r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 33c3dea45eaabae3557235f002dda989
38a1903e09bff723af30fe5080f79646247b9254
b00022c599d7a74bd264b90a1ca9f935eb8a7bc6e63a9751dddc8acfbafe58da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B00022C599D7A74BD264B90A1CA9F935EB8A7BC6E63A9751DDDC8ACFBAFE58DA"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2454
Expires: Tue, 01 Nov 2022 23:33:17 GMT
Date: Tue, 01 Nov 2022 22:52:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8d024a7496f85cabcc9adc118bd9fbec
a1146d4bf5c3e21619777259206bec6cad36e7ea
247b9761f543b4d13fabf86390a1580f92b2b271e1801d99b11bbb1980eefe84
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3525
Cache-Control: max-age=128243
Content-Type: application/ocsp-response
Date: Tue, 01 Nov 2022 22:52:23 GMT
Etag: "6360e755-1d7"
Expires: Thu, 03 Nov 2022 10:29:46 GMT
Last-Modified: Tue, 01 Nov 2022 09:31:01 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8d024a7496f85cabcc9adc118bd9fbec
a1146d4bf5c3e21619777259206bec6cad36e7ea
247b9761f543b4d13fabf86390a1580f92b2b271e1801d99b11bbb1980eefe84
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1957
Cache-Control: max-age=126675
Content-Type: application/ocsp-response
Date: Tue, 01 Nov 2022 22:52:23 GMT
Etag: "6360e755-1d7"
Expires: Thu, 03 Nov 2022 10:03:38 GMT
Last-Modified: Tue, 01 Nov 2022 09:31:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 44ee7bbc64b0396b20a28944ea4ec4d2
dbb18d4238fa3a980e5c254ff25d3b39590b0159
2cc72ff87dcdabcb0a67d8dda7a7c440f8650ffe77f71602954a3076762be50a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC72FF87DCDABCB0A67D8DDA7A7C440F8650FFE77F71602954A3076762BE50A"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7156
Expires: Wed, 02 Nov 2022 00:51:39 GMT
Date: Tue, 01 Nov 2022 22:52:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6xbCQsVOEfqFNslCuLmJECcaMYn0zhcsCjZUyqXcR3o3hf0uW/wb0iMssSdzt5+KlEhYUkLL/UY=
x-amz-request-id: 18RMSK6RC0515XHQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 01 Nov 2022 22:08:30 GMT
age: 2633
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 01 Nov 2022 22:52:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
139.59.49.76/34363?click=pub0925c12ade5244e6a3007750ff20680c&pubid=9637449d
139.59.49.76302 Found 226 B URL HTTP/1.1 139.59.49.76/34363?click=pub0925c12ade5244e6a3007750ff20680c&pubid=9637449d
IP 139.59.49.76:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash e1ebd4ccfa3aa87fe7171466bd37e573
d3cfd8503ab07c0a7d2f9e7e00066a585b31f421
1726fd5301e61a95caba11f0959b3142b0afaee5cad05a7391e30af5455790fe
GET /34363?click=pub0925c12ade5244e6a3007750ff20680c&pubid=9637449d HTTP/1.1
Host: 139.59.49.76
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22K02042223A034363012829swPaY&pubid=34363
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
content-length: 226
date: Tue, 01 Nov 2022 22:52:23 GMT
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f9303161ce04577a7bcd56ce42831a56
690bf1468d25898db3ab46e03639946854ab25f0
40c380dba92d637574e7699ae184a089c090bab6f7215dc0178dadd8b23da43c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3340
Cache-Control: max-age=123002
Content-Type: application/ocsp-response
Date: Tue, 01 Nov 2022 22:52:24 GMT
Etag: "6360d396-1d7"
Expires: Thu, 03 Nov 2022 09:02:26 GMT
Last-Modified: Tue, 01 Nov 2022 08:06:46 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash dba6387faeae28ebd7f46d7b68399639
ef5a1806583f7a649c4b8ce89a7a8f35ae9c3b75
3e84b48ce64198ea2ec44bc399d9e79ef3ed20ec11274ed944671a6b54d411c3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3634
Cache-Control: max-age=89859
Content-Type: application/ocsp-response
Date: Tue, 01 Nov 2022 22:52:24 GMT
Etag: "636050f9-13a"
Expires: Wed, 02 Nov 2022 23:50:03 GMT
Last-Modified: Mon, 31 Oct 2022 22:49:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 314
aditmedia.g2afse.com/click?pid=930&offer_id=18720&sub1=pubacde5e88bcc04199afd0b497fa3582fc&sub2=f0fc7601_34363
34.141.179.97302 Found 0 B URL HTTP/2 aditmedia.g2afse.com/click?pid=930&offer_id=18720&sub1=pubacde5e88bcc04199afd0b497fa3582fc&sub2=f0fc7601_34363
IP 34.141.179.97:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=930&offer_id=18720&sub1=pubacde5e88bcc04199afd0b497fa3582fc&sub2=f0fc7601_34363 HTTP/1.1
Host: aditmedia.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 01 Nov 2022 22:52:24 GMT
content-length: 0
location: https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6361a32848e70a0001a68f26&s=930_f0fc7601_34363
set-cookie: afclick=6361a32848e70a0001a68f26; expires=Wed, 01 Nov 2023 22:52:24 GMT; secure; SameSite=None
