GET /v3/earnme.club/adsstarbid.js HTTP/1.1
Host: htlbid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 28 Nov 2022 15:10:27 GMT
last-modified: Tue, 25 Oct 2022 01:26:50 GMT
etag: W/"1ea29fd33009479fcb62010b895791c1"
cache-control: max-age=600
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PqvCQn97MQ1A-YIsJoiKZF5hgI1B3nMhOeol7l_ABKQYWgB8B_ePJQ==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4acf600e44588145b99fd03f1ad7d247
2b625f4e70dae688a9aa3ba41a464d181d8851bf
4bb583a5d06ac6272c68b6acc63bfd42fb022379718b19e372cc472b9eebf2a5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=104079
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6383a9fc-1d7"
Expires: Tue, 29 Nov 2022 20:05:06 GMT
Last-Modified: Sun, 27 Nov 2022 18:18:36 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9S2puWz7Y8Ysy8gllh0dGYOwQnfbBVFztU9lQfLxllyojXqJFfuhdw==
Age: 6390
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3f7731ddd204170584d12c5c5dc4f87f
b7348a116c6b763d76afdcd4e703350e6489c230
e895bf098c3c42316a6969ea94e306ec01aa32c0d8e1df2ac3cc24bbe41940b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E895BF098C3C42316A6969EA94E306EC01AA32C0D8E1DF2AC3CC24BBE41940B3"
Last-Modified: Sun, 27 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13523
Expires: Mon, 28 Nov 2022 18:55:50 GMT
Date: Mon, 28 Nov 2022 15:10:27 GMT
Connection: keep-alive
cdn.playstream.media/logo.png
200 OK 1.3 kB URL HTTP/2 cdn.playstream.media/logo.png
IP
ASN #60068 Datacamp Limited
File type PNG image data, 32 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash b0fb81e9e278d867bb73f8a6cde236f2
ca10201696f69919ff9541bb549de2d0b065eb8e
875a318ebf906866ab16eb2e848924b12c38f7d33ae1c6e72244aba92faa9b7b
GET /logo.png HTTP/1.1
Host: cdn.playstream.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: image/png
content-length: 1265
server: BunnyCDN-DE1-755
cdn-pullzone: 1027527
cdn-uid: 6740a699-531f-4e34-81bd-7039b1357022
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 19 Jan 2021 07:48:16 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 11/21/2022 14:10:19
cdn-edgestorageid: 864
cdn-status: 200
cdn-requestid: b5f60f3bc84e56a163afa05e4097b826
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
track1.aniview.com/track?pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&cb=1669648226345&r=earnme.club&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d65=&d66=7&e=playerLoaded
200 OK 0 B URL HTTP/2 track1.aniview.com/track?pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&cb=1669648226345&r=earnme.club&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d65=&d66=7&e=playerLoaded
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track?pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&cb=1669648226345&r=earnme.club&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d65=&d66=7&e=playerLoaded HTTP/1.1
Host: track1.aniview.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-length: 0
cache-control: max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 4f273b4771affbb386baa0f89682e2e3
f1cb414f17c19666970cac278d72ac55088c7939
46040d520feb12b2dee8956ad589082d60120e82b62822eaf90e38366e0e87b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2359
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6384a5d9-117"
Expires: Wed, 30 Nov 2022 12:52:32 GMT
Last-Modified: Mon, 28 Nov 2022 12:13:13 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 798d62ad2c123a3618d44775fd56d573
17cff51183200de1887307a574a458072cdcfb2b
7adea8202277e8142102b645cdfcbfe3ff21e447ea10681bb4b399d7e4a4de03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2108
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Last-Modified: Mon, 28 Nov 2022 14:35:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 38eb09afa09351c1b589f6497f8e9562
b523415b505bfbee2e5d7b3a114bace61509549d
24e75f655eafc22419fe464382c210172a715a10dfc77d04e339400f9d0fdfd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24E75F655EAFC22419FE464382C210172A715A10DFC77D04E339400F9D0FDFD8"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8603
Expires: Mon, 28 Nov 2022 17:33:50 GMT
Date: Mon, 28 Nov 2022 15:10:27 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 314 B IP
Hash 3a8d8cae7836fec364cbab58fe19d1a2
dcf7ebadb3309fe2c15bc37a43f290044f43d8a5
d8cf528d97404e8dde8a0ab7352c333618710ff982734553c0a97af811b47a61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5017
Cache-Control: max-age=124707
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6383ffed-13a"
Expires: Wed, 30 Nov 2022 01:48:54 GMT
Last-Modified: Mon, 28 Nov 2022 00:25:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
status.geotrust.com/
200 OK 471 B IP
Hash 004a45df479192682009ac4c30050167
80357e614fd6b26ac4555bc68a75ac047678c342
92150b792f3aa0c105e8a969b4d38c212fdd4514a8dece626ef827e03103b594
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4923
Cache-Control: max-age=90382
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "63837a36-1d7"
Expires: Tue, 29 Nov 2022 16:16:49 GMT
Last-Modified: Sun, 27 Nov 2022 14:54:46 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
prebid.a-mo.net/a/c
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1161
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
cache-control: max-age=0, private, must-revalidate
date: Mon, 28 Nov 2022 15:10:27 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 72f2ac131e815b9e4a038cd514b9de16
6f21db8ed6dc5be51d0c76512544507039f8f113
837cb1dd548ee81b4d058eb2c1bc45349763c603006ea188b56035f31efc6e2d
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3609
Cache-Control: max-age=107788
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6383c356-1d7"
Expires: Tue, 29 Nov 2022 21:06:55 GMT
Last-Modified: Sun, 27 Nov 2022 20:06:46 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
htlb.casalemedia.com/openrtb/pbjs?s=775312&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2225b2d59ce017ace8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.google.com%2F%22%2C%22page%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22domain%22%3A%22earnme.club%22%2C%22publisher%22%3A%7B%22domain%22%3A%22earnme.club%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Atrue%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.21.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22adunitcode%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%2C%22divId%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22265bdbf11be7d7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%5D%2C%22pos%22%3A3%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22gpid%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22tid%22%3A%22a85a9af7-d1be-42da-bb60-dbee994dc1db%22%7D%2C%22bidfloor%22%3A0.01%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22142ce499-afaf-4721-a01f-615b6946e3d6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adapex.io%22%2C%22sid%22%3A%22s1602%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22840c179e-c49d-40db-ba34-50b8a7718ad4%22%7D%5D%7D%5D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
200 OK 38 B URL HTTP/2 htlb.casalemedia.com/openrtb/pbjs?s=775312&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2225b2d59ce017ace8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.google.com%2F%22%2C%22page%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22domain%22%3A%22earnme.club%22%2C%22publisher%22%3A%7B%22domain%22%3A%22earnme.club%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Atrue%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.21.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22adunitcode%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%2C%22divId%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22265bdbf11be7d7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%5D%2C%22pos%22%3A3%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22gpid%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22tid%22%3A%22a85a9af7-d1be-42da-bb60-dbee994dc1db%22%7D%2C%22bidfloor%22%3A0.01%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22142ce499-afaf-4721-a01f-615b6946e3d6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adapex.io%22%2C%22sid%22%3A%22s1602%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22840c179e-c49d-40db-ba34-50b8a7718ad4%22%7D%5D%7D%5D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 1121d9bcbd98a14523962df8ad34a3c3
e52ad938e7efe5e5d041f6eab3647181c0e48a87
341043867927b2a7271fbb556647ecedea0c44d17a501f01127a863ed0afbadf
GET /openrtb/pbjs?s=775312&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2225b2d59ce017ace8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.google.com%2F%22%2C%22page%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22domain%22%3A%22earnme.club%22%2C%22publisher%22%3A%7B%22domain%22%3A%22earnme.club%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Atrue%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.21.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22adunitcode%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%2C%22divId%22%3A%2256af7d13-91c2-43b1-98fa-ef2c34f0aac8%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22265bdbf11be7d7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22775312%22%2C%22fl%22%3A%22p%22%2C%22bidfloor%22%3A0.01%7D%7D%5D%2C%22pos%22%3A3%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22gpid%22%3A%22%2F22181265%2Femc_300v_2%22%2C%22tid%22%3A%22a85a9af7-d1be-42da-bb60-dbee994dc1db%22%7D%2C%22bidfloor%22%3A0.01%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22142ce499-afaf-4721-a01f-615b6946e3d6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adapex.io%22%2C%22sid%22%3A%22s1602%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22840c179e-c49d-40db-ba34-50b8a7718ad4%22%7D%5D%7D%5D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D HTTP/1.1
Host: htlb.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/json
content-length: 38
cf-ray: 771407ce0eb30afe-OSL
access-control-allow-origin: https://earnme.club
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqfqDxuqK889agBUZbuafeCvuoE6o3no12YGn6053o0P5anLp1C%2Fxt0rTpzweMnpnKMLrBwAvZazaoFWp9pO2JSBPxdWvFWAue86EE3YBaSQB4DG8gzR8vxueRa%2BNbaExrASeo%2Fa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 837ab321cb7d4d55b8f0bf9561969c53
6fb2b042e56579b60c3cdc42d3226adc972660d9
e08aa1b3487b0288b982117f1b79a102050b56a1fe8d6b7999563ebce72312a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4640
Cache-Control: max-age=126833
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "638409b4-1d7"
Expires: Wed, 30 Nov 2022 02:24:20 GMT
Last-Modified: Mon, 28 Nov 2022 01:07:00 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 4f273b4771affbb386baa0f89682e2e3
f1cb414f17c19666970cac278d72ac55088c7939
46040d520feb12b2dee8956ad589082d60120e82b62822eaf90e38366e0e87b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2359
Cache-Control: max-age=164525
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6384a5d9-117"
Expires: Wed, 30 Nov 2022 12:52:32 GMT
Last-Modified: Mon, 28 Nov 2022 12:13:13 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
digikulture-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=a85a9af7-d1be-42da-bb60-dbee994dc1db&nocache=1669648226849&us_privacy=1---&pubcid=840c179e-c49d-40db-ba34-50b8a7718ad4&schain=1.0%2C1!adapex.io%2Cs1602%2C1%2C%2C%2C&aus=300x250%2C336x280&divids=56af7d13-91c2-43b1-98fa-ef2c34f0aac8&aucs=%252F22181265%252Femc_300v_2&auid=556580798&aumfs=10
200 OK 79 B URL HTTP/2 digikulture-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=a85a9af7-d1be-42da-bb60-dbee994dc1db&nocache=1669648226849&us_privacy=1---&pubcid=840c179e-c49d-40db-ba34-50b8a7718ad4&schain=1.0%2C1!adapex.io%2Cs1602%2C1%2C%2C%2C&aus=300x250%2C336x280&divids=56af7d13-91c2-43b1-98fa-ef2c34f0aac8&aucs=%252F22181265%252Femc_300v_2&auid=556580798&aumfs=10
IP
File type JSON data\012- , ASCII text
Hash 34ff5ec26bd4af2e6698be09e7fbd501
918bc33869f3771a83b796173a34b45e7309e5d7
8274f988e3ed8e98bd16805629c61f289401376f1faf403a7c8d082ca145dc4c
GET /w/1.0/arj?ju=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ch=UTF-8&res=1280x1024x24&ifr=false&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=a85a9af7-d1be-42da-bb60-dbee994dc1db&nocache=1669648226849&us_privacy=1---&pubcid=840c179e-c49d-40db-ba34-50b8a7718ad4&schain=1.0%2C1!adapex.io%2Cs1602%2C1%2C%2C%2C&aus=300x250%2C336x280&divids=56af7d13-91c2-43b1-98fa-ef2c34f0aac8&aucs=%252F22181265%252Femc_300v_2&auid=556580798&aumfs=10 HTTP/1.1
Host: digikulture-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=62176a72a06fe80ba569d18f
200 OK 116 kB URL HTTP/2 player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=62176a72a06fe80ba569d18f
IP
File type Unicode text, UTF-8 text, with very long lines (24431), with LF, NEL line terminators
Size 116 kB (116255 bytes)
Hash c9fe0e82e89858bc88df0ab620c8184e
f321b4d357d5d95d42196ec0ac46d988c05235f5
5dcbc5c5c3f68a211ea74eb18d3c9df4256c772d073806b3946018cfff0c98ad
GET /script/6.1/AVmanager.js?v=1.0&type=s&pid=62176a72a06fe80ba569d18f HTTP/1.1
Host: player.aniview.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvRBGWHS9r2Q4Ud0XMfW7_nmulf92R85ztrcYE6S4uUhDVjHiUVsS4WWSfOJKu73dsP3RT9E7Z1aoiu42ZnL5ud
last-modified: Thu, 24 Nov 2022 08:17:14 GMT
etag: "c9fe0e82e89858bc88df0ab620c8184e"
x-goog-generation: 1669277833905411
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 116255
content-type: application/javascript
content-encoding: gzip
x-goog-hash: crc32c=2ocJpQ==, md5=yf4OguiYWLyI3wq2IMgYTg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 116255
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
cache-control: public, max-age=600
expires: Mon, 28 Nov 2022 15:20:27 GMT
date: Mon, 28 Nov 2022 15:10:27 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 6cc761aefded9f4a50bca59754041d2f
216c80b9a57a89b3c17f2cbd10149c4befea87ea
94cf4b4090f50f8bb6821cdc07635d0f11ebc4c7616d4ea1675c948352fa9a4b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 07:45:27 GMT
Expires: Sat, 03 Dec 2022 07:45:26 GMT
Etag: "216c80b9a57a89b3c17f2cbd10149c4befea87ea"
Cache-Control: max-age=404698,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771407ce8c01b518-OSL
ocsp.digicert.com/
200 OK 314 B IP
Hash e2719662331235eab22354739e4dc7f6
0c551405dde991d90c609eac59209b4456ab63b0
6b99c1c9184d1cf2799a5d02ad358e2050788f0f7365e8e9b22ab80208c40410
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1819
Cache-Control: max-age=159997
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "63849645-13a"
Expires: Wed, 30 Nov 2022 11:37:04 GMT
Last-Modified: Mon, 28 Nov 2022 11:06:45 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
ib.adnxs.com/ut/v3/prebid
200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 64655e6b4496b12af1b7f8fa82177a48
a9046abe86f7efd0a62e0717d99048f8536dcd96
447f7a77256ab31b718db1a41cfce589cc1abd0c8d6def11c0c9ff2d46090f73
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 708
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:27 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://earnme.club
AN-X-Request-Uuid: c0ace4f6-40cd-440e-86c0-49ed91a9fe9b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17262&site_id=409752&zone_id=2294692&size_id=15&alt_size_ids=16&p_pos=btf&us_privacy=1---&rp_schain=1.0,1!adapex.io,s1602,1,,,&eid_pubcid.org=840c179e-c49d-40db-ba34-50b8a7718ad4%5E1&rf=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F22181265%2Femc_300v_2&tg_i.gpid=%2F22181265%2Femc_300v_2&tk_flint=pbjs_lite_v7.21.0&x_source.tid=a85a9af7-d1be-42da-bb60-dbee994dc1db&l_pb_bid_id=35f5359cc7f2aa&p_screen_res=1280x1024&rp_secure=1&rp_hard_floor=0.01&rp_maxbids=1&p_gpid=%2F22181265%2Femc_300v_2&slots=1&rand=0.4029223795197183
200 OK 439 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17262&site_id=409752&zone_id=2294692&size_id=15&alt_size_ids=16&p_pos=btf&us_privacy=1---&rp_schain=1.0,1!adapex.io,s1602,1,,,&eid_pubcid.org=840c179e-c49d-40db-ba34-50b8a7718ad4%5E1&rf=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F22181265%2Femc_300v_2&tg_i.gpid=%2F22181265%2Femc_300v_2&tk_flint=pbjs_lite_v7.21.0&x_source.tid=a85a9af7-d1be-42da-bb60-dbee994dc1db&l_pb_bid_id=35f5359cc7f2aa&p_screen_res=1280x1024&rp_secure=1&rp_hard_floor=0.01&rp_maxbids=1&p_gpid=%2F22181265%2Femc_300v_2&slots=1&rand=0.4029223795197183
IP
File type JSON data\012- , ASCII text, with very long lines (439), with no line terminators
Hash ea78ab7a1dadf76a5889a66f2b608edb
64432d5d48408bf2f0b3b13704e0ed5ac57bfe45
ddbd16c6f7c9de9128e5c7a107df937d47b2c052cadab297364f9b6145c0179c
GET /a/api/fastlane.json?account_id=17262&site_id=409752&zone_id=2294692&size_id=15&alt_size_ids=16&p_pos=btf&us_privacy=1---&rp_schain=1.0,1!adapex.io,s1602,1,,,&eid_pubcid.org=840c179e-c49d-40db-ba34-50b8a7718ad4%5E1&rf=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F22181265%2Femc_300v_2&tg_i.gpid=%2F22181265%2Femc_300v_2&tk_flint=pbjs_lite_v7.21.0&x_source.tid=a85a9af7-d1be-42da-bb60-dbee994dc1db&l_pb_bid_id=35f5359cc7f2aa&p_screen_res=1280x1024&rp_secure=1&rp_hard_floor=0.01&rp_maxbids=1&p_gpid=%2F22181265%2Femc_300v_2&slots=1&rand=0.4029223795197183 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG1MN-K-BH06; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:27 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqiWsmau1iTzu9DtVM30fCgX9j0V4idhPuCdIwMlBCX4nvs5xm8c681tq9R0N6+0FT56RUKFmksN9APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:27 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 439
X-Firefox-Spdy: h2
onetag-sys.com/prebid-request
200 OK 41 B URL HTTP/2 onetag-sys.com/prebid-request
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 1c15203d1319c02fe2a06d78bc45eccf
40386992654bdda331c8f6eb21ac79de396119ee
cc81a9c5e7147dba347b0ffd34f64e9a7c40f25782569fec5c3fc68b4017badb
POST /prebid-request HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1358
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://earnme.club
access-control-allow-headers: content-type, origin, referer, user-agent
access-control-allow-credentials: true
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
content-type: application/json
content-encoding: gzip
content-length: 41
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.21.0&cb=65975494085&lsavail=1
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.21.0&cb=65975494085&lsavail=1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.21.0&cb=65975494085&lsavail=1 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 771
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://earnme.club
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
track1.avplayer.com/ctrack?pt=2&cmid=&cwid=&cvid=&pid=62176a72a06fe80ba569d18f&r=earnme.club&sn=&cd1=&cd2=&cd3=&app=&wi=640&he=361&test=&vi=100&e=cpll&cb=1669648226677
200 OK 0 B URL HTTP/2 track1.avplayer.com/ctrack?pt=2&cmid=&cwid=&cvid=&pid=62176a72a06fe80ba569d18f&r=earnme.club&sn=&cd1=&cd2=&cd3=&app=&wi=640&he=361&test=&vi=100&e=cpll&cb=1669648226677
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ctrack?pt=2&cmid=&cwid=&cvid=&pid=62176a72a06fe80ba569d18f&r=earnme.club&sn=&cd1=&cd2=&cd3=&app=&wi=640&he=361&test=&vi=100&e=cpll&cb=1669648226677 HTTP/1.1
Host: track1.avplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-length: 0
cache-control: max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
prebid.adnxs.com/pbs/v1/openrtb2/auction
200 OK 258 B URL HTTP/1.1 prebid.adnxs.com/pbs/v1/openrtb2/auction