afoffers={"18720":1667343144}; expires=Wed, 01 Nov 2023 22:52:24 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac12f77802e55a522822b46c4be2782b
cda2f592b69fb3841638f3b5b82c7017fc154690
a2cc8a58bb01d114378ca7be57e039a70e25f0ab0a3bb64f952a9d564bfcb0b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2CC8A58BB01D114378CA7BE57E039A70E25F0AB0A3BB64F952A9D564BFCB0B2"
Last-Modified: Mon, 31 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9909
Expires: Wed, 02 Nov 2022 01:37:33 GMT
Date: Tue, 01 Nov 2022 22:52:24 GMT
Connection: keep-alive
push.services.mozilla.com/
34.217.237.91101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.217.237.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u/Egbl1p9aWD3gS8+iH7iA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UlTi7b2cyBI5ugxkzB8VpIObcZs=
t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6361a32848e70a0001a68f26&s=930_f0fc7601_34363
51.161.115.163302 Found 0 B URL HTTP/1.1 t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6361a32848e70a0001a68f26&s=930_f0fc7601_34363
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6361a32848e70a0001a68f26&s=930_f0fc7601_34363 HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 01 Nov 2022 22:52:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: xi
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d6497453fa448d686f5e7c2d7f4a20
f6a219bac5b221fc38a16049005b346d71911333
3bcad33d44663ac3287cb74b0429b32bf0e62b33f00b2d06814b868b78f61d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BCAD33D44663AC3287CB74B0429B32BF0E62B33F00B2D06814B868B78F61D48"
Last-Modified: Sun, 30 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15551
Expires: Wed, 02 Nov 2022 03:11:36 GMT
Date: Tue, 01 Nov 2022 22:52:25 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363
51.83.143.92200 OK 504 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (552)
Hash 5a21c189108f9b3fbe7259b819750b97
b9cbaa8eb8926696e59504301187062c7319e811
1c58e679b77df86a75dce147da7a0db8a8218fd364c42e3236d5455e9ef26065
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Nov 2022 22:52:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=6361a329d9e03a179711a39e; expires=Fri, 04-Nov-2022 22:52:25 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363
Cookie: bt-603611c5b7eaf46891533240=6361a329d9e03a179711a39e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 01 Nov 2022 22:52:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2g2
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8ace667e23d3fa71aa1d8184ab280236
f60ab2251edf998e9bedba3adadfd9992dc58683
5ffe2c06b5fd30203077bc047bfbb1c8d961bde492bb25829852d38728eb9bc8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5943
Cache-Control: max-age=103275
Content-Type: application/ocsp-response
Date: Tue, 01 Nov 2022 22:52:25 GMT
Etag: "63607c5d-118"
Expires: Thu, 03 Nov 2022 03:33:40 GMT
Last-Modified: Tue, 01 Nov 2022 01:54:37 GMT
Server: ECS (amb/6BBD)
X-Cache: HIT
Content-Length: 280
ron.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_f0fc7601_34363
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Nov 2022 22:52:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
popcash.net/world/go/134600/317194
104.21.52.38301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 104.21.52.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Tue, 01 Nov 2022 22:52:25 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bC7%2BRKICNnkpBLlro%2BlzC9WE0oC%2BhoMee2uXV0YjvHtT9%2FeLCT7B%2BJD1PwOigkG3ILRDljFnMlAbxO7x8G3%2F1Doan9fnd19WlwbqrfrNpz0V6JAjy3rwXrtvMiEc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 763833625c7db50b-OSL
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
34.232.21.200200 OK 270 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 34.232.21.200:0
File type HTML document, ASCII text
Hash b817ccd3fbb855e9a846d87da84029c2
1757946f61023b50c71f356f300da0530b25faac
df9fe024c3afb4e9ac7b3de5e4ccf5f974b8ceb0c74c4750ea3ff45709b31ba2
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 01 Nov 2022 22:52:25 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 270
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=adacfa0c13c7b333&r=&vw=1280&vh=0
34.232.21.200303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=adacfa0c13c7b333&r=&vw=1280&vh=0
IP 34.232.21.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=adacfa0c13c7b333&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Tue, 01 Nov 2022 22:52:25 GMT
Location: http://adrastos-eli.com/zcvisitor/dab46531-5a37-11ed-99af-0a8a8713005b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=0098f150-174c-11ed-9b74-128084d1ce51#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
adrastos-eli.com/zcvisitor/dab46531-5a37-11ed-99af-0a8a8713005b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=0098f150-174c-11ed-9b74-128084d1ce51
3.212.50.125302 0 B URL HTTP/1.1 adrastos-eli.com/zcvisitor/dab46531-5a37-11ed-99af-0a8a8713005b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=0098f150-174c-11ed-9b74-128084d1ce51
IP 3.212.50.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/dab46531-5a37-11ed-99af-0a8a8713005b/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=0098f150-174c-11ed-9b74-128084d1ce51 HTTP/1.1
Host: adrastos-eli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Tue, 01 Nov 2022 22:52:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/co?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
Server: yhaknrxs
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 74a88e96c5b2084da27fd93e5f6dbc9b
d453af6b8e75328db0af08fb5e05167c72dd86ff
04cd7d3fdfbd3b7ae777818c1557d335ea3f1e4c035c602d7ddca5a136b6c07f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04CD7D3FDFBD3B7AE777818C1557D335EA3F1E4C035C602D7DDCA5A136B6C07F"
Last-Modified: Mon, 31 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16007
Expires: Wed, 02 Nov 2022 03:19:13 GMT
Date: Tue, 01 Nov 2022 22:52:26 GMT
Connection: keep-alive
go.money616.xyz/co?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
52.59.165.42200 OK 1.6 kB URL HTTP/1.1 go.money616.xyz/co?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
IP 52.59.165.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Hash fbf54ac4a947e85fa35b6f90e2539fb0
0d2629d8fafa3ef655966155b8e221c20c0cb0d8
d00a81d2ba7597c81bedc0c4981eed017766c88d4279a319cecdaa3fe74ed189
GET /co?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1554
Date: Tue, 01 Nov 2022 22:52:26 GMT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3597
Expires: Tue, 01 Nov 2022 23:52:23 GMT
Date: Tue, 01 Nov 2022 22:52:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3597
Expires: Tue, 01 Nov 2022 23:52:23 GMT
Date: Tue, 01 Nov 2022 22:52:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3597
Expires: Tue, 01 Nov 2022 23:52:23 GMT
Date: Tue, 01 Nov 2022 22:52:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c18aead96956fc8de41d067a99071c73
29b784835d23ec09a11f91dda1f3ac9f9550c129
106617c550459147e0e38e15d84305ed944cbc259b78291ad0c9fc01083c182d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "106617C550459147E0E38E15D84305ED944CBC259B78291AD0C9FC01083C182D"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3597
Expires: Tue, 01 Nov 2022 23:52:23 GMT
Date: Tue, 01 Nov 2022 22:52:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce7afe40-51df-40f7-a5ea-eccca8096289.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce7afe40-51df-40f7-a5ea-eccca8096289.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0de76d35f26837b0c003f96fb9b51c05
3a4f2fd9086cbc705b903996f14e2df40d615129
a4f143d107ebc9ffa7e84da9a0816f55db13796ed0193516523cfcfc23282166
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce7afe40-51df-40f7-a5ea-eccca8096289.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7829
x-amzn-requestid: 9c2d792c-6f72-4006-9f97-245e0f664d6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a8N8bGftoAMFwBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6361904f-680e59ed401239a2323f5741;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 21:31:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FVb6YU8EddMOEN8FPx-aheiWQ46rbyIIZXBAzy0ymZ_iBtlQyeJCQg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 21:46:06 GMT
etag: "3a4f2fd9086cbc705b903996f14e2df40d615129"
content-type: image/jpeg
age: 3980
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55550fcf-c461-45e4-b8fc-6da3f06e619f.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55550fcf-c461-45e4-b8fc-6da3f06e619f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c69585975447cd8817ef28e040f2282d
86f7a25a4c6cbd3ba02335d3e9e3806e04353057
371e0f702449d2dca70feff03b2c191ae668da7f24d4fd1b495a70a3a1e15c7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55550fcf-c461-45e4-b8fc-6da3f06e619f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9264
x-amzn-requestid: e8d66671-2424-4e71-be8d-5cd01e7a108e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a8OHAFeBoAMFVNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63619093-4f186264706348807ac85be5;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 21:33:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: AumRkK1CM_hAmAa7zDIg3i63h7e1UCkE1T9LfTSJXXkznPeocAXPlw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 22:12:58 GMT
etag: "86f7a25a4c6cbd3ba02335d3e9e3806e04353057"
content-type: image/jpeg