IP
File type JSON data\012- , ASCII text, with very long lines (320)
Hash 4214f8916e722cc71170b6efc2a0385c
9d8f532694ecb0e95ad5102f0c34eea61c8f807b
96a7c8b0fb930bb593e082acf13f8be0aee0eed67a69a54473f3c404d7e923fc
POST /pbs/v1/openrtb2/auction HTTP/1.1
Host: prebid.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1882
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:27 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://earnme.club
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Vary: Accept-Encoding, Origin
X-Prebid: pbs-go/0.232.0
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 280 B IP
Hash a8878e35ed88a18f0b92f8139bc433a3
6f87c486f43e9c795996487e7efa883a1abaefe0
a4b7f9d3c52642489d9d238bb84857164447b46e46e1e08696549bb8fb93b3d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4071
Cache-Control: max-age=117594
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Etag: "6383e7d6-118"
Expires: Tue, 29 Nov 2022 23:50:21 GMT
Last-Modified: Sun, 27 Nov 2022 22:42:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5c8551591e515d9029e8c9a29804eecb
1298f0c1b78880a93b57d06eeecddc8f668208b9
87bd2ac1ed0fcd041651ce64766499da60cc349352b42f5bf28ace8ef647a72a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:27 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 01:56:51 GMT
Expires: Sat, 03 Dec 2022 01:56:50 GMT
Etag: "1298f0c1b78880a93b57d06eeecddc8f668208b9"
Cache-Control: max-age=383782,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771407cf8d18b518-OSL
grid.bidswitch.net/hbjson
200 OK 50 B URL HTTP/2 grid.bidswitch.net/hbjson
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c77d5b8ef1ff0f2db04f2b5c8f67557
291cc7dd78fb4e36c79005226425c49dfdcbb7ff
5c4255a57ed82d75fe2e0ee760675c902980687a190fe0c7b6f08015204018dd
POST /hbjson HTTP/1.1
Host: grid.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 812
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/json
content-length: 50
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 6ceeb0fa8f792106679e242104e3110b
f060d3fe81ce002009a179501531d07c1c7a07da
e39934fce99325a9bab3ca1e4f4de18c24851fa4b6c39235a33ed47d3657c014
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4748
Cache-Control: max-age=140255
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:28 GMT
Etag: "63843db7-1d7"
Expires: Wed, 30 Nov 2022 06:08:03 GMT
Last-Modified: Mon, 28 Nov 2022 04:48:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 6ceeb0fa8f792106679e242104e3110b
f060d3fe81ce002009a179501531d07c1c7a07da
e39934fce99325a9bab3ca1e4f4de18c24851fa4b6c39235a33ed47d3657c014
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4748
Cache-Control: max-age=140255
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:28 GMT
Etag: "63843db7-1d7"
Expires: Wed, 30 Nov 2022 06:08:03 GMT
Last-Modified: Mon, 28 Nov 2022 04:48:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
track1.aniview.com/track?r=earnme.club&sn=&ic=0&tgt=0&app=&wi=640&he=361&test=&d36=6.2.64&apppkg=&fv=1&proto=https&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&e=inventory&vi=100&cb=1669648227344
200 OK 0 B URL HTTP/2 track1.aniview.com/track?r=earnme.club&sn=&ic=0&tgt=0&app=&wi=640&he=361&test=&d36=6.2.64&apppkg=&fv=1&proto=https&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&e=inventory&vi=100&cb=1669648227344
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track?r=earnme.club&sn=&ic=0&tgt=0&app=&wi=640&he=361&test=&d36=6.2.64&apppkg=&fv=1&proto=https&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&pid=62176a72a06fe80ba569d18f&cid=6278fd47e6b0901a49776895&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&e=inventory&vi=100&cb=1669648227344 HTTP/1.1
Host: track1.aniview.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:28 GMT
content-length: 0
cache-control: max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP
File type ASCII text, with very long lines (40310)
Hash 3097863d148e6cdfee35da37197a4199
af9c3a80ff613a6a0410ab252f5e2cb06343c85d
59466fd91db19a9c60aa70b5a2b48e21638d0dc554bff4d96a34bf678e174692
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27210
date: Mon, 28 Nov 2022 15:10:28 GMT
expires: Mon, 28 Nov 2022 15:10:28 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1405 / 187 of 1000 / last-modified: 1669637149"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c2shb.pubgw.yahoo.com/bidRequest
200 OK 0 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Referer: https://earnme.club/
Origin: https://earnme.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:28 GMT
content-length: 0
server: ATS/9.1.10.25
access-control-allow-origin: https://earnme.club
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-credentials: true
access-control-max-age: 600
age: 0
X-Firefox-Spdy: h2
c2shb.pubgw.yahoo.com/bidRequest
200 OK 0 B URL HTTP/2 c2shb.pubgw.yahoo.com/bidRequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bidRequest HTTP/1.1
Host: c2shb.pubgw.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Referer: https://earnme.club/
Origin: https://earnme.club
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:28 GMT
content-length: 0
server: ATS/9.1.10.25
access-control-allow-origin: https://earnme.club
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-credentials: true
access-control-max-age: 600
age: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
flashnetic.com/r/p.html?f=jvchwne&e=1979171841404
200 OK 2.4 kB URL HTTP/2 flashnetic.com/r/p.html?f=jvchwne&e=1979171841404
IP
Hash d6e3bd183c6292b067ed7038aa9bc2ac
5d47925a74f29da0c266e2068202ff06d412e343
eb8cf3abd2597f538b1b9d7c8f0de864364e64def5d2e077582c91f21d9f5bff
GET /r/p.html?f=jvchwne&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eahq1-GKdTdx2xqcu61TX-8SteWMTqtY-sh45dh5BUy3_0q0CEE8fQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ajnwlcf&e=1979171841404
200 OK 2.4 kB URL HTTP/2 flashnetic.com/r/p.html?f=ajnwlcf&e=1979171841404
IP
Hash 616689573cb87ddb346532d7c359ccab
3a98eb6f29872c798d99d02f355f8d1e1e055a24
126c8579c5689ccaf805dd3a9a3a6c6f52834997b96623d1b9f03b612dbac99e
GET /r/p.html?f=ajnwlcf&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xgWXlOGCZp-LoKt4_N7272jD0Wzpq-y9PFz4U7m_6i6zxWyKLfkJug==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=gafyulbxpm&e=1979171841404
200 OK 2.3 kB URL HTTP/2 flashnetic.com/r/p.html?f=gafyulbxpm&e=1979171841404
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=gafyulbxpm&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PmLl4Gitg_GJbmC39HEAA1TE9Yvwbojnxx_Lzl_Agm7ZEfRVAkGsuQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=gtfbmjad&e=1979171841404
200 OK 2.4 kB URL HTTP/2 flashnetic.com/r/p.html?f=gtfbmjad&e=1979171841404
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash 118866aacbe0a65107d6635a97510c5f
48fb9904a94b582ac2ff605b3bf6f04d1b341b3e
41813b2d30522e4de3856efe5367497347455a5b3fc17e46e6afb53dc2978bb5
GET /r/p.html?f=gtfbmjad&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jSLDjf4dNXXD3SPZzikzbDiyGfcYwVJSkw1E_TGtwroGpJ814XgYyw==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=owczub&e=1635039149730
200 OK 2.8 kB URL HTTP/2 flashnetic.com/r/p.html?f=owczub&e=1635039149730
IP
Hash 9be07b3eec9873cd84837a13f2203cd4
cd7a2424b580b49bdd1ac54bba1771b4b3244a67
63c7cd2193b60f385887123350e46b9f302eb0b43be0cb18a802d01e431ef0c8
GET /r/p.html?f=owczub&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PhAOeBvpD734oYo3ExRqph71sFAhEASnxUVvwWnIuPDY-JF8T7sbeg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f160c99d9a77a44663a7433fe4382bc0
dfe5becda1e37f9a54c1bc6c636f809f5923ad75
784dfb6e7a5e0d2f1c02136039b3388a96d156a9f4d9bdb0dc8cfa603c989d7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3505
Cache-Control: max-age=129682
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:28 GMT
Etag: "63841945-1d7"
Expires: Wed, 30 Nov 2022 03:11:50 GMT
Last-Modified: Mon, 28 Nov 2022 02:13:25 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club&tk_flint=pbjs_lite_v7.19.0&x_source.tid=b56cb104-4e2a-4abe-a10f-9ed906deaec3&l_pb_bid_id=83504724830dd68&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7940822417304466
200 OK 413 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club&tk_flint=pbjs_lite_v7.19.0&x_source.tid=b56cb104-4e2a-4abe-a10f-9ed906deaec3&l_pb_bid_id=83504724830dd68&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7940822417304466
IP
File type JSON data\012- , ASCII text, with very long lines (413), with no line terminators
Hash b0b95f18ba272f0f4e1d8b28548d3b45
029caddcd55c009652b960c0edeef3283f69b520
8e9350a2ea7f96f7ad7eeaecd77fc68b0b4a39454475ed188cb55a65f856c5cd
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club&tk_flint=pbjs_lite_v7.19.0&x_source.tid=b56cb104-4e2a-4abe-a10f-9ed906deaec3&l_pb_bid_id=83504724830dd68&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7940822417304466 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:28 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG229-A-HCG9; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:28 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qq10bRUoPiBFe9DtVM30fCgX9j0V4idhPutz8vx8NWHm3vs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:28 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 413
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=tbybdhxrv&e=1979171841404
200 OK 2.3 kB URL HTTP/2 flashnetic.com/r/p.html?f=tbybdhxrv&e=1979171841404
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=tbybdhxrv&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 35DyuAcafdskQplOJxr5vAACU22BxgN5S-zp8a2UziA_7nhWWcwnNA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=epygbays&e=1979171841404
200 OK 2.4 kB URL HTTP/2 flashnetic.com/r/p.html?f=epygbays&e=1979171841404
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash 118866aacbe0a65107d6635a97510c5f
48fb9904a94b582ac2ff605b3bf6f04d1b341b3e
41813b2d30522e4de3856efe5367497347455a5b3fc17e46e6afb53dc2978bb5
GET /r/p.html?f=epygbays&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r1dYGAzYnJ1CcFhrHipK7HJavIlnLAZcGScBrkrQaghaki8-Gl4P4g==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 146 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 506b3d4e450edb43b110252cd1b5b867
bda75fafeb8f98c81ac04c3e52962c79b61de392
0e6582d3e3a072965e181baab9467cdb275e70de8313401440879782d8666ef3
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 742
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:28 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 146
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://earnme.club
AN-X-Request-Uuid: 9d32c02a-833a-4f3d-add7-9ff8f12c686d
Set-Cookie: icu=ChkIv46FARAKGAEgASgBMOSek5wGOAFAAUgBEOSek5wGGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:28 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=3325949969352144557; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:28 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 313 B IP
Hash 0955fb76d74d6331a0d481395fc81535
91c9bc6ed56924012424c98791bb2a04b9545772
da640258c351540a056feffba942c7ee814d6dce3d28e40aa421554da1c50357
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3581
Cache-Control: max-age=92630
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:28 GMT
Etag: "6383883d-139"
Expires: Tue, 29 Nov 2022 16:54:18 GMT
Last-Modified: Sun, 27 Nov 2022 15:54:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
flashnetic.com/r/p.html?f=qqrixdwue&e=1315978926706
200 OK 3.1 kB URL HTTP/2 flashnetic.com/r/p.html?f=qqrixdwue&e=1315978926706
IP
Hash 3c9faf08d6db4a2985f8fe4be332a0dd
0912ee235ade0f886c956c5b9a70485aeb9443de
3a01909af9beed990660ae2626d03d34fd3d5a146d905b521ec15641ba580766
GET /r/p.html?f=qqrixdwue&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U2NnMCgQqhHuHxH10ir0Qwoc7Veo6QmormtyMu5rhDd9bQ8gLe0iag==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
200 OK 3.0 kB URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP
Hash 30ba4b4e3383aec47c8bee2b8d3d3170
2fb5500c1876e3ad6122362957df2457bc58a0b9
d0c8198cf5c5290d67f6ff82981e42bbc7132b2049046dbfa3079aaa7dbe95d9
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 18 Nov 2022 03:05:15 GMT
x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
server: AmazonS3
content-encoding: gzip
date: Mon, 28 Nov 2022 03:14:06 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FyscazgS7e08gX4NQTn6-CEE2BFNbpIDtdmb-E4cS2vEyFczuZw7FQ==
age: 42982
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=arlxirbyq&e=1979171841404
200 OK 2.8 kB URL HTTP/2 flashnetic.com/r/p.html?f=arlxirbyq&e=1979171841404
IP
Hash 4a23ba3e77dd6bfc1515812d0dac380d
168171b38e69ad4c5e91314aad7b71c2eefbb09b
43e9f5878237b13479ba91ccf86107a3f8b321f0a64c71933e034e880abd9691
GET /r/p.html?f=arlxirbyq&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rGx1iaj0K3Ieq16HFTh6Rd7S7vvnBEBCure21fQMxax-U_tzKZgvbQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 633
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:28 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://earnme.club
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=moyvwnl&e=1979171841404
200 OK 2.3 kB URL HTTP/2 flashnetic.com/r/p.html?f=moyvwnl&e=1979171841404
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=moyvwnl&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SzLKpfJxFUOuNEqO0NN0SdF2VydwMrCwfPzdHz42vd35OgAgb4ot-w==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=tkyrar&e=1635039149730
200 OK 2.3 kB URL HTTP/2 flashnetic.com/r/p.html?f=tkyrar&e=1635039149730
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash a61a069d6a33fb4b48d26dde229f7c1e
0e581c5b9392d34705c28e47f70da6b138f03136
3071ff1f936dcb4f6dee77859bd0d96fd681d17378f4b621e4947de749959f00
GET /r/p.html?f=tkyrar&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fU_8IFVxuzD_7-JsjobJZ0hrNzEPyHrL8JPVxIfyqD8mUwR08uIWXA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=laykhkfy&e=1315978926706
200 OK 2.8 kB URL HTTP/2 flashnetic.com/r/p.html?f=laykhkfy&e=1315978926706
IP
Hash 5b0fdda61c7552b5c5c9541b9a611efb
9740e553f15599f8a85bf6508f04e2ec1973918a
44435d8db2a79c88ea0c5ba11052a43803a9f2ebc38d80f7bceaa0c1e0b40043
GET /r/p.html?f=laykhkfy&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zWkFzeGzL230icy_6zxOm-Mtt04xT71fXgzJlu_ewqgfdiPTaxQLHA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=nzfmctld&e=1635039149730
200 OK 2.5 kB URL HTTP/2 flashnetic.com/r/p.html?f=nzfmctld&e=1635039149730
IP
Hash 88f51dedcc2c1d01c6147cf152eaa509
a58e5ec729a971fb013a35c84e8cd0b40fc24046
fb5c035fa0ab4c637f0f88fabc3a13e714c11b39fed10bf951f8101cd9be0642
GET /r/p.html?f=nzfmctld&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9Rwh9gpSW9eRaJigdXpVI_C8nSFusNqjygJR5ckpbk8R3v3kL1f9Gg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fearnme.club&pubid=1ad7261b-91ea-4b6f-b9e9-b83522205b75
200 OK 1.7 kB URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fearnme.club&pubid=1ad7261b-91ea-4b6f-b9e9-b83522205b75
IP
File type JSON data\012- , ASCII text, with very long lines (1726), with no line terminators
Hash fa2c1176463a6b44fb8de7b71492f62d
9335dfa33d16a0b06dd970d4c70c4fd113524e0a
9f9e9a6f8680601c36412dc2a4b26945c805037d977c536a0c2e929969377790
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fearnme.club&pubid=1ad7261b-91ea-4b6f-b9e9-b83522205b75 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=UTF-8
content-length: 1726
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Mon, 28 Nov 2022 13:54:50 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ISaBIWHGWFVE1R-_3HN0Ur9IM-bT0e74LNeCqUdsuAxKmdLwjRB36g==
age: 4538
X-Firefox-Spdy: h2
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 633
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:28 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://earnme.club
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
prebid.media.net/rtb/prebid?cid=8CUQWX43D
200 OK 3.2 kB URL HTTP/2 prebid.media.net/rtb/prebid?cid=8CUQWX43D
IP
Hash 4be7da29b4d3f42c5d3cb0e3355c7ee2
1dad1804f6f35f35f31f080ed8d3e6f24b38dc26
a9868c6e33ad967cb89fe03061acb5953cb985e45d41b75c7cff39149a782ae9
POST /rtb/prebid?cid=8CUQWX43D HTTP/1.1
Host: prebid.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 2488
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/json;charset=UTF-8
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
expires: Mon, 28 Nov 2022 15:10:27 GMT
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 527
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:28 GMT
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=tnkjodjfq&e=1315978926706
200 OK 2.4 kB URL HTTP/2 flashnetic.com/r/p.html?f=tnkjodjfq&e=1315978926706
IP
Hash 9abdd93b678c1f6d857d9a2330af03da
b72d2aef57a670f03ec32f06d6c422e4e6afad00
bb0477a273c5740cae1bc43501674c8c8eaa7396bb1ed52843351db6cf9092ae
GET /r/p.html?f=tnkjodjfq&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: D_4I2IkcUjf5YsTlwRy6hWN4rCKkYyOc6cTruJaVT56Nib34tMSmpg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=67973553720&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=67973553720&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=67973553720&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 558
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:28 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://earnme.club
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=vbbaxqc&e=1315978926706
200 OK 2.9 kB URL HTTP/2 flashnetic.com/r/p.html?f=vbbaxqc&e=1315978926706
IP
Hash 5704b26ba87589a58f955072782c94a8
a9d4ed6c57761bdc18cf0ac27c05586efc24e3ca
e7de4d8cf307c657747bcee795bb048f24b4086513cbc191c4f31c2913c0d8ef
GET /r/p.html?f=vbbaxqc&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1G_3mBGclq2oCwgDh2ytqfnU8VU6ag36Fe_GAAWDezqsRX6Ou7FUPQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 62325
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a6e5f60b87d3879606a6707feb37a73
373c96c2e0006d70954d4b4ebd850f62f558e92c
1ae48f692f44d357e21eec708b46f22c36a3de21be8d0f1c2035d197e0aa89de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9546
x-amzn-requestid: 60e352b5-ab38-4975-bf26-500f0a639a2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFfulExwIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637edff6-1364912f7fd292da6453a83e;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 03:07:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qtRAIXoswvTgNWZzaQE1WHZQXoJRtK9nKpusFtXH3pDRHH_DZtsLFw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 11:59:09 GMT
age: 11479
etag: "373c96c2e0006d70954d4b4ebd850f62f558e92c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12220
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 15:10:28 GMT
Connection: keep-alive
flashnetic.com/r/p.html?f=ofhx&e=1635039149730
200 OK 8.6 kB URL HTTP/2 flashnetic.com/r/p.html?f=ofhx&e=1635039149730
IP
Hash 01c22682ac9002f2067f3183ee6c9378
22f4fcd2440b3e87368ae967198a007d14937c19
539002c9b17c62af1a8329df2ebc3436ad3f86becb696803619374abf2d89c65
GET /r/p.html?f=ofhx&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7Rh36yKvel5AJc-MpP0aMTW7L9v8codwqpR_uvfYRArvprdFBrhehw==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=dqhwpoo&e=1635039149730
200 OK 3.0 kB URL HTTP/2 flashnetic.com/r/p.html?f=dqhwpoo&e=1635039149730
IP
Hash adfb1fc227e0b89c8f4e835f5b9a5fd0
977aaa7e1189445678674869f4200824acf9065e
e0e0f85997b9a4bcc6ffa8dad22abaeca0ec7cbad1196ab44e44fe916483a00c
GET /r/p.html?f=dqhwpoo&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Yav98OMmcrf9G2PFHHpmHofkqxxcP3nbJ-NKOLeOsUuqCAAajS8cog==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 61752
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2229032&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club_._2&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c0346f55-1794-4652-9d40-3f61827909ee&l_pb_bid_id=167803480730a7e&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3245361033175127
200 OK 417 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2229032&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club_._2&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c0346f55-1794-4652-9d40-3f61827909ee&l_pb_bid_id=167803480730a7e&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3245361033175127
IP
File type JSON data\012- , ASCII text, with very long lines (417), with no line terminators
Hash 147ea7320e148f8e9aba33764691714e
6f423701c4bbec34c7f9faca67df124663ba6ad8
dcb5f585331ead85075e6b66b797a92eda37d158fa9baceb09216a93a3bd0417
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2229032&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.ref=https%3A%2F%2Fwww.google.com%2F&tg_i.page=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&tg_i.domain=earnme.club&tg_i.pbadslot=%2F21671350435%2C22687820958%2F300x250-earnme.club_._2&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c0346f55-1794-4652-9d40-3f61827909ee&l_pb_bid_id=167803480730a7e&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3245361033175127 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:28 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG27G-Y-1D4N; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:28 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoF+r4AELG+RO9DtVM30fCgX9j0V4idhPutz8vx8NWHm3vs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:28 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 417
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ywccanw&e=1979171841404
200 OK 2.9 kB URL HTTP/2 flashnetic.com/r/p.html?f=ywccanw&e=1979171841404
IP
Hash 06b9b6a539fd85477c7709c83ea0fe69
0b96a4ec6f1da419479c0201f464abc3b0555032
5c24d0d51377b2aab4b18b53d7812337fda69763e71b5b9fdf7a938e704218ba
GET /r/p.html?f=ywccanw&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5KoOKjUdMzA70ymACbLabSXfXts-eHslmFhrT28PJPIBcSP_OPqOQg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 61742
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=mmbqkt&e=1635039149730
200 OK 11 kB URL HTTP/2 flashnetic.com/r/p.html?f=mmbqkt&e=1635039149730
IP
Hash 6c493c5caa051c764ef2ea221c538aac
56f112bf944075a7e4e597a2b20d3856d1b95631
0f8cd052e7b404ba85ee6fc9269c8c0a1cfbafc043dc2c806811de53e72c3e66
GET /r/p.html?f=mmbqkt&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p6ezdk7sIOxkYlTRgqzOud5TAkFWGn95PRDmI-J4hg-FR2qrMNmURQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ivwmr&e=1979171841404
200 OK 2.9 kB URL HTTP/2 flashnetic.com/r/p.html?f=ivwmr&e=1979171841404
IP
Hash 17c27c9949a4cceebd5aa709a53592fc
81ca155b53e6b437b910261e590e7e4d8c72a9ed
1e64f626c81d25abd712ace58321a272d172a8a0c5cab6294e9cebaf2ee5617b
GET /r/p.html?f=ivwmr&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Huxr0R6YH0gk6P8fZtQgIaN_lJRB_sgVi0og8k_037rkwh7znLh75w==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ahupdpp&e=1635039149730
200 OK 3.0 kB URL HTTP/2 flashnetic.com/r/p.html?f=ahupdpp&e=1635039149730
IP
Hash ef4988ea935dafbf55e1ca56945d4988
750ad1bd0a00f0049150e49e379fcfa014dc8538
53b58c3b2e248257697810d192cd1293b480243731cde8f21a30777acd6781e0
GET /r/p.html?f=ahupdpp&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9cRMU_qZRAFTLG0nttmUukBzOP7DPCM5aiIvYX_mQ-hCMOiJxcX9TQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 586 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1157), with no line terminators
Hash abe0f333fac8adc958eaf3ef33de8d8b
132f50988e716aa73baede657a3b6e0fdf56efc6
aa3d124bcc315130b492ff5e06b829a3fc4118a0187e7685f9658410615b41f4
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 410
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:28 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
pid=2780976098892664364; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450283730504&o=1; expires=Tue, 29 Nov 2022 15:10:28 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:28 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
200 OK 502 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1058), with no line terminators
Hash f49eecf1e1e6c1b98e5c557f9f54b72e
2d12ed17e5a6d77c8395f8eb83b8a4e00721e53b
3fdceccc91ccc87f3ba5292c0ed8491a59b502ff3cc8cd22ba0bb1f46b980c5b
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 413
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:27 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
vs=555020=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
pid=70656408593976837; expires=Tue, 28 Nov 2023 15:10:28 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450285002490&o=1; expires=Tue, 29 Nov 2022 15:10:28 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:28 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
flashnetic.com/r/p.html?f=qlvmbspj&e=1315978926706
200 OK 2.5 kB URL HTTP/2 flashnetic.com/r/p.html?f=qlvmbspj&e=1315978926706
IP
Hash e36ecb1d38e3c1905f11ff8462974636
9399297e7f51b777cb54c5a67db5ed31e3970a02
4c462ffa803aaa2d65348ce19a38e7193fdf24684b0adbc39f99765f274301b9
GET /r/p.html?f=qlvmbspj&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NL6Sj3ysazR6NUv1wh9-r8mNT4ES29TactzOxi65w9E_lJwYeLrsiQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 160e87d658ae5b6850f21d6b9ccc9d9d
85735ceeb0489413724a77890d5303b414ecbafd
74f3aa83c5763af8deb3d49ede9ed20de78629bdb425e3a99dfe916119870ddf
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169800
Date: Mon, 28 Nov 2022 15:10:29 GMT
Etag: "6384bc53-1d7"
Expires: Wed, 30 Nov 2022 14:20:29 GMT
Last-Modified: Mon, 28 Nov 2022 13:49:07 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8PYO16-ca88uyoRmJXMFADwNXCjLLp92qMRTyQoBF-miyPL6uN6ofA==
Age: 1882
ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=a56697b2617c
200 OK 68 B URL HTTP/1.1 ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=a56697b2617c
IP
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /1x1-pixel.png?id=a56697b2617c HTTP/1.1
Host: ams-pageview-public.s3.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Y42sI27XftQl8k2v5vemmyDDWqHvSXi6n9974tx8dxGRkC8xoh+LBeRW8GFtkCYWQeyO3qzLxgjSQjKbVVsV7w==
x-amz-request-id: HTNY6V54FA5RP9Q3
Date: Mon, 28 Nov 2022 15:10:30 GMT
Last-Modified: Mon, 26 Oct 2020 16:52:19 GMT
ETag: "91e42db1c66c0b276abf6234dc50b2eb"
Cache-Control: no-store
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 68
ads.pubmatic.com/AdServer/js/pwt/157742/7600
301 Moved Permanently 261 B URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/157742/7600
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 062136e3a621e033fe962c1b279eec4c
d38b6ab78d6b6ccf1cc926379e426c9780c90eb2
c0ab28cf312ba7e04fdeabf8173ca9e1809281aa9fde276981842e71020c2c41
GET /AdServer/js/pwt/157742/7600 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: Apache
location: https://ads.pubmatic.com/AdServer/js/pwt/157742/7600/
content-length: 261
content-type: text/html; charset=iso-8859-1
cache-control: max-age=50226
expires: Tue, 29 Nov 2022 05:07:35 GMT
date: Mon, 28 Nov 2022 15:10:29 GMT
X-Firefox-Spdy: h2
track1.aniview.com/track?d=Firefox&cou=NO&cos=Windows&r=earnme.club&rs=earnme.club&sid=12714&t=1669648228&cip=91.90.42.154&sn=&tgt=0&osv=10&bv=105.0&brn=Firefox&wi=640&he=361&app=&AV_PUBLISHERID=62176a72a06fe80ba569d18f&test=&d64=44fbd06abe03b152d23bf2aa3d7bce1d&d63=44fbd06abe03b152d23bf2aa3d7bce1d&aafaid=&proto=https&uid=1669648228308-921983774696-007271-004-000203&cha=0.7&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d36=6.2.64&cb=95442224581&d39=&d65=&d66=&apppkg=&d9=1000&d37=realtime&pt=2&cmid=&cwid=&cvid=&AV_WIDTH=640&AV_HEIGHT=361&&ppid=62176a72a06fe80ba569d18f&nid=5e7b9048180bd02ded4b0937&pcid=6278fd47e6b0901a49776895&ncid=627a0e8f76eb182bd8758ee8&pasid=627a0ec5d3a48b4af3605f6c&e=request&cb=1669648228625&asid=6295fa3e088d8a77b2698777%2C63720057d528eb2645079ab5%2C6332ef0a396c5d5aa40539b5%2C6332ef55cd0fcf1ceb506cc4%2C62fcc8551f0d537b70642b47%2C62a9a29da987b3169d027596%2C62a9a257b1f7be14705f5586%2C62a9a26be8c62b7a753672a4%2C62a9a3044f8b3f11bf3a5058%2C62a9a2daf85a765d16158238&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ri=1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1
200 OK 0 B URL HTTP/2 track1.aniview.com/track?d=Firefox&cou=NO&cos=Windows&r=earnme.club&rs=earnme.club&sid=12714&t=1669648228&cip=91.90.42.154&sn=&tgt=0&osv=10&bv=105.0&brn=Firefox&wi=640&he=361&app=&AV_PUBLISHERID=62176a72a06fe80ba569d18f&test=&d64=44fbd06abe03b152d23bf2aa3d7bce1d&d63=44fbd06abe03b152d23bf2aa3d7bce1d&aafaid=&proto=https&uid=1669648228308-921983774696-007271-004-000203&cha=0.7&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d36=6.2.64&cb=95442224581&d39=&d65=&d66=&apppkg=&d9=1000&d37=realtime&pt=2&cmid=&cwid=&cvid=&AV_WIDTH=640&AV_HEIGHT=361&&ppid=62176a72a06fe80ba569d18f&nid=5e7b9048180bd02ded4b0937&pcid=6278fd47e6b0901a49776895&ncid=627a0e8f76eb182bd8758ee8&pasid=627a0ec5d3a48b4af3605f6c&e=request&cb=1669648228625&asid=6295fa3e088d8a77b2698777%2C63720057d528eb2645079ab5%2C6332ef0a396c5d5aa40539b5%2C6332ef55cd0fcf1ceb506cc4%2C62fcc8551f0d537b70642b47%2C62a9a29da987b3169d027596%2C62a9a257b1f7be14705f5586%2C62a9a26be8c62b7a753672a4%2C62a9a3044f8b3f11bf3a5058%2C62a9a2daf85a765d16158238&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ri=1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track?d=Firefox&cou=NO&cos=Windows&r=earnme.club&rs=earnme.club&sid=12714&t=1669648228&cip=91.90.42.154&sn=&tgt=0&osv=10&bv=105.0&brn=Firefox&wi=640&he=361&app=&AV_PUBLISHERID=62176a72a06fe80ba569d18f&test=&d64=44fbd06abe03b152d23bf2aa3d7bce1d&d63=44fbd06abe03b152d23bf2aa3d7bce1d&aafaid=&proto=https&uid=1669648228308-921983774696-007271-004-000203&cha=0.7&stagid=62790805abc41c4450002684&stplid=6278f4f0a7dd573d85421cad&d35=&d36=6.2.64&cb=95442224581&d39=&d65=&d66=&apppkg=&d9=1000&d37=realtime&pt=2&cmid=&cwid=&cvid=&AV_WIDTH=640&AV_HEIGHT=361&&ppid=62176a72a06fe80ba569d18f&nid=5e7b9048180bd02ded4b0937&pcid=6278fd47e6b0901a49776895&ncid=627a0e8f76eb182bd8758ee8&pasid=627a0ec5d3a48b4af3605f6c&e=request&cb=1669648228625&asid=6295fa3e088d8a77b2698777%2C63720057d528eb2645079ab5%2C6332ef0a396c5d5aa40539b5%2C6332ef55cd0fcf1ceb506cc4%2C62fcc8551f0d537b70642b47%2C62a9a29da987b3169d027596%2C62a9a257b1f7be14705f5586%2C62a9a26be8c62b7a753672a4%2C62a9a3044f8b3f11bf3a5058%2C62a9a2daf85a765d16158238&ofpr=%2C%2C%2C%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C&ri=1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C1 HTTP/1.1
Host: track1.aniview.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Cookie: aniC=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:29 GMT
content-length: 0
cache-control: max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 35494d6ab6b8121fa1717d72309ea775
8798c7560cafb9dc77b882bcb9db81b807115cbc
90d0362041bd57eda99a6c2a7c20d26d02b168af3db076457e4b261e0f2b5a6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5141
Cache-Control: max-age=168733
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:29 GMT
Etag: "6384ab6d-117"
Expires: Wed, 30 Nov 2022 14:02:42 GMT
Last-Modified: Mon, 28 Nov 2022 12:37:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=earnme.club
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=earnme.club
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=earnme.club HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 28 Nov 2022 15:10:29 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=earnme.club
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=earnme.club
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=earnme.club HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 28 Nov 2022 15:10:29 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 313 B IP
Hash 75d97500fe879daf61bf2c67d36f02ed
fd298eb14510dd7805bb297c273f53891bc35eb7
146967f865b3e264713fb722c281abf207ab603ce6623c40ea49b9a3e657246b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3555
Cache-Control: max-age=113536
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:29 GMT
Etag: "6383da02-139"
Expires: Tue, 29 Nov 2022 22:42:45 GMT
Last-Modified: Sun, 27 Nov 2022 21:43:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
flashnetic.com/r/p.html?f=fmzszjgof&e=1315978926706
200 OK 16 kB URL HTTP/2 flashnetic.com/r/p.html?f=fmzszjgof&e=1315978926706
IP
File type HTML document, ASCII text, with very long lines (37924), with CRLF, LF line terminators
Hash e258838b1b3a9ad5ab0045cb5046ef1e
ff1fb047b00de58570796ae57888530d6a2aaaf4
f633144c8efaa070a8d6265a5c4bcf49a09204102b39f6d817e8aa6962175593
GET /r/p.html?f=fmzszjgof&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dHSZTym51DUblmi2o4Z4TIDf3anq8VyATxS22ScEQ-IhAOf9h_wRZg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/id5-api.js
200 OK 17 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/id5-api.js
IP
File type ASCII text, with very long lines (58515)
Hash 198b8297cb95554ba67f60e9876a0060
b8bba98b7f3b8f22fb76159e369347cbe10d71ae
c67837e73d2d80a40272c8a4e61a779981a774dd607c832699d19e07bd33e33d
GET /api/1.0/id5-api.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:29 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: NzzDMQRIzsXNjVR7/B6e4yrrDcazBk60q2/S2QH7YxwqiaX7/iQchWRPdgPY0BswypKEPiqaJg8=
x-amz-request-id: EK159HTWSS7GNBQ8
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 3400
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 771407d999acb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-index_n-sharethrough_n-LoopMe_n-onetag_rbd_n-MediaNet_an-db5&dcc=t
200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-index_n-sharethrough_n-LoopMe_n-onetag_rbd_n-MediaNet_an-db5&dcc=t
IP
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-mediagrid_n-index_n-sharethrough_n-LoopMe_n-onetag_rbd_n-MediaNet_an-db5&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Mon, 28 Nov 2022 15:10:29 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: Y1M4F6Q7AM7VN5MJ48S6
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14761), with no line terminators
Hash a088686cda8616d9fccd54af30a04d4c
5ca19e5d7cc639949863440c85762005b41d27f6
adcf5d52aca403d1d305cac76397e46d8d9eee21a4acb5fcd63809eb69a8cdac
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Mon, 28 Nov 2022 15:10:29 GMT
server: cafe
content-length: 11143
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
200 OK 2.7 kB URL HTTP/2 66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Mon, 28 Nov 2022 15:10:29 GMT
expires: Tue, 28 Nov 2023 15:10:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
earnme.club/v20-se-from-vivo/
200 OK 16 kB URL HTTP/2 earnme.club/v20-se-from-vivo/
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash b44ccb4dd53cce5672c69672711a82a8
051fef194c92ec73e99561c1c87fa7667805cb6b
415fa793ccdff1c9834aec08d3a45f054c2672987ad47d03ae52296c561236ab
Analyzer Verdict Alert fortinet Malware
GET /v20-se-from-vivo/ HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
x-pingback: https://earnme.club/xmlrpc.php
link: <https://earnme.club/wp-json/>; rel="https://api.w.org/", <https://earnme.club/wp-json/wp/v2/posts/39>; rel="alternate"; type="application/json", <https://earnme.club/?p=39>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 28 Nov 2022 15:10:26 GMT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126568 bytes)
Hash d298ebea71faa19cd8237ddf8c37d550
628f6436cdc4db74ecda4fad134b4499f41ad4cb
f02e9221a17b677d0aa0b76876bd82931f57bf5dd1ff9aa24a1ab945838b0e64
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126568
date: Mon, 28 Nov 2022 15:10:30 GMT
expires: Mon, 28 Nov 2022 15:10:30 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bcp.crwdcntrl.net/6/map
200 OK 60 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash c6d00bf467b7bbb86e110e77af2257a3
8230491684c7abb8baf6451591e7a6f1ee75084a
c29a307f50193a54413c6d9fd02aa7c8e090b7239f0233c4a8de4504cbb6a361
POST /6/map HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 50
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:30 GMT
content-type: application/json;charset=utf-8
content-length: 60
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.16.127
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash afdcfc5f3bd741d114596300d607f4cc
e82ea5829078ad9268cdf9c576c780b1c40c3696
1c80e7d28c6303b65a17bfa822163c5af3d6d5c480ee9f2e404b23119520eeb5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 201c67a6a552c4c28506830e2646627f
1862d50fa5241921b8303f3908e18c4a24d784d4
8217272d184496642167470195991bb3ba660d266b433d8d0dff1c1fcbb7a511
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8217272D184496642167470195991BB3BA660D266B433D8D0DFF1C1FCBB7A511"
Last-Modified: Sat, 26 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7298
Expires: Mon, 28 Nov 2022 17:12:08 GMT
Date: Mon, 28 Nov 2022 15:10:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 201c67a6a552c4c28506830e2646627f
1862d50fa5241921b8303f3908e18c4a24d784d4
8217272d184496642167470195991bb3ba660d266b433d8d0dff1c1fcbb7a511
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8217272D184496642167470195991BB3BA660D266B433D8D0DFF1C1FCBB7A511"
Last-Modified: Sat, 26 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7298
Expires: Mon, 28 Nov 2022 17:12:08 GMT
Date: Mon, 28 Nov 2022 15:10:30 GMT
Connection: keep-alive
tpc.googlesyndication.com/sodar/sodar2.js
200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Mon, 28 Nov 2022 15:10:30 GMT
expires: Mon, 28 Nov 2022 15:10:30 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lbs.eu-1-id5-sync.com/lbs/v1
200 OK 34 B URL HTTP/1.1 lbs.eu-1-id5-sync.com/lbs/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 79a679f0eed51667b88f920f30e08ae4
988d6a03470446cbc9d033eeceb830a250b31005
bb60510be0f828229e370cac9faafe1bee10167a7c87fa29be895d48d165d455
GET /lbs/v1 HTTP/1.1
Host: lbs.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Mon, 28 Nov 2022 15:10:30 GMT
access-control-allow-origin: https://earnme.club
vary: Origin
content-type: application/json
content-length: 34
strict-transport-security: max-age=63072000; includeSubDomains; preload
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 2bef80ca8fe6116cb10c492c1c3c9926
2cb544a2a50b7440b29fb6fed5f2ceff8b957f9c
d5f91705bedfa0c9c4e1d08ac1b779bde47d936420fec7b2d1ab0053249b1809
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://earnme.club
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 28 Nov 2022 15:10:29 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.r2m02.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP
Hash 9bb91b85d03470ad438d6e59babb2e2b
867b78e79e0ebec4aedc779e9557794eff829491
6ddd90e7c2303e16dae9f47ee67a9a95ae63abe0e377a4d543b10aa049b89bae
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=119767
Date: Mon, 28 Nov 2022 15:10:30 GMT
Etag: "6383f8e6-1d7"
Expires: Wed, 30 Nov 2022 00:26:37 GMT
Last-Modified: Sun, 27 Nov 2022 23:55:18 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ATXquiIy7Vplehl9Gz1DZfp-7BZt86rKYROTborwTi-TfmpNURpd4w==
Age: 1879
ocsp.r2m02.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP
Hash 9bb91b85d03470ad438d6e59babb2e2b
867b78e79e0ebec4aedc779e9557794eff829491
6ddd90e7c2303e16dae9f47ee67a9a95ae63abe0e377a4d543b10aa049b89bae
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120289
Date: Mon, 28 Nov 2022 15:10:30 GMT
Etag: "6383f8e6-1d7"
Expires: Wed, 30 Nov 2022 00:35:19 GMT
Last-Modified: Sun, 27 Nov 2022 23:55:18 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pa2LrgLeW9-O4I5zz9bn1Nqq0Jglhbbr6GgZQKy5Yw0sJpv9wJiqow==
Age: 2401
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14813), with no line terminators
Hash e1589b16e22835228c384856e9f66682
fdf5eaff1f962c7227f6b83072407f4500fdbe1b
96182551a9113ddc50a95ad568d8b069bc61fb01075646df2d15c0a452bfebac
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Mon, 28 Nov 2022 15:10:31 GMT
server: cafe
content-length: 11181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14781), with no line terminators
Hash b64e64454a35ac48edf477240161c12a
6532788be56734d24c126583922d86cf9eb768d9
2967c9a3e06b4cc96be8b8ab8f0f5442ab8e83606b8408c53e9f2fd7d6344789
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Mon, 28 Nov 2022 15:10:31 GMT
server: cafe
content-length: 11161
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14942), with no line terminators
Hash 8ac94a2f4cdbfca8c1221529b374392d
ac6d098612d50d8be33f6e7c893e775a6404d21c
188ac284691205ff4dd486fbf7c9e8d1170998c2da3eb56c630c76f112b0b805
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Mon, 28 Nov 2022 15:10:31 GMT
server: cafe
content-length: 11278
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
IP
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 190bcb4c44fd9e0e93baa80c9b2535b8
97bda56ddc8d6a00d19e1747d63325051f3fd144
b7677f820f06329e357561f570729fe4110af4ac5fb741b97567e20a0f533301
GET /rtv/012211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61592
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:08:54 GMT
expires: Tue, 21 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 594097
etag: "a2fca7132416d151"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
IP
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/012211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:08:54 GMT
expires: Tue, 21 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 594097
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
200 OK 29 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
IP
File type ASCII text, with very long lines (65534)
Hash c88b4e73b12307e42222d337bdd646a2
621233bf4e777b2d44b1bc143187111aca2fe718
ef6935537cd5a603b79bc98d4274b70ee5608955792523fc58e818c8ddbb7b48
GET /rtv/012211060024000/v0/amp-analytics-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 28809
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:08:54 GMT
expires: Tue, 21 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 594097
etag: "dd6615029de85e23"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
IP
File type ASCII text, with very long lines (5046)
Hash 669c8592ef8f63e7404e45dd6ca56b71
3f6753966361bb86594193009c9097612c361064
d174ae2c0722ab8d4bf736f0200dc5b15d288f9500a706bb161b64f5a3b74f01
GET /rtv/012211060024000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1913
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:08:54 GMT
expires: Tue, 21 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 594097
etag: "403438c4d550ee88"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
IP
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/012211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:08:54 GMT
expires: Tue, 21 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
age: 594097
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
200 OK 38 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP
Hash 47f586d5b92afa5435b7bcabb06519d3
8c738d01f43caef9058f9150ea522883f6fc59e4
848471ef2334222fb1eac2372b637a00d970d0f4b4d618e48c1b29c0957a5cd6
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:10:31 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Tue, 29 Nov 2022 15:10:31 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e8864674933b39029cfebb5295cec568
ab88f2142fc26d5dfa91e95f500264553fe3176e
915cf81e0a18f50aeeb5ab12a791be52b604f8c56d3fcd7745a7e13dc54f8a84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.criteo.net/js/ld/publishertag.ids.js
200 OK 13 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.ids.js
IP
Hash 93ef5152af51aa1f432bcdbd1e4d3fad
250458a6aa6f5629b2326f590fe0e9a854c1552c
0a56c49c09d13ef8b9e0b266a3ee03c4e8c7aa3b8444f399be0cf46c94d8f04a
GET /js/ld/publishertag.ids.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:10:31 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-9c1f"
expires: Tue, 29 Nov 2022 15:10:31 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash e840624f40842476180a4fec36ea9c8b
6615a2f22951336b2bd603a470347a753d13c642
08ee47ed94eee5de9a4f02948b48da60931f4f46e190af2af1bda623f0c04cea
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145165
Date: Mon, 28 Nov 2022 15:10:31 GMT
Etag: "63845f91-1d7"
Expires: Wed, 30 Nov 2022 07:29:56 GMT
Last-Modified: Mon, 28 Nov 2022 07:13:21 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: m4is2OkRPtZOS4BKjBhkk5zyYlJsBPuRrPWXwy497SJ8Ix7_BAaVFg==
Age: 995
tags.crwdcntrl.net/lt/c/16589/sync.min.js
200 OK 9.9 kB URL HTTP/2 tags.crwdcntrl.net/lt/c/16589/sync.min.js
IP
Hash de45a9ccacd03f66a288ab653061403a
d44d5589f44a97778da5596bb29df89bbcbf9b3e
bcd3c1093dd92fb25394e513c930a499de56c0f571a2483173d5d8899595af1d
GET /lt/c/16589/sync.min.js HTTP/1.1
Host: tags.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
last-modified: Mon, 21 Nov 2022 18:55:41 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 19:00:23 GMT
cache-control: max-age: 86400
etag: W/"2c5f4a319c3d99310927955777b5abe3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fJYcyxD8R-AlaibJdLHO3L9JfYrhynkRL685BPyIa53Hi4o-aHFHvg==
age: 72609
X-Firefox-Spdy: h2
prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
200 OK 3.2 kB URL HTTP/2 prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
IP
Hash d1a02770e379ef47f6201c91088cd6d4
a55a36d29020f7de52c9830b64c8c7a838cd175b
76424452f8e1eb0bc7fb20f6d7fa0dcaea480d7152a74756c01e816a663c3aa1
GET /static/js/uid2-sdk-0.0.1b.js HTTP/1.1
Host: prod.uidapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:31 GMT
content-type: application/javascript
content-length: 3211
accept-ranges: bytes
cache-control: public, max-age=86400
last-modified: Mon, 31 Oct 2022 06:06:26 GMT
vary: accept-encoding
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 81974c1aaced948ebde887425659ab2a
ad3071bbd9b916f19a8b0e57276bba746b003598
f9529d25835d58c310d46024bfabd3b1d181ba7aa55a8b41a3cfc143e0943802
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=167138
Date: Mon, 28 Nov 2022 15:10:31 GMT
Etag: "6384b257-1d7"
Expires: Wed, 30 Nov 2022 13:36:09 GMT
Last-Modified: Mon, 28 Nov 2022 13:06:31 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YQtN-J6LJIdiyHBSMmvS-zZ5lWahumfkVNcCWlOX7fHDovr5ojXzsA==
Age: 1778
cdn.id5-sync.com/api/1.0/esp.js
200 OK 20 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP
Hash bf0e6b6dc3d70689b6e70c6134202055
cda52137366fcd40948206d41bfff641a089803a
d892f9280f4955bc35879cd713af13d14f02085e81d41b66fd92b32fb9ad373f
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:31 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: aYvx1CvZoW+jC0SWV8GDk58b+1v6FtaZO2lvKc6PNlRdteqgFNQlnkyjvJj+sWDx4Mlyoy6w6aw=
x-amz-request-id: 6QPMVSX1631H1C3W
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"91dadf6b1eddd8d91a5cc2e3be5ea8cf"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1935
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 771407e64c3eb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=bmrmryxsgk&e=1315978926706
200 OK 3.1 kB URL HTTP/2 flashnetic.com/r/p.html?f=bmrmryxsgk&e=1315978926706
IP
Hash 1ec4d0c2ca3f9bcb28349d8566ddd057
a2011739efc0bbc48045425da2941152e88a79a5
4a1c0154ab92d4a62b7a975213a82bfacf55b9e36c78e9a19172686be1bf0cab
GET /r/p.html?f=bmrmryxsgk&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qpa2iNHVt8AjK0BLg3rumC5ZFoMSgF9fn7iXx62B-us6VZwwnyfcyQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/pwt/157742/7600/
403 Forbidden 199 B URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/157742/7600/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bb8f534fbff5ee61a95af9c4740ae043
832e403d42aac1fec93e4f602338544d3fd2e4f1
5b13fb5957b84ef7bb9d0b6cd509c947ff6a37d67efdac2b896ddd3b908aad10
GET /AdServer/js/pwt/157742/7600/ HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
server: Apache
content-length: 199
content-type: text/html; charset=iso-8859-1
date: Mon, 28 Nov 2022 15:10:31 GMT
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP
File type ASCII text, with very long lines (1493)
Hash 0dece4b354fc41d0430994be26247a47
1063c9471665bb53cc9a4e89c4cf0f1e9f695f8d
71a1c1d814cc6c713b3513212be779f944e9b4002e1fb89ac36e438a1a04e4a0
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 13109
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 14:43:07 GMT
expires: Mon, 28 Nov 2022 15:43:07 GMT
cache-control: public, max-age=3600
age: 1645
last-modified: Mon, 31 Oct 2022 17:24:37 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 501bfe4c6064e8a8b4189df745148345
dcbbb8566f1b507359b6d9b4c02c7ee9869ca7d9
3a9a963b9333e5c0b0301e09c86ccb48c6540ceebb35eaee60f652c2b4532e5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A9A963B9333E5C0B0301E09C86CCB48C6540CEEBB35EAEE60F652C2B4532E5F"
Last-Modified: Sun, 27 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9904
Expires: Mon, 28 Nov 2022 17:55:36 GMT
Date: Mon, 28 Nov 2022 15:10:32 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&gdpr=0&gdpr_consent=
204 No Content 0 B URL HTTP/2 csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&gdpr=0&gdpr_consent= HTTP/1.1
Host: csync.loopme.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:32 GMT
server: _
X-Firefox-Spdy: h2
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Mon, 28 Nov 2022 15:10:32 GMT
expires: Mon, 28 Nov 2022 15:10:32 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 6496a820d07707e5da02d99905894e58
ca128a729e4e0bfcd68eb936f7e6b2307a46409e
f0a0d599de5c8203e29b9b10f386821b82024bd8ec6171763c0a8cc60962c616
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6001
Cache-Control: max-age=158762
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Etag: "63848121-1d7"
Expires: Wed, 30 Nov 2022 11:16:34 GMT
Last-Modified: Mon, 28 Nov 2022 09:36:33 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=
302 Found 0 B URL HTTP/1.1 gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent= HTTP/1.1
Host: gu.dyntrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Mon, 28 Nov 2022 15:10:32 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
keep-alive: timeout=10
p3p: CP="NOI DEV OUR BUS UNI"
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin
set-cookie: dyn_u=03030002_6384cf68ac50b; expires=Tue, 28-Nov-2023 15:10:32 GMT; Max-Age=31536000; path=/; domain=.dyntrk.com; secure; SameSite=None
location: https://gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_6384cf68ac50b&knw=
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent=
302 Found 0 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent=
IP
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redir/?issi=1&partnerid=76&partneruserid=GOOGLE_HOSTED_SI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
date: Mon, 28 Nov 2022 15:10:32 GMT
cache-control: no-cache,no-store
location: https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjA1NjE2NjM5MTg1Nzg5MzA3Nw==&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=6056166391857893077; expires=Thu, 28 Dec 2023 15:10:32 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 28 Dec 2023 15:10:32 GMT; domain=smartadserver.com; path=/
csync=76:GOOGLE_HOSTED_SI; expires=Tue, 28 Nov 2023 15:10:32 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ocsp.sectigo.com/
200 OK 472 B IP
Hash 5ade3f6253ddd36efdf411c49a07f1a1
1865c05ee18e00d9b28be02ab3f100c0b440d60c
57663306331e87e2ba69601870e86e6df5a9327916f741a5803610bca3273756
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 02:08:00 GMT
Expires: Mon, 05 Dec 2022 02:07:59 GMT
Etag: "1865c05ee18e00d9b28be02ab3f100c0b440d60c"
Cache-Control: max-age=557246,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771407ee7ec8b518-OSL
image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=
302 Found 0 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent= HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
location: /AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=&rdf=1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Mon, 28 Nov 2022 15:10:32 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash d03163fd725cbe021f42b6ace1c58037
66fcf4f98c559fb8954bc92fe91fae89a8d3434f
f9f576c4bf392dc5463a32684a07bf0ea749f5c96d550f9b0d61ac6ce169e575
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 28 Nov 2022 15:10:32 GMT
date: Mon, 28 Nov 2022 15:10:32 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-qUg_hXp_h1qLzC_qc99Erw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=
302 Found 0 B URL HTTP/2 sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent= HTTP/1.1
Host: sync.tidaltv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 15:10:32 GMT
content-length: 0
location: https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
set-cookie: tidal_ttid=b2d660f7-1d72-43a2-86fa-b43143c932bc; Domain=.tidaltv.com; Expires=Tue, 28-Nov-2023 15:10:32 GMT; Path=/; SameSite=None; Secure
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c6d3425a7b192b01c20d152c62984327
3517d42d069e1ce65423200729fb462a39ed26fb
1449f393499755aa73b3dbe90b9f645a2888e6f086707be0fd7331d11437a4e5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=102531
Date: Mon, 28 Nov 2022 15:10:32 GMT
Etag: "6383a73d-1d7"
Expires: Tue, 29 Nov 2022 19:39:23 GMT
Last-Modified: Sun, 27 Nov 2022 18:06:53 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: p1B9P2Sv3Jcg8nAV-90vEci5rcXHb6Z_HuaF2m4rz_hEe-CS9vb1-A==
Age: 5550
a.ad.gt/api/v1/u/matches/405?_it=amazon
200 OK 3.7 kB URL HTTP/2 a.ad.gt/api/v1/u/matches/405?_it=amazon
IP
Hash 7c6491cf70881f3dfad94f736b9c4762
fc5acffb9eaf4de4840a7a38f3ccd82740506eb2
01a56cada24b6738740e6604a9f240f540987b65b6b60c41598593c515d98d60
GET /api/v1/u/matches/405?_it=amazon HTTP/1.1
Host: a.ad.gt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: application/javascript
server: nginx/1.20.0
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
id5-sync.com/api/esp/increment?counter=no-config
204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 15:10:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 39964c8d7282513e839df68c89fc2ab2
0150ce500b281f01e2c7c6ccaa90b34b5128b22d
15b6e7777cb8cef82e67504a51f7f84930e103a5be3f8f9b288900eb98c9aa45
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165222
Date: Mon, 28 Nov 2022 15:10:33 GMT
Etag: "63849be4-1d7"
Expires: Wed, 30 Nov 2022 13:04:15 GMT
Last-Modified: Mon, 28 Nov 2022 11:30:44 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FIbwRkwXobMMZ4hEDSGrSOcicwGcZ-LdrHUzEAeyQxUEh4nZuzah1Q==
Age: 5611
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash feee25c039c7cb8e0b092d6a7ae4fb27
06607edcd7254a7ab98f890574c241c59b35800a
075fe55348e990e184ff1ec3f87d2ad5e901bc62a4d57ae4ee82ff4e9843c3f4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134196
Date: Mon, 28 Nov 2022 15:10:33 GMT
Etag: "638425cb-1d7"
Expires: Wed, 30 Nov 2022 04:27:09 GMT
Last-Modified: Mon, 28 Nov 2022 03:06:51 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: udVE36GAOqLnnfhaWxb1MFjRyBMfruqYaWdOtBeVV8jhQiZQai4LIA==
Age: 4818
match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/sas?gdpr=0&gdpr_consent= HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Mon, 28 Nov 2022 15:10:33 GMT
location: https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Mon, 28 Nov 2022 15:20:33 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash f2fc48e2c47c481ce2307207e472e9fb
adc216d1410de3784479a17245d6dec49d5da482
9ec388f1788793b21eda11afd7aad3fb9dc9436916c3f8140e92ae26d98bcf22
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:11:53 GMT
Expires: Sat, 03 Dec 2022 15:11:52 GMT
Etag: "adc216d1410de3784479a17245d6dec49d5da482"
Cache-Control: max-age=431478,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771407f1bb4db518-OSL
a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
302 0 B URL HTTP/1.1 a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP/1.1
Host: a.audrte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Date: Mon, 28 Nov 2022 15:10:33 GMT
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=c83Esk9F6ZcQ9qgIujFjJLFyA&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991648
Server: nginx/1.18.0
Set-Cookie: arcki2=c83Esk9F6ZcQ9qgIujFjJLFyA!20220908!1669648233419!ip#91.90.42.154; Max-Age=1296000; Expires=Tue, 13-Dec-2022 15:10:33 GMT; Domain=audrte.com; Path=/; Secure; HttpOnly; SameSite=none; Secure
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Length: 0
Connection: keep-alive
visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=
307 Temporary Redirect 0 B URL HTTP/2 visitor.omnitagjs.com/visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent=
IP
ASN #200271 Iguane Solutions SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /visitor/bsync?uid=627080440e659fbe0f85333c665ae1de&name=SMARTADSERVER&url=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D117%26partneruserid%3DPARTNER_USER_ID%26gdpr%3DGDPR%26gdpr_consent%3DGDPR_CONSENT&gdpr=0&gdpr_consent= HTTP/1.1
Host: visitor.omnitagjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
expires: 0
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=117&partneruserid=11a839affec67a88a6b2ebcf9f5d25cf&gdpr=0&gdpr_consent=0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=11a839affec67a88a6b2ebcf9f5d25cf; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 15:10:33 GMT
content-length: 0
x-envoy-upstream-service-time: 5
server: ayl-lb-fra02
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=earnme.club
200 OK 5.6 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=earnme.club
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash fc789095ba804a59fe8744c978a3ccfa
2dea7253a9c9145eee425a20387a9996a803ddaf
516a96a8934635540e858db82494120aa20e65fc382ed8536679d7c7f83dca6b
GET /syncframe?origin=publishertag&topUrl=earnme.club HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:30 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=6e239169-550d-4dd4-87f6-a69a19066d53; expires=Sat, 23 Dec 2023 15:10:30 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 764759
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://earnme.club
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 15:21:36 GMT
expires: Thu, 23 Nov 2023 15:21:36 GMT
cache-control: public, max-age=31536000
age: 431337
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 489
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=17542112975&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=17542112975&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=17542112975&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 478
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://flashnetic.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228837&tk_flint=pbjs_lite_v7.19.0&x_source.tid=0fab458e-5303-4159-bb2f-62b942bde760&l_pb_bid_id=103589dece5caf2&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03524599765731373
200 OK 334 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228837&tk_flint=pbjs_lite_v7.19.0&x_source.tid=0fab458e-5303-4159-bb2f-62b942bde760&l_pb_bid_id=103589dece5caf2&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03524599765731373
IP
File type JSON data\012- , ASCII text, with very long lines (334), with no line terminators
Hash 5636d16b8966fc24c832d2c5af569aa2
0e9a9f22dc1e2a23deb7c7c75b0aa90553c8eb49
a158daebbd4d59de55692f59360c04a24f66ca744fa7e1b701c03d35b75bc621
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228837&tk_flint=pbjs_lite_v7.19.0&x_source.tid=0fab458e-5303-4159-bb2f-62b942bde760&l_pb_bid_id=103589dece5caf2&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03524599765731373 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG67Q-20-K3XO; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:33 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqwNP+Fn5bZzO9DtVM30fCgX9j0V4idhPvMtL87EdNM/3vs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:33 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 334
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 450 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (759), with no line terminators
Hash ec1a8fae6e5e1cac2181ef0a59c16359
c80795f0d61a3391b6b991a179a6c263cda7b277
2045bfe05e6e7e4ada066df6ea2c9ca727b5826e511b3cbbac00cc6d14bc2b92
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 352
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
vs=555020=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
pid=1104104099258388009; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450335983593&o=1; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
200 OK 440 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (780), with no line terminators
Hash b2c9106128d9f590bc65c12d644d817b
68e0e930113b50ab36e804fe583149d89b9448a4
33826db3afff41539799aa46f4f56c010817b771850f8755bda8de4b1c76f2d7
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 352
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
pid=5207895447361375852; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450335981133&o=1; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_6384cf68ac50b&knw=
302 Found 0 B URL HTTP/1.1 gu.dyntrk.com/adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_6384cf68ac50b&knw=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /adx/sma/us.php?dynk=sma4rt4bt4fg&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D69%26partneruserid%3DPARTNER_USER_ID%26gdpr%3D$GDPR%26gdpr_consent%3D$GDPR_CONSENT&gdpr=0&gdpr_consent=&prevuid=03030002_6384cf68ac50b&knw= HTTP/1.1
Host: gu.dyntrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
keep-alive: timeout=10
p3p: CP="NOI DEV OUR BUS UNI"
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin
set-cookie: dyn_u=03030002_6384cf69b527e; expires=Tue, 28-Nov-2023 15:10:33 GMT; Max-Age=31536000; path=/; domain=.dyntrk.com; secure; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=03030002_6384cf69b527e&gdpr=0&gdpr_consent=
ocsp.digicert.com/
200 OK 278 B IP
Hash 7a67e17f94f184900b9016b59e931f75
6a6eca6dacdeef0abb874d619377a05dd01a3908
988a23ed1d08a1b37a967abd20e1f269f0c1d3df44c66e9945a398ca2720c588
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6308
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:33 GMT
Last-Modified: Mon, 28 Nov 2022 13:25:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=&rdf=1
200 OK 0 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=&rdf=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AdServer/UCookieSetPug?&rd=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D91%26partneruserid%3D%23PM_USER_ID%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT&gdpr=0&gdpr_consent=&rdf=1 HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 28 Nov 2022 15:10:32 GMT
content-length: 0
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash c73005acc1bdbf736d7d978935572144
3b38c158acd6f589c2ceecccbe878afc8796a4fe
5e63991da2ed397fbde5c083ccae63fea281d62de79c34a6d1cc5af4919cb31b
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 644
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: cbfe37ae-8d56-44d7-a077-bf564a98bb9f
Set-Cookie: icu=ChkIv46FARAKGAEgASgBMOmek5wGOAFAAUgBEOmek5wGGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:33 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=738002629068939571; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:33 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjA1NjE2NjM5MTg1Nzg5MzA3Nw==&gdpr=0&gdpr_consent=
302 Found 372 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjA1NjE2NjM5MTg1Nzg5MzA3Nw==&gdpr=0&gdpr_consent=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 2bf9abd80ef0cfd1bd566d585b18ddd4
a431d1e9605300e63a5742d433aea95632688f58
f62e99e57e188038199f53afb6167ce591094612ecbf300334d74d81f510005b
GET /pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjA1NjE2NjM5MTg1Nzg5MzA3Nw==&gdpr=0&gdpr_consent= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm=&google_sc=&google_hm=NjA1NjE2NjM5MTg1Nzg5MzA3Nw==&gdpr=0&gdpr_consent=&google_tc=
date: Mon, 28 Nov 2022 15:10:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 372
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 15:25:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash dc23823a1e45a7b0bfc22fd125a5c8c7
8df180d1a9c03674685a96abd1e62ea94a9bfbb5
40e9f8c728a215620afe56527716947a53de277ac3a0918770c9677742721f00
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 645
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: 22093b59-dc3e-4683-8c86-9615c20a50b1
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 490
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
200 OK 86 B URL HTTP/2 sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3fdb99de51ecfb4e335dfec0c8a822d8
41c87e6689854769b452fd6493f6c82e118ddce7
9b220937c1c14fd5bb2c6d8e17ef32e8c71f9e637fdd74958724935061c5dcee
GET /genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1 HTTP/1.1
Host: sync.tidaltv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: image/gif
set-cookie: tidal_ttid=276f3828-a356-4b9c-b6d4-de0365337329; Domain=.tidaltv.com; Expires=Tue, 28-Nov-2023 15:10:33 GMT; Path=/; SameSite=None; Secure
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228848&tk_flint=pbjs_lite_v7.19.0&x_source.tid=ffb36c0b-8dc9-4a76-8525-401e3f23a7c8&l_pb_bid_id=8dbb6c481fbd46&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6717608752797938
200 OK 334 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228848&tk_flint=pbjs_lite_v7.19.0&x_source.tid=ffb36c0b-8dc9-4a76-8525-401e3f23a7c8&l_pb_bid_id=8dbb6c481fbd46&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6717608752797938
IP
File type JSON data\012- , ASCII text, with very long lines (334), with no line terminators
Hash 63da074d40e4015f6cfb056c3cc69089
bd7cc87a294a9e3c649cab1dbec3be71414ed1f6
fc8575dac377e59d17db69ee13e6a472cb9ac9f49d758edbbd33a6d1e5b2c7ae
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228848&tk_flint=pbjs_lite_v7.19.0&x_source.tid=ffb36c0b-8dc9-4a76-8525-401e3f23a7c8&l_pb_bid_id=8dbb6c481fbd46&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6717608752797938 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG6DB-1C-GORF; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:33 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qo9ODRAH1ca2u9DtVM30fCgX9j0V4idhPvMtL87EdNM/3vs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:33 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 334
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
200 OK 9.4 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
IP
File type ASCII text, with very long lines (1596)
Hash 6b277303de172776fc303dfc195982ef
fe6c6af5791742485ae21c4dc02edbee2b426886
c536ada7aa8f4679e0e4f0b99703aab79f6fe32659d777f9c01a7785aa06a36d
GET /pagead/js/r20221110/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9428
x-xss-protection: 0
date: Mon, 28 Nov 2022 11:47:06 GMT
expires: Mon, 12 Dec 2022 11:47:06 GMT
cache-control: public, max-age=1209600
age: 12207
etag: 246362764157784863
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
p.ad.gt/api/v1/p/405
200 OK 13 kB IP
Hash 291e7dfa27b7d1383822f433aedf5087
a7470fe6dda4ac790fd6add457835ba01a397a5b
fa1914beea9144c4aa9be71364920142ecaa1b818e29d50c32cc2d096a136ade
GET /api/v1/p/405 HTTP/1.1
Host: p.ad.gt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 19:36:28 GMT
cache-control: public, max-age=43200
expires: Tue, 29 Nov 2022 03:09:48 GMT
etag: W/"1669404988.0-40677-3373272138"
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 45
vary: Accept-Encoding
server: cloudflare
cf-ray: 771407f51ca1b511-OSL
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 517 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (956), with no line terminators
Hash 00020d9f5883f777f2d8de24b52f3b47
fa7737d28e5eced7b7edd5e6ea4270a50a50eaa1
5de6620f978be000acd9494446958219a224790db580075838d5ff66dfd6f49e
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
pid=2705607626235399713; expires=Tue, 28 Nov 2023 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450338075594&o=1; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:33 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ocsp.digicert.com/
200 OK 314 B IP
Hash 9f018ceccb2163a7089025014a17bf7d
d64256bd91f2d7c1a4f75ba360a0b03154ce1884
8fe7a3e1acbf4b648ba43e1dca8bb8b23cbf570e62598e5c0db1508d9b7f10e3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1706
Cache-Control: max-age=97269
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:33 GMT
Etag: "6383a1b4-13a"
Expires: Tue, 29 Nov 2022 18:11:42 GMT
Last-Modified: Sun, 27 Nov 2022 17:43:16 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
googleads.g.doubleclick.net/xbbe/pixel?d=CLOiexDrmJYCGKvXltoBMAE&v=APEucNUMlfVo09mYERNuPNSeQnsTGyRScJSHr-uzhdV4kgj6g2HflpYfvAXOSG6BeolJ4a0YysGq8G7DJ_LK8wK8cWxW1hX9lg
200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CLOiexDrmJYCGKvXltoBMAE&v=APEucNUMlfVo09mYERNuPNSeQnsTGyRScJSHr-uzhdV4kgj6g2HflpYfvAXOSG6BeolJ4a0YysGq8G7DJ_LK8wK8cWxW1hX9lg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CLOiexDrmJYCGKvXltoBMAE&v=APEucNUMlfVo09mYERNuPNSeQnsTGyRScJSHr-uzhdV4kgj6g2HflpYfvAXOSG6BeolJ4a0YysGq8G7DJ_LK8wK8cWxW1hX9lg HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 15:10:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 15:25:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: private
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CLOiexDrmJYCGPPiltoBMAE&v=APEucNVtxR4ZPG9eNWbLQj7QjffGpegJGPVb69ur4Kk_RiuNDWtA-SBRtq4jhJ0M1BVcqqsSFAEJ3WI2kT6PoOKgNUekLqzJeA
200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CLOiexDrmJYCGPPiltoBMAE&v=APEucNVtxR4ZPG9eNWbLQj7QjffGpegJGPVb69ur4Kk_RiuNDWtA-SBRtq4jhJ0M1BVcqqsSFAEJ3WI2kT6PoOKgNUekLqzJeA
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CLOiexDrmJYCGPPiltoBMAE&v=APEucNVtxR4ZPG9eNWbLQj7QjffGpegJGPVb69ur4Kk_RiuNDWtA-SBRtq4jhJ0M1BVcqqsSFAEJ3WI2kT6PoOKgNUekLqzJeA HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 15:10:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 15:25:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: private
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:32 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=gQzL7V80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRkczQ0RsQnhPeUR1R25GUlc5N2clMkZvU01kOTBaU1lJcldWM3lBQTR2alFZ; expires=Sat, 23 Dec 2023 15:10:33 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 226356
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP
File type ASCII text, with very long lines (3502)
Hash 297e24828abaf97fb29460fd75369140
e9e02d737f1bcf9874a55562edff5f795a1c170c
cdbe4e689ca060e94f00f0aa4c45a89efacddac90df42929ff42a3bff44a9d3e
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 48265
date: Mon, 28 Nov 2022 15:10:33 GMT
expires: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: private, max-age=3000
etag: "1668095300071091"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=AU1D-0100-001669648233-QF224L0L-L8SQ
303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=AU1D-0100-001669648233-QF224L0L-L8SQ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/audigent?buyer_user_id=AU1D-0100-001669648233-QF224L0L-L8SQ HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Mon, 28 Nov 2022 15:10:34 GMT
location: https://match.prod.bidr.io/cookie-sync/audigent?buyer_user_id=AU1D-0100-001669648233-QF224L0L-L8SQ&_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Mon, 28 Nov 2022 15:20:34 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=93912075531&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=93912075531&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=93912075531&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 478
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://flashnetic.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 04a1e174fccea9e65be21b0c9746de94
a62527b64c568170053ef10f12f479c61848a6a8
b14de7ab62003f342cb84b98caa3bd291bf24d9cefdad1571edfd94aa0a483da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3100
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:34 GMT
Last-Modified: Mon, 28 Nov 2022 14:18:54 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 491
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
303 See Other 0 B URL HTTP/1.1 match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Mon, 28 Nov 2022 15:10:34 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=&gdpr=0
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 2d7cba4d925d58721c20c931f3ffeead
6b4ad0b240c71354c5e1bcd0afd236dab7c91a74
2f39b9cc9a8e4e88b3ed97dc85e686e84be25cbe22c644680da1f4d14d7ce0a4
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 02 Dec 2022 13:10:50 GMT
ETag: "6b4ad0b240c71354c5e1bcd0afd236dab7c91a74"
Last-Modified: Mon, 28 Nov 2022 13:10:51 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 110
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771407f75ff9fab4-OSL
dpm.demdex.net/ibs:dpid=348447&dpuuid=AU1D-0100-001669648233-QF224L0L-L8SQ&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=348447&dpuuid=AU1D-0100-001669648233-QF224L0L-L8SQ&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=348447&dpuuid=AU1D-0100-001669648233-QF224L0L-L8SQ&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0030c669c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=348447&dpuuid=AU1D-0100-001669648233-QF224L0L-L8SQ&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fadb_match%3Fadb%3D%24%7BDD_UUID%7D%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=47613311430379608432844297442791547407; Max-Age=15552000; Expires=Sat, 27 May 2023 15:10:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: WSteN0lgSuI=
Content-Length: 0
Connection: keep-alive
secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&adnxs_id=$UID&gdpr=0
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&adnxs_id=$UID&gdpr=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&adnxs_id=$UID&gdpr=0 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26adnxs_id%3D%24UID%26gdpr%3D0
AN-X-Request-Uuid: a2b02d8b-9423-47b2-a2db-12af605e5591
Set-Cookie: uuid2=8799941581203379010; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:34 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26sas_uid%3D%5bsas_uid%5d&gdpr=0
302 Found 0 B URL HTTP/1.1 sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26sas_uid%3D%5bsas_uid%5d&gdpr=0
IP
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26sas_uid%3D%5bsas_uid%5d&gdpr=0 HTTP/1.1
Host: sync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
date: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: no-cache,no-store
location: https://sync.smartadserver.com:443/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&sas_uid=[sas_uid]&gdpr=0&cklb=1
pragma: no-cache
set-cookie: TestIfCookie=ok; expires=Mon, 01 Jan 0001 00:00:00 GMT; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
pbw=%24b%3d12100%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9e65918e160cf67c348593e420da6ccb
5a8140a60bef17678dbafa8fb4396be3e8e1cab0
5d5118a1e488835de91831f51cb580637c8007161b59e18b6ea4714c3ee64363
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 28 Nov 2022 15:10:34 GMT
Last-Modified: Mon, 28 Nov 2022 13:57:33 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vC57WmW_PmXzN7ldjtTbRqHHD_UHxX2-OxaNBrVrVCDdwW6SSeQvbg==
Age: 4382
prg.smartadserver.com/prebid/v1
200 OK 510 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (951), with no line terminators
Hash 42d4155751560e67af67d207bc416b1a
33dc73a574430dff015a7f60bbaafa926813cdd7
85f7e96131f593ab79999ddc9bd9e7076a0e54097eeff0754572437f5ad99df3
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
vs=555020=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
pid=2478410955857940130; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450340980858&o=1; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001669648233-QF224L0L-L8SQ&gdpr=0
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001669648233-QF224L0L-L8SQ&gdpr=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001669648233-QF224L0L-L8SQ&gdpr=0 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 602 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1146), with no line terminators
Hash 6dfef831c47cfffc82789ae35fdfe261
7c58ff8c85bbf6ca5112fa327b498c32a273d048
72c67aa6d37755c4eb37e8176544969ec71fa448eb454b5f7ee744dbcdf75f6a
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
pid=1793432155399474935; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450341192694&o=1; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228853&tk_flint=pbjs_lite_v7.19.0&x_source.tid=12da2d82-3420-428e-a797-10da4d82eaf8&l_pb_bid_id=140e04be3e90d5f8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7516176269371357
200 OK 334 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228853&tk_flint=pbjs_lite_v7.19.0&x_source.tid=12da2d82-3420-428e-a797-10da4d82eaf8&l_pb_bid_id=140e04be3e90d5f8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7516176269371357
IP
File type JSON data\012- , ASCII text, with very long lines (334), with no line terminators
Hash d45e0761bba4e95bf51bf76b2fab1970
5ea8820028c20c6d0c4a85c2e5b73a090ce56959
0fc03dc0b9a833fe3ba9d191fe1e42917a158a560317aa50760d09b4e9c6e09e
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228853&tk_flint=pbjs_lite_v7.19.0&x_source.tid=12da2d82-3420-428e-a797-10da4d82eaf8&l_pb_bid_id=140e04be3e90d5f8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7516176269371357 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG6M6-11-L25Q; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:34 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpNkyFJK4uiIO9DtVM30fCgX9j0V4idhPsa/LJyJzGcunvs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:34 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 334
X-Firefox-Spdy: h2
ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26impr_uid%3D%7BPUB_USER_ID%7D
302 Found 0 B URL HTTP/2 ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26impr_uid%3D%7BPUB_USER_ID%7D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26impr_uid%3D%7BPUB_USER_ID%7D HTTP/1.1
Host: ad.360yield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: text/plain
content-length: 0
location: https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001669648233-QF224L0L-L8SQ%26impr_uid%3D%7BPUB_USER_ID%7D
set-cookie: tuuid=6cbde2f2-4e1d-47ca-bc30-a86b76a601db; Expires=Sun, 26 Feb 2023 15:10:34 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
tuuid_lu=1669648234; Expires=Sun, 26 Feb 2023 15:10:34 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 420a15805619ca917eb1f83652828070
f1c642966768e00d808e9673e890fedf3661c0f4
599837f37dbbe3a6e53a9a346f133c4751fe0786625eefbb1499be70f07db447
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5781
Cache-Control: max-age=95547
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:34 GMT
Etag: "63838b10-1d7"
Expires: Tue, 29 Nov 2022 17:43:01 GMT
Last-Modified: Sun, 27 Nov 2022 16:06:40 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/ut/v3/prebid
200 OK 5.4 kB URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13958), with no line terminators
Hash 9f497de75d884530db5ffd452d29be7c
44c0cd547172ba1209534d85f7df5a3a4d0b8aa2
bff4ef586839bf5fb2994971e21cb0697244117da71a002465451b10d5b0f22c
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 641
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: 9c7b9a1b-5957-49f9-bd67-6a482502f1f9
Set-Cookie: icu=ChkIv46FARAKGAEgASgBMOqek5wGOAFAAUgBEOqek5wGGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:34 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=2591256401818918292; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 26-Feb-2023 15:10:34 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Encoding: gzip
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=c83Esk9F6ZcQ9qgIujFjJLFyA&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991648
302 Found 0 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=c83Esk9F6ZcQ9qgIujFjJLFyA&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991648
IP
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redir/?issi=1&partnerid=141&partneruserid=c83Esk9F6ZcQ9qgIujFjJLFyA&gdpr=0&gdpr_consent=&redirurl=https%3A%2F%2Fa.audrte.com%2Fmatch%3Fuid%3DSMART_USER_ID%26p%3DM501991648 HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
date: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: no-cache,no-store
location: https://a.audrte.com/match?uid=4734788594795368151&p=M501991648&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=4734788594795368151; expires=Thu, 28 Dec 2023 15:10:34 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 28 Dec 2023 15:10:34 GMT; domain=smartadserver.com; path=/
csync=141:c83Esk9F6ZcQ9qgIujFjJLFyA; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=117&partneruserid=11a839affec67a88a6b2ebcf9f5d25cf&gdpr=0&gdpr_consent=0
200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=117&partneruserid=11a839affec67a88a6b2ebcf9f5d25cf&gdpr=0&gdpr_consent=0
IP
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=117&partneruserid=11a839affec67a88a6b2ebcf9f5d25cf&gdpr=0&gdpr_consent=0 HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Mon, 28 Nov 2022 15:10:33 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=535926135550725842; expires=Thu, 28 Dec 2023 15:10:34 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 28 Dec 2023 15:10:34 GMT; domain=smartadserver.com; path=/
csync=117:11a839affec67a88a6b2ebcf9f5d25cf; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ib.adnxs.com/ut/v3/prebid
200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 80d5783eb4dd4ca91363595e4031ccfe
bdc0aafa1f0e96756b8c7989e1ad365458c42b0d
1948542c08529155ccc763c07065eb063dc5603eba16058556b9957ad5af5da1
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 645
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: dd1be976-f4f6-47fe-ab9b-8d514b363911
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001669648233-QF224L0L-L8SQ
302 Found 473 B URL HTTP/2 ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001669648233-QF224L0L-L8SQ
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (363)
Hash 154e613f00c4fd05c99e1f2afb9bf4b8
c913c2cbb1508940ff96c3865dbefd754dba374a
a9a44c432b706855ae93329c3269256b0807e620cd8746e4a9fea68347eed71e
GET /api/v1/g_hosted?id=AU1D-0100-001669648233-QF224L0L-L8SQ HTTP/1.1
Host: ids.ad.gt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: text/html; charset=utf-8
content-length: 473
location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTY2OTY0ODIzMy1RRjIyNEwwTC1MOFNR
server: nginx/1.20.0
set-cookie: au_id=AU1D-0100-001669648233-QF224L0L-L8SQ; Expires=Wed, 27 Nov 2024 15:10:34 GMT; Domain=.ad.gt; Path=/; SameSite=None; Secure
g_hosted=; Expires=Wed, 27 Nov 2024 15:10:34 GMT; Domain=.ad.gt; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 489
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=50002607290&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=50002607290&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=50002607290&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 478
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://flashnetic.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228862&tk_flint=pbjs_lite_v7.19.0&x_source.tid=132604e8-5d62-4c1f-b1f4-5639a3ca4b72&l_pb_bid_id=10a0a50c75c41f88&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.46489674124770985
200 OK 334 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228862&tk_flint=pbjs_lite_v7.19.0&x_source.tid=132604e8-5d62-4c1f-b1f4-5639a3ca4b72&l_pb_bid_id=10a0a50c75c41f88&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.46489674124770985
IP
File type JSON data\012- , ASCII text, with very long lines (334), with no line terminators
Hash 67d009fcedd8a8a23290770dd14332b5
117ac85c632fe544f5b35d0d3266a9399b99b9f5
5893d81817225537cb7e2408445aedfec8973fcd53709d9bceb01fd7da299554
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228862&tk_flint=pbjs_lite_v7.19.0&x_source.tid=132604e8-5d62-4c1f-b1f4-5639a3ca4b72&l_pb_bid_id=10a0a50c75c41f88&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.46489674124770985 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG6TP-1R-44H4; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:34 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqiWsmau1iTzu9DtVM30fCgX9j0V4idhPsa/LJyJzGcunvs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:34 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 334
X-Firefox-Spdy: h2
acdn.adnxs-simple.com/strikeforce/script.js
200 OK 43 kB URL HTTP/1.1 acdn.adnxs-simple.com/strikeforce/script.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9d6541beb99d37e1dedc4fc7b7c18816
80bbd690f5cc8b33ec4af1e91ebb3b7b147ec086
087e553b576cde05587266c67ab765cd5a46a64a5df36e41637471d857a8a2e6
GET /strikeforce/script.js HTTP/1.1
Host: acdn.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 42990
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/javascript
Last-Modified: Wed, 12 Oct 2022 13:08:12 GMT
ETag: W/"6346bc3c-1e1bd"
Expires: Tue, 01 Nov 2022 05:37:33 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 28 Nov 2022 15:10:34 GMT
Age: 34005
X-Served-By: cache-lga13622-LGA, cache-bma1650-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 14, 15738
X-Timer: S1669648235.544581,VS0,VE0
Vary: Accept-Encoding
prg.smartadserver.com/prebid/v1
200 OK 557 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (893), with no line terminators
Hash 042942e13551e2c580a7dab5231b9591
043fe92b84851347bf1a8066ceaf4e36f8e34e62
69a9ad2bbf5428b52ad5a3886da9b789fab6d499b6b36fd5776c19f2593aa748
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 352
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
pid=2007418270878617194; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450343828620&o=1; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp_fy2021.js
200 OK 2.5 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp_fy2021.js
IP
File type ASCII text, with very long lines (2283)
Hash c6c0828a71374bf9ff4ae03a897c79d6
6db9b2158017e1440d30fe61142996abf8d0b42b
61a7e094442bcb96ee97448832564be295083a7b8e84bb067ceb55e44bc33f33
GET /pagead/js/r20221110/r20110914/elements/html/omrhp_fy2021.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 2477
x-xss-protection: 0
date: Mon, 28 Nov 2022 11:47:06 GMT
expires: Mon, 12 Dec 2022 11:47:06 GMT
cache-control: public, max-age=1209600
age: 12208
etag: 8436122973860808490
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 8563a4a121f4582bbf7bd030f07ab032
8661f45a6e33994ddb490c24ac57909acecae0a7
7f715f183ab55a09bd87e2ed053fa5cb74ef58dc26be01b62e9548ad4f4b6390
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 28 Nov 2022 15:10:34 GMT
Last-Modified: Mon, 28 Nov 2022 14:32:08 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3KOiKdAFyqRj4EDmoF0a2yp9TiS6m8wfsOYWZzYhxWiaOFKH10qEQw==
Age: 2306
pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DU0fYZC0S_Xx9HBaMnO9-rNK5-B9fzDPHuYs8pvRrFSjKEEQnevEpzlkQ10SrtN5bje_ix0ZqHkdrDngb4uxgQPG488RJip6SpEnMhyZ7e6s0nZMM
200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DU0fYZC0S_Xx9HBaMnO9-rNK5-B9fzDPHuYs8pvRrFSjKEEQnevEpzlkQ10SrtN5bje_ix0ZqHkdrDngb4uxgQPG488RJip6SpEnMhyZ7e6s0nZMM
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/gen_204?id=xbid&dbm_b=AKAmf-DU0fYZC0S_Xx9HBaMnO9-rNK5-B9fzDPHuYs8pvRrFSjKEEQnevEpzlkQ10SrtN5bje_ix0ZqHkdrDngb4uxgQPG488RJip6SpEnMhyZ7e6s0nZMM HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 15:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AVoBngrSsgsKrQ4XV4Ubtk2IRoDzJOEvRL3broYZXBqXSPSXnw7UWwCKYJjoZim10c-UKOBdFSMM_O4VnOHiOgXghTOUStHa7YA95fqScCcF9YZ2U
200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AVoBngrSsgsKrQ4XV4Ubtk2IRoDzJOEvRL3broYZXBqXSPSXnw7UWwCKYJjoZim10c-UKOBdFSMM_O4VnOHiOgXghTOUStHa7YA95fqScCcF9YZ2U
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/gen_204?id=xbid&dbm_b=AKAmf-AVoBngrSsgsKrQ4XV4Ubtk2IRoDzJOEvRL3broYZXBqXSPSXnw7UWwCKYJjoZim10c-UKOBdFSMM_O4VnOHiOgXghTOUStHa7YA95fqScCcF9YZ2U HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 15:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 1f5f46408bac27f96414a74d778c5370
98ebc4ad130b1888fd4a70a9409b46a43c5e16c6
da06dba3803f907cafcf41fd8bbb591aa050f9f9972f45e8f44575331dc9ba10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3564
Cache-Control: max-age=157785
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:34 GMT
Etag: "638486d7-139"
Expires: Wed, 30 Nov 2022 11:00:19 GMT
Last-Modified: Mon, 28 Nov 2022 10:00:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 313 B IP
Hash 1f5f46408bac27f96414a74d778c5370
98ebc4ad130b1888fd4a70a9409b46a43c5e16c6
da06dba3803f907cafcf41fd8bbb591aa050f9f9972f45e8f44575331dc9ba10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3562
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 15:10:34 GMT
Last-Modified: Mon, 28 Nov 2022 14:11:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
cdn.adnxs.com/v/s/230/trk.js
200 OK 28 kB URL HTTP/1.1 cdn.adnxs.com/v/s/230/trk.js
IP
File type ASCII text, with very long lines (3368)
Hash d6cca4318d24a46a3a20cc60706521af
e748a8f0c4ce7c0911b0acd9786e5729b3ab70af
c4a4dbfc96b6233179e3822d414ae12d27b8077810124f4faf502efde66c1e4f
GET /v/s/230/trk.js HTTP/1.1
Host: cdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "058fa2042959b529aeb940fcab36a18f:1668074208.514848"
Last-Modified: Thu, 10 Nov 2022 09:56:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Expires: Tue, 28 Nov 2023 15:10:34 GMT
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Length: 27458
Connection: keep-alive
Access-Control-Allow-Origin: *, *
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPd3EbHlZA1nxWZFx-DoI9aTNpW5BhGzUAnS1Qt_MdnAnoSjD0-atBDbF3zHF6qnb8vNTBptbiM2yN5V1P83n8hH6wZTrqnIhIcZYUf8vBJGlF2AqqsO4jXZKIuwimIK5XJLzCunRHPlA_URA3who4aYo04iEDoEqMDhOscN7mnReWsehS3hG6ylntB_bBsnBI0oVbU1krmRdg4N7lZnMdB-B44cuq3uXC6VoF-9H8DEKlj-8DjWPwhkZJf_zRRaNwD0iDpf9L-0XmFcLURHVlGSz3AqsQzulIvTRwuI3DGtdKWopLOSQZO_0WcWr2Vb6ZDxUEb0Dw_6VKgB3CKhSgBk3fLjofNMYs0vXHiE1ylEo1_ppCmUn44OW3Dla06rxp_i4RVmUQ0Ib83_j2QfH05Nfkc5bzYRsrAhcsY9BSU4zJp0KV451UF_PnfBUWH1zTKfM52OQzyFCKLifXY9o8_aU8SC5cLeOf3Z3aPV8hObdsongQea4sgbyz-wRH1ZS9Y17LXDZaP5LIu5o0neTV_BJ5-9rPwLiUIBb7BsTibsRZ1JYaG59333ofgQveUE56rr6SRdlv0vy4NxXywWs6cvc2j7by-cxjzb-ju1rhPmGlOquyFHs391OpyKGuE5ZvCfhg7JVeNng9TwaFzLzt-nANzJNtVyANSaWvMLbyIGsyKeLDallFdw_P6wOWaZ8udGKncD3snlYJ2JaIPrzr3j7Beg3YHII7LUjtq_AS2g2uTsf2xWDm2BwFVRNXYI9v-Hrzo6QX1oQzQJ5Bx-s2Db-4V7RLAQ5Ah0kXiwx36EG1IBOVTvxisY2NTQkEzi8y8k-ODzm-hAIaL4YBp0oZAhaAx-Vxqnoar00c-kuutJa10POERYXBBpmoVoHQCvdFUgltQ6WA2lNxDjvikQTONHsFsuZoFw8KMFyC_nwnm5wWZHB6cf-jmJE0FMdch1IUZ4V2KwimnWescQWn6M3tDzgnJ7cl15Oo6M2PBlu8Cd8g6XpbWmroNxFY9KySA3-bQyPmbGX-5QfRauCL0to6Y-2AXIs1iJy9GZdyHVyQhJGEDlULOwJ_iL17F7cY5Bxx9FrwsXnEfYwFlJHzLfoDxJcmf8KNaFos9h-BlhPxMgK-FDym7n4SLa_Kghl3AeLq4JLAF9sI1uN3SRDjlcNg2xdIJD1rLBUDLWovq83u3bk1YO4QTl0gW0_1lcm1tkhXLnGOmZ42aQ5j3gdaFUe0GFJOW07owwlUtMJr&sai=AMfl-YRAXNjj5-ZcQmRKqVuSNAZ78pPqFSq_wsfbeI-o98kOL9xBIjvR0E_PPhaTwPQVGO4b0BmAiecNPvjVzvUwgQJsN81p4zLGX8UOk0UVRZHyNpH8F17SN3GtImWl6P4jCNGQh1H2y9AFcKdivFUqouZWxeDgXy4ZHbX2OBrJvBSCJRco-8hAsi8g6vv8RJTUlONV8yKZZ0I3cWctGF9Wy92NQNsVGqjN435GKyoETW2ABmdBYnJAOqbt_GKDDLZk2JSLNF235ZWaeiulSdDSdIi8Y7iFO_jAuH5LEfp2WacNq3g_cbqHNvRd0EN6e156GM7EjYZhQDZR6YEeoJWfeiF0RDkCnMlaJfvEpEFoncUzS3_6DiKCfSEnWkdbw-VRVXiNJc4SQxwmVZgU5_Ac3JwJRoW09v0jmghkGeOmUkWHoLLy0RWmb22-HiW3aepMrcS4q9wLhNZXdYdvF4D7CuaDPPxdfOdBeTbkmQ&sig=Cg0ArKJSzBnt6mHx9UAPEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221110.37382&arae=0&ftch=1&adurl=
200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssPd3EbHlZA1nxWZFx-DoI9aTNpW5BhGzUAnS1Qt_MdnAnoSjD0-atBDbF3zHF6qnb8vNTBptbiM2yN5V1P83n8hH6wZTrqnIhIcZYUf8vBJGlF2AqqsO4jXZKIuwimIK5XJLzCunRHPlA_URA3who4aYo04iEDoEqMDhOscN7mnReWsehS3hG6ylntB_bBsnBI0oVbU1krmRdg4N7lZnMdB-B44cuq3uXC6VoF-9H8DEKlj-8DjWPwhkZJf_zRRaNwD0iDpf9L-0XmFcLURHVlGSz3AqsQzulIvTRwuI3DGtdKWopLOSQZO_0WcWr2Vb6ZDxUEb0Dw_6VKgB3CKhSgBk3fLjofNMYs0vXHiE1ylEo1_ppCmUn44OW3Dla06rxp_i4RVmUQ0Ib83_j2QfH05Nfkc5bzYRsrAhcsY9BSU4zJp0KV451UF_PnfBUWH1zTKfM52OQzyFCKLifXY9o8_aU8SC5cLeOf3Z3aPV8hObdsongQea4sgbyz-wRH1ZS9Y17LXDZaP5LIu5o0neTV_BJ5-9rPwLiUIBb7BsTibsRZ1JYaG59333ofgQveUE56rr6SRdlv0vy4NxXywWs6cvc2j7by-cxjzb-ju1rhPmGlOquyFHs391OpyKGuE5ZvCfhg7JVeNng9TwaFzLzt-nANzJNtVyANSaWvMLbyIGsyKeLDallFdw_P6wOWaZ8udGKncD3snlYJ2JaIPrzr3j7Beg3YHII7LUjtq_AS2g2uTsf2xWDm2BwFVRNXYI9v-Hrzo6QX1oQzQJ5Bx-s2Db-4V7RLAQ5Ah0kXiwx36EG1IBOVTvxisY2NTQkEzi8y8k-ODzm-hAIaL4YBp0oZAhaAx-Vxqnoar00c-kuutJa10POERYXBBpmoVoHQCvdFUgltQ6WA2lNxDjvikQTONHsFsuZoFw8KMFyC_nwnm5wWZHB6cf-jmJE0FMdch1IUZ4V2KwimnWescQWn6M3tDzgnJ7cl15Oo6M2PBlu8Cd8g6XpbWmroNxFY9KySA3-bQyPmbGX-5QfRauCL0to6Y-2AXIs1iJy9GZdyHVyQhJGEDlULOwJ_iL17F7cY5Bxx9FrwsXnEfYwFlJHzLfoDxJcmf8KNaFos9h-BlhPxMgK-FDym7n4SLa_Kghl3AeLq4JLAF9sI1uN3SRDjlcNg2xdIJD1rLBUDLWovq83u3bk1YO4QTl0gW0_1lcm1tkhXLnGOmZ42aQ5j3gdaFUe0GFJOW07owwlUtMJr&sai=AMfl-YRAXNjj5-ZcQmRKqVuSNAZ78pPqFSq_wsfbeI-o98kOL9xBIjvR0E_PPhaTwPQVGO4b0BmAiecNPvjVzvUwgQJsN81p4zLGX8UOk0UVRZHyNpH8F17SN3GtImWl6P4jCNGQh1H2y9AFcKdivFUqouZWxeDgXy4ZHbX2OBrJvBSCJRco-8hAsi8g6vv8RJTUlONV8yKZZ0I3cWctGF9Wy92NQNsVGqjN435GKyoETW2ABmdBYnJAOqbt_GKDDLZk2JSLNF235ZWaeiulSdDSdIi8Y7iFO_jAuH5LEfp2WacNq3g_cbqHNvRd0EN6e156GM7EjYZhQDZR6YEeoJWfeiF0RDkCnMlaJfvEpEFoncUzS3_6DiKCfSEnWkdbw-VRVXiNJc4SQxwmVZgU5_Ac3JwJRoW09v0jmghkGeOmUkWHoLLy0RWmb22-HiW3aepMrcS4q9wLhNZXdYdvF4D7CuaDPPxdfOdBeTbkmQ&sig=Cg0ArKJSzBnt6mHx9UAPEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221110.37382&arae=0&ftch=1&adurl=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssPd3EbHlZA1nxWZFx-DoI9aTNpW5BhGzUAnS1Qt_MdnAnoSjD0-atBDbF3zHF6qnb8vNTBptbiM2yN5V1P83n8hH6wZTrqnIhIcZYUf8vBJGlF2AqqsO4jXZKIuwimIK5XJLzCunRHPlA_URA3who4aYo04iEDoEqMDhOscN7mnReWsehS3hG6ylntB_bBsnBI0oVbU1krmRdg4N7lZnMdB-B44cuq3uXC6VoF-9H8DEKlj-8DjWPwhkZJf_zRRaNwD0iDpf9L-0XmFcLURHVlGSz3AqsQzulIvTRwuI3DGtdKWopLOSQZO_0WcWr2Vb6ZDxUEb0Dw_6VKgB3CKhSgBk3fLjofNMYs0vXHiE1ylEo1_ppCmUn44OW3Dla06rxp_i4RVmUQ0Ib83_j2QfH05Nfkc5bzYRsrAhcsY9BSU4zJp0KV451UF_PnfBUWH1zTKfM52OQzyFCKLifXY9o8_aU8SC5cLeOf3Z3aPV8hObdsongQea4sgbyz-wRH1ZS9Y17LXDZaP5LIu5o0neTV_BJ5-9rPwLiUIBb7BsTibsRZ1JYaG59333ofgQveUE56rr6SRdlv0vy4NxXywWs6cvc2j7by-cxjzb-ju1rhPmGlOquyFHs391OpyKGuE5ZvCfhg7JVeNng9TwaFzLzt-nANzJNtVyANSaWvMLbyIGsyKeLDallFdw_P6wOWaZ8udGKncD3snlYJ2JaIPrzr3j7Beg3YHII7LUjtq_AS2g2uTsf2xWDm2BwFVRNXYI9v-Hrzo6QX1oQzQJ5Bx-s2Db-4V7RLAQ5Ah0kXiwx36EG1IBOVTvxisY2NTQkEzi8y8k-ODzm-hAIaL4YBp0oZAhaAx-Vxqnoar00c-kuutJa10POERYXBBpmoVoHQCvdFUgltQ6WA2lNxDjvikQTONHsFsuZoFw8KMFyC_nwnm5wWZHB6cf-jmJE0FMdch1IUZ4V2KwimnWescQWn6M3tDzgnJ7cl15Oo6M2PBlu8Cd8g6XpbWmroNxFY9KySA3-bQyPmbGX-5QfRauCL0to6Y-2AXIs1iJy9GZdyHVyQhJGEDlULOwJ_iL17F7cY5Bxx9FrwsXnEfYwFlJHzLfoDxJcmf8KNaFos9h-BlhPxMgK-FDym7n4SLa_Kghl3AeLq4JLAF9sI1uN3SRDjlcNg2xdIJD1rLBUDLWovq83u3bk1YO4QTl0gW0_1lcm1tkhXLnGOmZ42aQ5j3gdaFUe0GFJOW07owwlUtMJr&sai=AMfl-YRAXNjj5-ZcQmRKqVuSNAZ78pPqFSq_wsfbeI-o98kOL9xBIjvR0E_PPhaTwPQVGO4b0BmAiecNPvjVzvUwgQJsN81p4zLGX8UOk0UVRZHyNpH8F17SN3GtImWl6P4jCNGQh1H2y9AFcKdivFUqouZWxeDgXy4ZHbX2OBrJvBSCJRco-8hAsi8g6vv8RJTUlONV8yKZZ0I3cWctGF9Wy92NQNsVGqjN435GKyoETW2ABmdBYnJAOqbt_GKDDLZk2JSLNF235ZWaeiulSdDSdIi8Y7iFO_jAuH5LEfp2WacNq3g_cbqHNvRd0EN6e156GM7EjYZhQDZR6YEeoJWfeiF0RDkCnMlaJfvEpEFoncUzS3_6DiKCfSEnWkdbw-VRVXiNJc4SQxwmVZgU5_Ac3JwJRoW09v0jmghkGeOmUkWHoLLy0RWmb22-HiW3aepMrcS4q9wLhNZXdYdvF4D7CuaDPPxdfOdBeTbkmQ&sig=Cg0ArKJSzBnt6mHx9UAPEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20221110.37382&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 15:10:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 15:25:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Nov 2022 15:10:34 GMT
X-Firefox-Spdy: h2
www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019
200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019
IP
File type C++ source, ASCII text, with very long lines (1921)
Hash 48a3f12d2425ba123d53524adc123834
c8f4ecbe239261b944879c18ec1a353d0cc674ba
632e1fbd2bba00a95491c806cdf850014b1b617323f698c492272d917603e20b
GET /mysidia/f7733d2b54a65c984752ab0a98c7def9.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14118
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:43:31 GMT
expires: Mon, 20 Feb 2023 10:43:31 GMT
cache-control: public, max-age=7776000
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
content-type: text/javascript
age: 534423
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 539 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1018), with no line terminators
Hash ea7794e40861e984a17391de4dd07612
0d49a705e925295605ef23493b03e469c32dff1e
fb5024286de5cfabd0d5ef3d383ac98ed70aadfdab7afb0ec0c78cb03a504c3e
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 352
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
vs=555020=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
pid=2619330649610866421; expires=Tue, 28 Nov 2023 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450344710910&o=1; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:34 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstWGxDq1tJ6ImypxLv5_j_tXDQRjguZ3nlO039m3MxQx3raYUo75th182-eP6TtglM7UmtwxHI3uX6eMM0BgU3L3sHeMS-zxhOPycxYaBUKruQ74V3W-QCIe1RmcOWiws66UwX8ldsSaAl5BtPekaF7L3AFPJWy6ChUfZDBmI9DgX8W8QEMh3VoTvbeUF6fZyr0jaF5KY8sV3N5GhZRFLVYZQZrTpuB91PMaOa3Og-S6Yp9xGtTO-AOjF43vZmAdVr59vnvnyBNsMalPlzA9ftkvYz1Z_Z5Zl5JGMTo25AzOpsx9TjXtmS7AYnjztchzAdxTMJlMriaENuENr8WtEAmWLgtyzcPJlCBE6CQ956IYxjg8cft4ogPNziUQjCFGbkVkUsI52sthUcX33ZPM9ESIunsHzLlWAOAsK_d59keaNmBrOKS8f1uIYZ12j2YN0bgIZUZhPAb4XV7yak6xEPoJa9vk1fareWdY0X_uvJV7TR1p0_14eqbo_cou2opqQ0HhgJoSG4puqGzG79k7XWsWUN_zRHRXlHeVzJFg1e11nDe7y3YvX_LLTTFp9hEztsO3rkTJmrgAZX2DnCilZjfyPNj1D95YlBsFBrmP6OauQnFH_zrz9bAO3_wh-B_mP8_wV6H3RzZWsmN0ohGkm4kpVGSSj9pcYOlDX8qkvljTC0rMs7kjTvyh5bJhm35TYhSSVsqu2Io-D0dDC7UV6tUHP0YS-O5y2u3cY_nel-1E6ncV9LgUTVzPTZXiVnXWcW2ZMyUxWMiy-rgfkgq8NQ_hpZFHTgvLslnU4HNFZ3eJAqV4ZhOYUdWqPhU7q-drRIe2wXdE6coqeZ6lO8OwjmzuByv9lh-jbqngJccFibRp2nlaYtvZJXuzkFKnNcbjuFBdcvj2D9kCa1SJsTxdpEJlR125unUlKLh6ALCgpjeubh2d1JwskaOFOXM48ldrajFNHKnGy8mGLE8GsePkALIpi7EtuXDqSEajNWrCmdQQSgPJVwZG7daCCOGhK_pNwIEHekzq7R3TrQJAFxxxuJO_g19Bf5XdvdZs_nYEHhvS_f7zJfrE3nIYEeGV6f-e--p1D72uHeP6THqDZdYSYpECRTjYtp1qsAX-0k2WaFCvZ3WSIMHf8MrR9r1nXlDTV9zsVLj0Mi7ZcvwFilzAUROUbTKKnDhVA2YRpId7DuSktvav9nXfGnYDXhiuWG5FTZxlqvsFnA14_PfAIy1zZMGwTVzq4vDNJ5BtMwlywI&sai=AMfl-YSYQ47rSzi5Klq3KjU4SQ6Yhytn8c2nOjXK1dCYtddIlIZXJHFFRmZBrUhgLsgmsgtksrayZxMlx_38pvBQrBC3Gh6iz8R0BrTFWqDlem_48ccHCOZQ61xQmBiSwyhcEnDCxkpzqaMOsX5_jqzA0nlBKuo3ABJ_MuXtg5TvssgXXsukQP5vX3wmP3EoqyLt7ZC71Jz-DYWBgDO1z31PRUPLpgLtFUymJPzTWwW08kuPK58y07iaWWYcOsIkrK1OWH_oiaRYiEHQTpYPKzVqw-RQvQ7RTUSj664T8_pgWGWDGX6-FaeBhqzzx-owy_-N8WVcREVzWk2H9jPvXvJe8tB-OofLY36VXY4s6z_S3I0hM2xvOw_w8WgLON4Ubc2oGJQqp5DHGEYUZY2n_gEd09d-j22rnpN-V9Aex2htkNEL3X4KuhF3k_I0UvSU_kDw8D0vtn5CGoweiHUFOzTBUB8Y-f8kz4xqmJ-j3g&sig=Cg0ArKJSzNE7z-7sTa1FEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221110.01678&arae=0&ftch=1&adurl=
200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstWGxDq1tJ6ImypxLv5_j_tXDQRjguZ3nlO039m3MxQx3raYUo75th182-eP6TtglM7UmtwxHI3uX6eMM0BgU3L3sHeMS-zxhOPycxYaBUKruQ74V3W-QCIe1RmcOWiws66UwX8ldsSaAl5BtPekaF7L3AFPJWy6ChUfZDBmI9DgX8W8QEMh3VoTvbeUF6fZyr0jaF5KY8sV3N5GhZRFLVYZQZrTpuB91PMaOa3Og-S6Yp9xGtTO-AOjF43vZmAdVr59vnvnyBNsMalPlzA9ftkvYz1Z_Z5Zl5JGMTo25AzOpsx9TjXtmS7AYnjztchzAdxTMJlMriaENuENr8WtEAmWLgtyzcPJlCBE6CQ956IYxjg8cft4ogPNziUQjCFGbkVkUsI52sthUcX33ZPM9ESIunsHzLlWAOAsK_d59keaNmBrOKS8f1uIYZ12j2YN0bgIZUZhPAb4XV7yak6xEPoJa9vk1fareWdY0X_uvJV7TR1p0_14eqbo_cou2opqQ0HhgJoSG4puqGzG79k7XWsWUN_zRHRXlHeVzJFg1e11nDe7y3YvX_LLTTFp9hEztsO3rkTJmrgAZX2DnCilZjfyPNj1D95YlBsFBrmP6OauQnFH_zrz9bAO3_wh-B_mP8_wV6H3RzZWsmN0ohGkm4kpVGSSj9pcYOlDX8qkvljTC0rMs7kjTvyh5bJhm35TYhSSVsqu2Io-D0dDC7UV6tUHP0YS-O5y2u3cY_nel-1E6ncV9LgUTVzPTZXiVnXWcW2ZMyUxWMiy-rgfkgq8NQ_hpZFHTgvLslnU4HNFZ3eJAqV4ZhOYUdWqPhU7q-drRIe2wXdE6coqeZ6lO8OwjmzuByv9lh-jbqngJccFibRp2nlaYtvZJXuzkFKnNcbjuFBdcvj2D9kCa1SJsTxdpEJlR125unUlKLh6ALCgpjeubh2d1JwskaOFOXM48ldrajFNHKnGy8mGLE8GsePkALIpi7EtuXDqSEajNWrCmdQQSgPJVwZG7daCCOGhK_pNwIEHekzq7R3TrQJAFxxxuJO_g19Bf5XdvdZs_nYEHhvS_f7zJfrE3nIYEeGV6f-e--p1D72uHeP6THqDZdYSYpECRTjYtp1qsAX-0k2WaFCvZ3WSIMHf8MrR9r1nXlDTV9zsVLj0Mi7ZcvwFilzAUROUbTKKnDhVA2YRpId7DuSktvav9nXfGnYDXhiuWG5FTZxlqvsFnA14_PfAIy1zZMGwTVzq4vDNJ5BtMwlywI&sai=AMfl-YSYQ47rSzi5Klq3KjU4SQ6Yhytn8c2nOjXK1dCYtddIlIZXJHFFRmZBrUhgLsgmsgtksrayZxMlx_38pvBQrBC3Gh6iz8R0BrTFWqDlem_48ccHCOZQ61xQmBiSwyhcEnDCxkpzqaMOsX5_jqzA0nlBKuo3ABJ_MuXtg5TvssgXXsukQP5vX3wmP3EoqyLt7ZC71Jz-DYWBgDO1z31PRUPLpgLtFUymJPzTWwW08kuPK58y07iaWWYcOsIkrK1OWH_oiaRYiEHQTpYPKzVqw-RQvQ7RTUSj664T8_pgWGWDGX6-FaeBhqzzx-owy_-N8WVcREVzWk2H9jPvXvJe8tB-OofLY36VXY4s6z_S3I0hM2xvOw_w8WgLON4Ubc2oGJQqp5DHGEYUZY2n_gEd09d-j22rnpN-V9Aex2htkNEL3X4KuhF3k_I0UvSU_kDw8D0vtn5CGoweiHUFOzTBUB8Y-f8kz4xqmJ-j3g&sig=Cg0ArKJSzNE7z-7sTa1FEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221110.01678&arae=0&ftch=1&adurl=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstWGxDq1tJ6ImypxLv5_j_tXDQRjguZ3nlO039m3MxQx3raYUo75th182-eP6TtglM7UmtwxHI3uX6eMM0BgU3L3sHeMS-zxhOPycxYaBUKruQ74V3W-QCIe1RmcOWiws66UwX8ldsSaAl5BtPekaF7L3AFPJWy6ChUfZDBmI9DgX8W8QEMh3VoTvbeUF6fZyr0jaF5KY8sV3N5GhZRFLVYZQZrTpuB91PMaOa3Og-S6Yp9xGtTO-AOjF43vZmAdVr59vnvnyBNsMalPlzA9ftkvYz1Z_Z5Zl5JGMTo25AzOpsx9TjXtmS7AYnjztchzAdxTMJlMriaENuENr8WtEAmWLgtyzcPJlCBE6CQ956IYxjg8cft4ogPNziUQjCFGbkVkUsI52sthUcX33ZPM9ESIunsHzLlWAOAsK_d59keaNmBrOKS8f1uIYZ12j2YN0bgIZUZhPAb4XV7yak6xEPoJa9vk1fareWdY0X_uvJV7TR1p0_14eqbo_cou2opqQ0HhgJoSG4puqGzG79k7XWsWUN_zRHRXlHeVzJFg1e11nDe7y3YvX_LLTTFp9hEztsO3rkTJmrgAZX2DnCilZjfyPNj1D95YlBsFBrmP6OauQnFH_zrz9bAO3_wh-B_mP8_wV6H3RzZWsmN0ohGkm4kpVGSSj9pcYOlDX8qkvljTC0rMs7kjTvyh5bJhm35TYhSSVsqu2Io-D0dDC7UV6tUHP0YS-O5y2u3cY_nel-1E6ncV9LgUTVzPTZXiVnXWcW2ZMyUxWMiy-rgfkgq8NQ_hpZFHTgvLslnU4HNFZ3eJAqV4ZhOYUdWqPhU7q-drRIe2wXdE6coqeZ6lO8OwjmzuByv9lh-jbqngJccFibRp2nlaYtvZJXuzkFKnNcbjuFBdcvj2D9kCa1SJsTxdpEJlR125unUlKLh6ALCgpjeubh2d1JwskaOFOXM48ldrajFNHKnGy8mGLE8GsePkALIpi7EtuXDqSEajNWrCmdQQSgPJVwZG7daCCOGhK_pNwIEHekzq7R3TrQJAFxxxuJO_g19Bf5XdvdZs_nYEHhvS_f7zJfrE3nIYEeGV6f-e--p1D72uHeP6THqDZdYSYpECRTjYtp1qsAX-0k2WaFCvZ3WSIMHf8MrR9r1nXlDTV9zsVLj0Mi7ZcvwFilzAUROUbTKKnDhVA2YRpId7DuSktvav9nXfGnYDXhiuWG5FTZxlqvsFnA14_PfAIy1zZMGwTVzq4vDNJ5BtMwlywI&sai=AMfl-YSYQ47rSzi5Klq3KjU4SQ6Yhytn8c2nOjXK1dCYtddIlIZXJHFFRmZBrUhgLsgmsgtksrayZxMlx_38pvBQrBC3Gh6iz8R0BrTFWqDlem_48ccHCOZQ61xQmBiSwyhcEnDCxkpzqaMOsX5_jqzA0nlBKuo3ABJ_MuXtg5TvssgXXsukQP5vX3wmP3EoqyLt7ZC71Jz-DYWBgDO1z31PRUPLpgLtFUymJPzTWwW08kuPK58y07iaWWYcOsIkrK1OWH_oiaRYiEHQTpYPKzVqw-RQvQ7RTUSj664T8_pgWGWDGX6-FaeBhqzzx-owy_-N8WVcREVzWk2H9jPvXvJe8tB-OofLY36VXY4s6z_S3I0hM2xvOw_w8WgLON4Ubc2oGJQqp5DHGEYUZY2n_gEd09d-j22rnpN-V9Aex2htkNEL3X4KuhF3k_I0UvSU_kDw8D0vtn5CGoweiHUFOzTBUB8Y-f8kz4xqmJ-j3g&sig=Cg0ArKJSzNE7z-7sTa1FEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221110.01678&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 15:10:34 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 15:25:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Nov 2022 15:10:34 GMT
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
200 OK 604 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
IP
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 7bd42e5a35b5fb3ff852d6ea9191ca83
8a141eb392a05a2dea3dcd83b97940ef70a81ebc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
GET /images/icons/material/system/2x/settings_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 14:57:51 GMT
expires: Tue, 28 Nov 2023 14:57:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 763
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
200 OK 205 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
IP
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 4087858e2c9db9aa8f6a840aedcfb533
d1ffe861da6bd0e95fd1a365b0c3d3ceb6cd58a3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
GET /images/icons/material/system/2x/feedback_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 12:48:11 GMT
expires: Tue, 28 Nov 2023 12:48:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 8543
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fearnme.club%252F&e=wqT_3QLHC-jHBQAAAwDWAAUBCOqek5wGEJWeoMGPrIbBERgAKjYJehSuR-F6hD8RCPzh578Hfz8ZAAAA4FG4vj8hCA0SBCl7DSQQMQAAAEABLfB5MO-83ww4mFBA2AhIAlDhlPO5AVi18qABYABoif3DAXjGhwaAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTgyMzgwNywgMCk7dWYoJ2knLCA3NjkyNDEZFDhnJywgMTkyMTYzMzEsIDAJKTBzJywgMjc5ODIyOTQ1FRYscicsIDM4OTg1OTkzCUHwvJICnQUhUW84eFZ3alRpT3NaRU9HVTg3a0JHQUFndGZLZ0FUQUJPQUJBQUVqWUNGRHZ2TjhNV0FCZ19fX19fdzlvQUhBQmVBR0FBUUdJQVFHUUFRR1lBUUdnQVFLb0FRS3dBUUM1QWJPNG9QM0JzNE1fd1FIVzJsem80WHFFUDhrQkFBQUFBQUFBOERfWkFTa2l3eXJleU80XzRBR0J3ZFVEOVFIVnZEWS1tQUlBb0FJQXRRSUFBQUFBdlFJQQE78Fh3QUlCeUFJQjBBSUIyQUlCNEFJQTZBSUEtQUlCZ0FNQm1BTUJvZ01PQ016WTV5WVFCQmdCTFJjUlN6cWlBeE1JbE52R0poQUtHQUV0alF1Q1B6SURkVzVybwE0ME5UcHJTWVFDeGdDTFEBbvBlQzZBd2xHVWtFeE9qWTFPRFRnQS00dmdBVFgyclVKaUFUYjJyVUprQVFBbUFRRXNnUUpDS2VIVWhDT3VxSU5zZ1FLQ0xIVTh3d1FqcnFpRGJvRUdRaVFDaEc0SG9YclViaXVQeGtBAWoFAVBDQ25oMUxCQkxnZWhldFJ1SzRfeVEFiQkBGE5nRUFQRUUJDQEBeENJQmJnem1BWGhoTGVGQWFrRktTTERLdDdJN2oteEIdOwh3UVUBMQkBCE1rRgkJJYgAUi4oAAAyFSjARHdQLUFGNkFmd0JjdnZsQW40QmItNjR3S0NCZ05GVlZLSUJnU1FCZ0dZQmdDaEJtWgkCLHZvX3FBWUVzZ1lrQx2AAEUdDABHHQwASR0MNHVBWUuaApkBIWNSd3pnPqECNExYeW9BRWdBQ2dBTVdaFW0ET2cuoQEUUkE3aTlKOQUEOVIR6QxBQUJaHQwwaHVCNkY2MUc0cmo5cB0YAHgdDBA0QUlrQhEQ9EgBOEQ4LtgCAOACm4VO6gIUaHR0cHM6Ly9lYXJubWUuY2x1Yi-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AO2wMQB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA4xMTEyI0ZSQTE6NjU4NNoEAggB4AQB8AThlPO5AYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZzeUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Aa_A9oGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgAEAAYACAAMAA45RVAAMgHxocG0gcNCQANOgE4DNoHBggFCWjgBwDqBwIIAPAHzPULiggCEACVCAAAgD-YCAE.&s=ebe43cc1391396bd82428def198a6d7b1f935f78
200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fearnme.club%252F&e=wqT_3QLHC-jHBQAAAwDWAAUBCOqek5wGEJWeoMGPrIbBERgAKjYJehSuR-F6hD8RCPzh578Hfz8ZAAAA4FG4vj8hCA0SBCl7DSQQMQAAAEABLfB5MO-83ww4mFBA2AhIAlDhlPO5AVi18qABYABoif3DAXjGhwaAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTgyMzgwNywgMCk7dWYoJ2knLCA3NjkyNDEZFDhnJywgMTkyMTYzMzEsIDAJKTBzJywgMjc5ODIyOTQ1FRYscicsIDM4OTg1OTkzCUHwvJICnQUhUW84eFZ3alRpT3NaRU9HVTg3a0JHQUFndGZLZ0FUQUJPQUJBQUVqWUNGRHZ2TjhNV0FCZ19fX19fdzlvQUhBQmVBR0FBUUdJQVFHUUFRR1lBUUdnQVFLb0FRS3dBUUM1QWJPNG9QM0JzNE1fd1FIVzJsem80WHFFUDhrQkFBQUFBQUFBOERfWkFTa2l3eXJleU80XzRBR0J3ZFVEOVFIVnZEWS1tQUlBb0FJQXRRSUFBQUFBdlFJQQE78Fh3QUlCeUFJQjBBSUIyQUlCNEFJQTZBSUEtQUlCZ0FNQm1BTUJvZ01PQ016WTV5WVFCQmdCTFJjUlN6cWlBeE1JbE52R0poQUtHQUV0alF1Q1B6SURkVzVybwE0ME5UcHJTWVFDeGdDTFEBbvBlQzZBd2xHVWtFeE9qWTFPRFRnQS00dmdBVFgyclVKaUFUYjJyVUprQVFBbUFRRXNnUUpDS2VIVWhDT3VxSU5zZ1FLQ0xIVTh3d1FqcnFpRGJvRUdRaVFDaEc0SG9YclViaXVQeGtBAWoFAVBDQ25oMUxCQkxnZWhldFJ1SzRfeVEFiQkBGE5nRUFQRUUJDQEBeENJQmJnem1BWGhoTGVGQWFrRktTTERLdDdJN2oteEIdOwh3UVUBMQkBCE1rRgkJJYgAUi4oAAAyFSjARHdQLUFGNkFmd0JjdnZsQW40QmItNjR3S0NCZ05GVlZLSUJnU1FCZ0dZQmdDaEJtWgkCLHZvX3FBWUVzZ1lrQx2AAEUdDABHHQwASR0MNHVBWUuaApkBIWNSd3pnPqECNExYeW9BRWdBQ2dBTVdaFW0ET2cuoQEUUkE3aTlKOQUEOVIR6QxBQUJaHQwwaHVCNkY2MUc0cmo5cB0YAHgdDBA0QUlrQhEQ9EgBOEQ4LtgCAOACm4VO6gIUaHR0cHM6Ly9lYXJubWUuY2x1Yi-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AO2wMQB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA4xMTEyI0ZSQTE6NjU4NNoEAggB4AQB8AThlPO5AYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZzeUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Aa_A9oGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgAEAAYACAAMAA45RVAAMgHxocG0gcNCQANOgE4DNoHBggFCWjgBwDqBwIIAPAHzPULiggCEACVCAAAgD-YCAE.&s=ebe43cc1391396bd82428def198a6d7b1f935f78
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fearnme.club%252F&e=wqT_3QLHC-jHBQAAAwDWAAUBCOqek5wGEJWeoMGPrIbBERgAKjYJehSuR-F6hD8RCPzh578Hfz8ZAAAA4FG4vj8hCA0SBCl7DSQQMQAAAEABLfB5MO-83ww4mFBA2AhIAlDhlPO5AVi18qABYABoif3DAXjGhwaAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAIoCaXVmKCdhJywgNTgyMzgwNywgMCk7dWYoJ2knLCA3NjkyNDEZFDhnJywgMTkyMTYzMzEsIDAJKTBzJywgMjc5ODIyOTQ1FRYscicsIDM4OTg1OTkzCUHwvJICnQUhUW84eFZ3alRpT3NaRU9HVTg3a0JHQUFndGZLZ0FUQUJPQUJBQUVqWUNGRHZ2TjhNV0FCZ19fX19fdzlvQUhBQmVBR0FBUUdJQVFHUUFRR1lBUUdnQVFLb0FRS3dBUUM1QWJPNG9QM0JzNE1fd1FIVzJsem80WHFFUDhrQkFBQUFBQUFBOERfWkFTa2l3eXJleU80XzRBR0J3ZFVEOVFIVnZEWS1tQUlBb0FJQXRRSUFBQUFBdlFJQQE78Fh3QUlCeUFJQjBBSUIyQUlCNEFJQTZBSUEtQUlCZ0FNQm1BTUJvZ01PQ016WTV5WVFCQmdCTFJjUlN6cWlBeE1JbE52R0poQUtHQUV0alF1Q1B6SURkVzVybwE0ME5UcHJTWVFDeGdDTFEBbvBlQzZBd2xHVWtFeE9qWTFPRFRnQS00dmdBVFgyclVKaUFUYjJyVUprQVFBbUFRRXNnUUpDS2VIVWhDT3VxSU5zZ1FLQ0xIVTh3d1FqcnFpRGJvRUdRaVFDaEc0SG9YclViaXVQeGtBAWoFAVBDQ25oMUxCQkxnZWhldFJ1SzRfeVEFiQkBGE5nRUFQRUUJDQEBeENJQmJnem1BWGhoTGVGQWFrRktTTERLdDdJN2oteEIdOwh3UVUBMQkBCE1rRgkJJYgAUi4oAAAyFSjARHdQLUFGNkFmd0JjdnZsQW40QmItNjR3S0NCZ05GVlZLSUJnU1FCZ0dZQmdDaEJtWgkCLHZvX3FBWUVzZ1lrQx2AAEUdDABHHQwASR0MNHVBWUuaApkBIWNSd3pnPqECNExYeW9BRWdBQ2dBTVdaFW0ET2cuoQEUUkE3aTlKOQUEOVIR6QxBQUJaHQwwaHVCNkY2MUc0cmo5cB0YAHgdDBA0QUlrQhEQ9EgBOEQ4LtgCAOACm4VO6gIUaHR0cHM6Ly9lYXJubWUuY2x1Yi-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AO2wMQB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA4xMTEyI0ZSQTE6NjU4NNoEAggB4AQB8AThlPO5AYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZzeUfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Aa_A9oGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgAEAAYACAAMAA45RVAAMgHxocG0gcNCQANOgE4DNoHBggFCWjgBwDqBwIIAPAHzPULiggCEACVCAAAgD-YCAE.&s=ebe43cc1391396bd82428def198a6d7b1f935f78 HTTP/1.1
Host: fra1-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 9c0089c6-a080-4003-81d5-7290bb18bc7b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
gem.gbc.criteo.com/newidsd
200 OK 80 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
Hash 8eccccac503b14a4e005d69a995ab333
487087df639d52d2a043e1cf02891992e850afdd
7ac82801a6772af4b903cb4d274f4adb597c6e3f2d1f2215c74ac0628e9598f4
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 117540
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DVQKvil-fxIYiKZY1-as2_RCp3GJcQeUr-IkfAtHw_6D4LFBYqZ8RzMUJ85cgzj3-AJ_YKBdK6wZMUzy-k2DbizdqR8EbKMkOx_pzQI_ccgMGjH8k
200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DVQKvil-fxIYiKZY1-as2_RCp3GJcQeUr-IkfAtHw_6D4LFBYqZ8RzMUJ85cgzj3-AJ_YKBdK6wZMUzy-k2DbizdqR8EbKMkOx_pzQI_ccgMGjH8k
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/gen_204?id=xbid&dbm_b=AKAmf-DVQKvil-fxIYiKZY1-as2_RCp3GJcQeUr-IkfAtHw_6D4LFBYqZ8RzMUJ85cgzj3-AJ_YKBdK6wZMUzy-k2DbizdqR8EbKMkOx_pzQI_ccgMGjH8k HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 15:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:35 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 490
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:35 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=53759033072&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=53759033072&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=53759033072&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 478
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:34 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://flashnetic.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 138 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 8cef5b416fecd3c3b1df94fc470d7301
9a058a483a8fde64a4deafd954fae13504e88e28
8c4d1e16649907afc0c2fa407f149d34e0ce6ccc85e3d2a6089dda0f3adf45ad
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 642
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 138
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: a3a1d046-8bba-46cd-a718-fc126bd8f9a9
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
prg.smartadserver.com/prebid/v1
200 OK 490 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1124), with no line terminators
Hash 6b833ec02e1b2c6c4ebf1385bf2939c6
68cee1e219dbcabebf79f9b2b7adff5eb007af91
ab0c28051569861f99ac4a33f80165be7f77986f2d674aed9dea655ea8be8122
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
vs=555020=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
pid=7242482744659889776; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450351003087&o=1; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228868&tk_flint=pbjs_lite_v7.19.0&x_source.tid=deb65c96-6eed-4dad-84a4-7e1887746f3a&l_pb_bid_id=12bd1135b1d24a4&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.24057543306371
200 OK 334 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228868&tk_flint=pbjs_lite_v7.19.0&x_source.tid=deb65c96-6eed-4dad-84a4-7e1887746f3a&l_pb_bid_id=12bd1135b1d24a4&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.24057543306371
IP
File type JSON data\012- , ASCII text, with very long lines (334), with no line terminators
Hash b1b1221fd6ea88254834ed87f8ceeb69
f342d1ccbc5fa768c290a562d093921f7933adf0
5011a1b22612147f836161ac6ab13ead88c9e9214aa9e4e63adba07d0290a0d5
GET /a/api/fastlane.json?account_id=17210&site_id=397268&zone_id=2226136&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,a1ea75ec94e5611d58bc,1,,,&rf=earnme.club&tg_i.page=https%3A%2F%2Fearnme.club%2F&tg_i.domain=earnme.club&tg_i.pbadslot=adpn-adtag-1669648228868&tk_flint=pbjs_lite_v7.19.0&x_source.tid=deb65c96-6eed-4dad-84a4-7e1887746f3a&l_pb_bid_id=12bd1135b1d24a4&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.24057543306371 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Mon, 28 Nov 2022 15:10:35 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB0XG7DC-N-V4E; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:35 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpDGSLXO4umV+9DtVM30fCgX9j0V4idhPsi4kmNjdRTKHvs5xm8c681tq9R0N6+0FRpWVHBsUSA99APlTu0R9RN; Domain=.rubiconproject.com; Path=/; Expires=Tue, 28-Nov-2023 15:10:35 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 334
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
IP
File type ASCII text, with very long lines (1549)
Hash 5fcaac58edf786270683ae11ae9417c5
a87cd39eb87ac22814250d88828b9a1872c4f37a
3b9d058ff27f2046aa65d5158d8776a728c35906f599122092421357eea4cadc
GET /pagead/js/r20221110/r20110914/abg_lite.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://66abe6f8b30cb835cf49f457a62edc2b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 11206
x-xss-protection: 0
date: Sun, 27 Nov 2022 15:50:01 GMT
expires: Sun, 11 Dec 2022 15:50:01 GMT
cache-control: public, max-age=1209600
age: 84034
etag: 16690196781007480285
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 562 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (965), with no line terminators
Hash 79fc3704de5976b8968e2b97a5d52f6f
c27ea12dba97bba115f089077fba3d95c504dd62
d3cc5704c23ba5463ed9c03bbfee5725e672ebc28752900b327a96ebe673deb2
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
pid=260358315125067391; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450350870142&o=1; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=03030002_6384cf69b527e&gdpr=0&gdpr_consent=
200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=69&partneruserid=03030002_6384cf69b527e&gdpr=0&gdpr_consent=
IP
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?issi=1&partnerid=69&partneruserid=03030002_6384cf69b527e&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Mon, 28 Nov 2022 15:10:34 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=643672700205223435; expires=Thu, 28 Dec 2023 15:10:35 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Thu, 28 Dec 2023 15:10:35 GMT; domain=smartadserver.com; path=/
csync=69:03030002_6384cf69b527e; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 547
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 15:10:35 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://flashnetic.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=83492099193&lsavail=0
200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=83492099193&lsavail=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=83492099193&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 478
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:35 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://flashnetic.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 137 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash ce700c6f6accae29e61a33b52a4968f2
ff14f89a063625fafdcb627019d40836d0096083
817fc558e27cbbb9ce75021852c37a877f39defed1f5df0960f41aa143ec3cf6
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 643
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 15:10:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 137
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://flashnetic.com
AN-X-Request-Uuid: 2336c929-9ea7-4e19-b7ae-21db7e181c35
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 491
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 15:10:35 GMT
access-control-allow-origin: https://flashnetic.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
200 OK 517 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1069), with no line terminators
Hash 13b90fe7e3c9f9e531792f294a4d8516
8e36a76bcc05041b9a96edcb4fd73ebd3aa4f8a8
a9055012e2c755528c6394ea8d8df1385df0e27522c296428ed8801718c1796d
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 353
Origin: https://flashnetic.com
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Mon, 28 Nov 2022 15:10:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://flashnetic.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
vs=525642=5210830; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
pid=2026142232345136779; expires=Tue, 28 Nov 2023 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638052450353243574&o=1; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Tue, 29 Nov 2022 15:10:35 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
static.criteo.net/js/ld/publishertag.prebid.130.js
200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.130.js
IP
GET /js/ld/publishertag.prebid.130.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 15:10:29 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-16120"
expires: Tue, 29 Nov 2022 15:10:29 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=hblahx&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=hblahx&e=1635039149730
IP
GET /r/p.html?f=hblahx&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yNOBKNLrjfX-_W_0m8uIA-4ePs4QuHinBonXcGRXYflrX82pP7TIdA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=qgveffcsfsd&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=qgveffcsfsd&e=1635039149730
IP
GET /r/p.html?f=qgveffcsfsd&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -mbLTYt_hMhHhKsfoVtjCfeeYD7q_mz_8LNiKvECa6nFmkS7fj_8ng==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
earnme.club/wp-content/themes/mh-magazine-lite/fonts/fontawesome-webfont.woff2?v=4.7.0
200 OK 0 B URL HTTP/2 earnme.club/wp-content/themes/mh-magazine-lite/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mh-magazine-lite/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://earnme.club/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
Cookie: _uc_referrer=https://www.google.com/; _pbjs_userid_consent_data=3524755945110770
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 15:10:26 GMT
content-type: font/woff2
last-modified: Sun, 26 Jun 2022 02:57:58 GMT
accept-ranges: bytes
content-length: 77160
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ilmbgao&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=ilmbgao&e=1635039149730
IP
GET /r/p.html?f=ilmbgao&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cyKGK9aNl9BOBPAEIJyFV5QGN-XAOmiHQnmXoKlIk0YuW6CAcYAiqQ==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=fkgrqvpjp&e=1979171841404
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=fkgrqvpjp&e=1979171841404
IP
GET /r/p.html?f=fkgrqvpjp&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: K-QXWtm3iTfwbEmddtWEueRx3WIE1r6fgcaRIp3EK_I1twY8e7trUw==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/t.js?i=uv85s8wiydoa62b7a5wma&cb=1477481669648226254
200 OK 0 B URL HTTP/2 flashnetic.com/t.js?i=uv85s8wiydoa62b7a5wma&cb=1477481669648226254
IP
GET /t.js?i=uv85s8wiydoa62b7a5wma&cb=1477481669648226254 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 10:14:17 GMT
x-amz-version-id: _w3ae0RYCGBlDTPjQPIQB8LKoj64xOVc
server: AmazonS3
content-encoding: br
date: Mon, 28 Nov 2022 00:27:13 GMT
etag: W/"57c945f3c1feba973398debac47b1341"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uQcTrBnmnFctUjKUno11P0xaGf7jqWlj9xDtNy-7DVp5Ve3IdZ2rqw==
age: 52995
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F
200 OK 0 B URL HTTP/2 sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F
IP
ASN #24940 Hetzner Online GmbH
GET /bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F HTTP/1.1
Host: sync.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Mon, 28 Nov 2022 15:10:32 GMT
content-type: image/png
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=fstodgrx&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=fstodgrx&e=1315978926706
IP
GET /r/p.html?f=fstodgrx&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r-B6jIqlXlCH9UH0P53zRu_XJ7R6VIPIIgBotVzOcDFCFf8SWK32wA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=ifrcmjge&e=1979171841404
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=ifrcmjge&e=1979171841404
IP
GET /r/p.html?f=ifrcmjge&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QPrnZ5ImOQpGJwXuIa2RkEVpkN1fB70vYrb1TWman5__dwOlJul72A==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
earnme.club/wp-admin/css/colors/blue/blue.php?id=l7ui0f88ylvzcrd1dmvxp
200 OK 0 B URL HTTP/2 earnme.club/wp-admin/css/colors/blue/blue.php?id=l7ui0f88ylvzcrd1dmvxp
IP
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /wp-admin/css/colors/blue/blue.php?id=l7ui0f88ylvzcrd1dmvxp HTTP/1.1
Host: earnme.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/v20-se-from-vivo/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Mon, 28 Nov 2022 15:10:26 GMT
X-Firefox-Spdy: h2
flashnetic.com/t.js?i=tvdi2ru09cf0ymc0mwei9&cb=8745321669648226252
200 OK 0 B URL HTTP/2 flashnetic.com/t.js?i=tvdi2ru09cf0ymc0mwei9&cb=8745321669648226252
IP
GET /t.js?i=tvdi2ru09cf0ymc0mwei9&cb=8745321669648226252 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 10:14:17 GMT
x-amz-version-id: _w3ae0RYCGBlDTPjQPIQB8LKoj64xOVc
server: AmazonS3
content-encoding: br
date: Mon, 28 Nov 2022 00:27:13 GMT
etag: W/"57c945f3c1feba973398debac47b1341"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bTClwRM-HiA8ht1LCu2Unmj81xCOddAlQu7__Io40myyBy05WT-W8A==
age: 52995
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=zsqrrwf&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=zsqrrwf&e=1635039149730
IP
GET /r/p.html?f=zsqrrwf&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y-81AsFdsMOJPS4ck-onl8gggPAqK2JNczjTb5b-67WStAQmoCBG-g==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
pixel.adsafeprotected.com/jload?anId=931236&advId=5823807&campId=19216331&pubId=10264&chanId=279822945&placementId=389859937&dealId=0&planId=26730095&adsafe_par&bidurl=https%3A%2F%2Fearnme.club%2F&bidPr=0.01&uId=2591256401818918292&impId=1261598749888089877&respID=0
200 OK 0 B URL HTTP/2 pixel.adsafeprotected.com/jload?anId=931236&advId=5823807&campId=19216331&pubId=10264&chanId=279822945&placementId=389859937&dealId=0&planId=26730095&adsafe_par&bidurl=https%3A%2F%2Fearnme.club%2F&bidPr=0.01&uId=2591256401818918292&impId=1261598749888089877&respID=0
IP
GET /jload?anId=931236&advId=5823807&campId=19216331&pubId=10264&chanId=279822945&placementId=389859937&dealId=0&planId=26730095&adsafe_par&bidurl=https%3A%2F%2Fearnme.club%2F&bidPr=0.01&uId=2591256401818918292&impId=1261598749888089877&respID=0 HTTP/1.1
Host: pixel.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://flashnetic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: application/javascript;charset=utf-8
pragma: no-cache
cache-control: no-cache
expires: Wed, 31 Dec 1969 23:59:59 GMT
access-control-allow-origin: pixel.adsafeprotected.com
access-control-allow-credentials: true
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=amazon&partner_id=405
200 OK 0 B URL HTTP/2 cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=amazon&partner_id=405
IP
GET /hadron.js?url=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=amazon&partner_id=405 HTTP/1.1
Host: cdn.hadronid.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:29 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"2280e2148e4ee3c06f679f8fac039778"
last-modified: Fri, 18 Nov 2022 10:57:44 GMT
x-amz-id-2: AlHhfnaYFu7DcAqm/AZXcFZz8Z4At5Hcn9XqhUxeA24L5T6B/l+VTePOXZCvBx0dhJEtzYQ2PVA=
x-amz-request-id: FNK044PCM9Y7VVCR
cache-control: max-age=3600
cf-cache-status: HIT
age: 633
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mHH4Ock6MAsds5NvfP4SSgslO8qharNsoGdJ43bt8dP2xBnnSIeWKx7OgQDWzHmZ%2FgaYxQOUc5lpAiQ5uuajNTtS4XsO30oaxgMS0AZEUhkJZzaFzUskdoP%2B%2F%2BMOvHSBDg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771407d8dfc0b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
302 Found 0 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
IP
GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 28 Nov 2022 15:10:33 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Sun, 26-Feb-2023 15:10:33 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001669648233-QF224L0L-L8SQ
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=azyenmhzd&e=1979171841404
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=azyenmhzd&e=1979171841404
IP
GET /r/p.html?f=azyenmhzd&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lrutK5k2JfCiOaLakHQf7WE6H2rrAU-ZlQ6Rr5pW8l2cj5x2oPPFIg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cloudflare.com/cdn-cgi/trace
200 OK 0 B URL HTTP/2 cloudflare.com/cdn-cgi/trace
IP
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:26 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 771407c9ab4bb4f7-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
shb.richaudience.com/hb/
200 OK 0 B IP
ASN #24940 Hetzner Online GmbH
POST /hb/ HTTP/1.1
Host: shb.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 672
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Mon, 28 Nov 2022 15:10:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=flswh&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=flswh&e=1315978926706
IP
GET /r/p.html?f=flswh&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eqMpnmNUmwmj_5YZQI1LBnaO5rQJkAPDPbpKAqPz_SXoiAp6Wcdzew==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
go1.aniview.com/api/adserver/tag/?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f&AV_VIDEOURL=https%3A%2F%2Fstreaming.playstream.media%2Fstorage%2Fvideos%2F489cf6ec-67fb-41aa-ab10-6385d5071f8a%2Findex.m3u8&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&AV_CHANNELID=6278fd47e6b0901a49776895&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=earnme.club&AV_DADPOS=1&AV_TAG=62790805abc41c4450002684&AV_TEMPLATE=6278f4f0a7dd573d85421cad&d36=6.2.64&responsive=1&sver=3&avtoken=227343&omv=1.0.1&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&AV_WIDTH=640&AV_HEIGHT=361&AV_CCPA=1---&AV_DNT=0&cb=1669648227345&wfc=1
200 OK 0 B URL HTTP/2 go1.aniview.com/api/adserver/tag/?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f&AV_VIDEOURL=https%3A%2F%2Fstreaming.playstream.media%2Fstorage%2Fvideos%2F489cf6ec-67fb-41aa-ab10-6385d5071f8a%2Findex.m3u8&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&AV_CHANNELID=6278fd47e6b0901a49776895&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=earnme.club&AV_DADPOS=1&AV_TAG=62790805abc41c4450002684&AV_TEMPLATE=6278f4f0a7dd573d85421cad&d36=6.2.64&responsive=1&sver=3&avtoken=227343&omv=1.0.1&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&AV_WIDTH=640&AV_HEIGHT=361&AV_CCPA=1---&AV_DNT=0&cb=1669648227345&wfc=1
IP
GET /api/adserver/tag/?AV_TAGID=62790805abc41c4450002684&AV_PUBLISHERID=62176a72a06fe80ba569d18f&AV_VIDEOURL=https%3A%2F%2Fstreaming.playstream.media%2Fstorage%2Fvideos%2F489cf6ec-67fb-41aa-ab10-6385d5071f8a%2Findex.m3u8&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fearnme.club%2Fv20-se-from-vivo%2F&AV_CHANNELID=6278fd47e6b0901a49776895&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=earnme.club&AV_DADPOS=1&AV_TAG=62790805abc41c4450002684&AV_TEMPLATE=6278f4f0a7dd573d85421cad&d36=6.2.64&responsive=1&sver=3&avtoken=227343&omv=1.0.1&clsid=92fae417-03ec-462f-9360-c614c1821e98&rando=65&AV_WIDTH=640&AV_HEIGHT=361&AV_CCPA=1---&AV_DNT=0&cb=1669648227345&wfc=1 HTTP/1.1
Host: go1.aniview.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:28 GMT
content-type: application/json
vary: Accept-Encoding
set-cookie: aniC=1669648228308-921983774696-007271-004-000203; Expires=Sun, 18-Dec-22 15:10:28 GMT; Max-Age=1728000; Domain=aniview.com; Path=/; Secure; HttpOnly; SameSite=None
aniC=; Expires=Sun, 18-Dec-22 15:10:28 GMT; Max-Age=1728000; Domain=aniview.com; Path=/; Secure; HttpOnly; SameSite=None
access-control-allow-credentials: true
access-control-allow-origin: https://earnme.club
expires: Thu, 17 Nov 2022 01:23:48 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=405&sync=0&domain=earnme.club&url=https://earnme.club/v20-se-from-vivo/
200 OK 0 B URL HTTP/2 id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=405&sync=0&domain=earnme.club&url=https://earnme.club/v20-se-from-vivo/
IP
GET /v1/hadron.json?_it=amazon&partner_id=405&sync=0&domain=earnme.club&url=https://earnme.club/v20-se-from-vivo/ HTTP/1.1
Host: id.hadron.ad.gt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:30 GMT
content-type: application/json
server: nginx/1.20.0
cache-control: public,max-age=30
access-control-allow-origin: https://earnme.club
access-control-allow-credentials: true
vary: Origin
content-encoding: gzip
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=uvnfwzdsd&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=uvnfwzdsd&e=1315978926706
IP
GET /r/p.html?f=uvnfwzdsd&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qh8tGMpRmQQ46_HPMvLb0iaJrTU5Dn4mU-9Gri3vsB15zcn5jn1F8Q==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=xouykdzp&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=xouykdzp&e=1315978926706
IP
GET /r/p.html?f=xouykdzp&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rB327X6NRBU-Z216hci-TV_50RLzSf62BXR5SZp6cucDPDXaTJpLVA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=yhargjdo&e=1979171841404
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=yhargjdo&e=1979171841404
IP
GET /r/p.html?f=yhargjdo&e=1979171841404 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4cehBiGGEXixBQq0UmeiG_s9XeCVE_Wypbh-jBE7vWwzyUIlex4evw==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=kdvtrxu&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=kdvtrxu&e=1315978926706
IP
GET /r/p.html?f=kdvtrxu&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1U_2qo_u2dODfORCehOtrHyQzsQ3CUivGn9F1Anmnhcl8QFqFw2bqA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
d3div1mtym39ic.cloudfront.net/aax2/apstag.js
200 OK 0 B URL HTTP/2 d3div1mtym39ic.cloudfront.net/aax2/apstag.js
IP
GET /aax2/apstag.js HTTP/1.1
Host: d3div1mtym39ic.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://earnme.club/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 28 Nov 2022 15:04:36 GMT
cache-control: public, max-age=3600
etag: W/"fa24fe2b94a2fc864b1ec67f32e8db32"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QaXDNen-SmPCwifwgPN70H0a-iMEnZGyFUFVCtC1wYad-BzxopiV9Q==
age: 351
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=oorysajw&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=oorysajw&e=1635039149730
IP
GET /r/p.html?f=oorysajw&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3BiOjKc_QjyCzzchwyAF8rcnp1dFqApdmI6HZSJrnE_-imvZg8YfOg==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=tofcqk&e=1635039149730
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=tofcqk&e=1635039149730
IP
GET /r/p.html?f=tofcqk&e=1635039149730 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fCc0P3T-eSwv49R3At4Cj5-d3vni6cp0jvZ7SeaiU09JXCynNCF_EA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&halo_id=0606ki76edgclakaj8l66j78k86lgh8hlgg0yu20mkqi0eyew4000w24y400qs4s0
200 OK 0 B URL HTTP/2 ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&halo_id=0606ki76edgclakaj8l66j78k86lgh8hlgg0yu20mkqi0eyew4000w24y400qs4s0
IP
GET /api/v1/halo_match?id=AU1D-0100-001669648233-QF224L0L-L8SQ&halo_id=0606ki76edgclakaj8l66j78k86lgh8hlgg0yu20mkqi0eyew4000w24y400qs4s0 HTTP/1.1
Host: ids.ad.gt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: image/gif
server: nginx/1.20.0
cache-control: public, max-age=43200
expires: Tue, 29 Nov 2022 03:10:34 GMT
set-cookie: au_id=AU1D-0100-001669648233-QF224L0L-L8SQ; Expires=Wed, 27 Nov 2024 15:10:34 GMT; Domain=.ad.gt; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001669648233-QF224L0L-L8SQ
302 Found 0 B URL HTTP/2 bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001669648233-QF224L0L-L8SQ
IP
GET /bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001669648233-QF224L0L-L8SQ HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-6794d6fb46-crwcx
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
location: https://ids.ad.gt/api/v1/ppnt_match?uid=EC1xhuRnVJ3Y&ev=1&pid=562316&id=AU1D-0100-001669648233-QF224L0L-L8SQ
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: V=EC1xhuRnVJ3Y;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Thu, 23-Nov-2023 15:10:34 GMT;Max-Age=31104000;SameSite=None
INGRESSCOOKIE=ef395233f40a0207; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
cdn.adapex.io/hb/aaw.emc.js
200 OK 0 B URL HTTP/2 cdn.adapex.io/hb/aaw.emc.js
IP
GET /hb/aaw.emc.js HTTP/1.1
Host: cdn.adapex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:26 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:55:48 GMT
vary: Accept-Encoding
etag: W/"637c8084-823c0"
expires: Tue, 29 Nov 2022 07:56:52 GMT
cache-control: public, max-age=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 12983
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rl47cDxmXXzR6A0iGp3urqhrUFFwL29KsNlZ5ISwsEq%2FGsy5m0UNctCOwuJ9gcrsbsPiJVd%2BSM3mJbP3GGTsYHm6rVfG%2FQpCd%2BJTqJvMYgNCikbLwDwHZBqj12tttPr1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771407c74dc70b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
flashnetic.com/r/p.html?f=bpakyxjnw&e=1315978926706
200 OK 0 B URL HTTP/2 flashnetic.com/r/p.html?f=bpakyxjnw&e=1315978926706
IP
GET /r/p.html?f=bpakyxjnw&e=1315978926706 HTTP/1.1
Host: flashnetic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 16:26:51 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SMzBv5JdYJj0K5zTMWcQ15_97Yh6w5HwuBBeZE_SU3N0rg3X2_l2bA==
age: 81820
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
tags.crwdcntrl.net/lt/c/16576/sync.min.js
200 OK 0 B URL HTTP/2 tags.crwdcntrl.net/lt/c/16576/sync.min.js
IP
GET /lt/c/16576/sync.min.js HTTP/1.1
Host: tags.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
last-modified: Mon, 21 Nov 2022 18:55:24 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 19:00:22 GMT
cache-control: max-age: 86400
etag: W/"51c5af7d71728569b41d03503fff2de7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gx1TqO8HuI_Fw4qEr-5FXHHWMnLw_VN31S_mfk194UAC0XJjc-Bcgg==
age: 72608
X-Firefox-Spdy: h2
hb.adpone.com/prebid7.19.0.js
200 OK 0 B URL HTTP/2 hb.adpone.com/prebid7.19.0.js
IP
GET /prebid7.19.0.js HTTP/1.1
Host: hb.adpone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: application/javascript
x-amz-id-2: z8zPPgpChpmPHjrETbNpCXccjPHhgx/GJFcxrGv5xpYywnazjILxUOl1MmK1mgPPDqHEJdhQRpw=
x-amz-request-id: AZB8RQQA6SHSSEK2
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
cache-control: max-age=14400
cf-cache-status: HIT
age: 2636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIdM2XJ0RLfJg4acp2qx%2FPpjRmX9qJaajPdxpyFV54x05mv%2BRfjYzJya3DVqs9vxL%2BDGQ%2FFLOazbSak1xc%2F23YO0vP6mYy6r8%2FHReJQx2OPuygL%2Bnklc%2Bp2M7S9X5AE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771407cfed0d0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
prebid.smilewanted.com/
403 Forbidden 0 B IP
POST / HTTP/1.1
Host: prebid.smilewanted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 358
Origin: https://earnme.club
Connection: keep-alive
Referer: https://earnme.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 28 Nov 2022 15:10:27 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 771407ce2ed70b02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 15:10:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 79710
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
157.90.71.190
185.86.137.131
104.26.10.25
23.36.79.24
3.248.127.202
213.19.162.31
147.75.85.234
151.101.85.108
104.22.53.86
37.157.6.254