age: 2368
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3cd26640-fa64-4fc1-b8c0-5ef6aaa8b2db.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3cd26640-fa64-4fc1-b8c0-5ef6aaa8b2db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13ef41807ff6c1430d0f53674274e1e5
9af1c9bf800c46497754c2e35e04cbd8b277d9bc
63996c5ea515898cc3c31c738f10a90e693b3c4d980229f5cbb25836f71c94fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3cd26640-fa64-4fc1-b8c0-5ef6aaa8b2db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5514
x-amzn-requestid: 08c00121-f4c5-41a3-aeb1-caa62028c091
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a8OeJFeHIAMFVlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63619127-7069ac091b65263c5e5998a4;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 21:35:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mSY46sahMUeL1eeiIXsLWK2UHxJqbxrieVDCZ4nYt-uH4EsDHrROXg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 22:05:21 GMT
age: 2825
etag: "9af1c9bf800c46497754c2e35e04cbd8b277d9bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bd19d65-6adb-49b1-b3a5-ffb9ffd23bbc.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bd19d65-6adb-49b1-b3a5-ffb9ffd23bbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1e279cf441230b801e53c187094c972
30e0b7d521804604622a09ba566307cc35b1deb6
5d5e6c03bc054bfbb84802523191a97dd404c7d51e180f9cd21f50942129c884
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bd19d65-6adb-49b1-b3a5-ffb9ffd23bbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13593
x-amzn-requestid: b4da9d6e-7064-40f7-953c-37847c4b672d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a8N93FcAIAMFv7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63619058-1dda64ee1b8e3177189703fc;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 21:32:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SDjssGYz2eDtKxPPoC-Lx4GYx9yQoPIv7nlKKNvH6uW0KgxLhJIzRA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 21:52:34 GMT
age: 3592
etag: "30e0b7d521804604622a09ba566307cc35b1deb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a51834-fb3d-49e1-bf17-0d61bd632e3c.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a51834-fb3d-49e1-bf17-0d61bd632e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2c656f261152358b1d0eada2279cb44
f8f227255807a94ed55e78263094b5b637b7fea2
bdf8552426c1899b373c77f12deb95521468232ecead8aaa70544c055193ad1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a51834-fb3d-49e1-bf17-0d61bd632e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7964
x-amzn-requestid: d638eeba-2b55-4ee0-939f-e4ce640f2823
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a8OwbHj6IAMF55A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6361919c-1d67bb147eb042414b8d4a89;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ybSLfuH0yRxVCDFeGxH27K4m6oCud-rt8YHahLlrZDXG2TCmu_9XDg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 22:12:54 GMT
etag: "f8f227255807a94ed55e78263094b5b637b7fea2"
content-type: image/jpeg
age: 2372
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07876b5-faa6-4aa0-a431-a5353c5e0126.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07876b5-faa6-4aa0-a431-a5353c5e0126.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb3964a844616e8156299a91f6068d3b
dc8a6f2b451b87f4b8f4573daf9f3587d801e1ed
014216665e0feb6a3f64460d8dd50023d4621e10fd31180d6807c9eda8f57364
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07876b5-faa6-4aa0-a431-a5353c5e0126.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7616
x-amzn-requestid: ede9fc0d-bac4-495c-8ecb-39cae7324858
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aznUqG2RIAMFn3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635e1f50-772b9c7e057f59c46cc7bd6f;Sampled=0
x-amzn-remapped-date: Sun, 30 Oct 2022 06:53:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: h9FWRKRLJCQT9M7qKj7c7wdASXyF4eaogCiAmea4i3UQlnOugk1qUw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 01 Nov 2022 13:06:25 GMT
age: 35161
etag: "dc8a6f2b451b87f4b8f4573daf9f3587d801e1ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 09ed9921c6d69975e559bc988886f724
b27c0e4e3d4a61f437f5628186e9f356f6be30d6
10bfc280bfb82264e7b280ec68c31cfaebe9294ee15d13529d00ee20c09fd82e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 01 Nov 2022 22:52:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 29 Oct 2022 22:25:05 GMT
Expires: Sat, 05 Nov 2022 22:25:04 GMT
Etag: "b27c0e4e3d4a61f437f5628186e9f356f6be30d6"
Cache-Control: max-age=343357,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 763833685c120b49-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 09ed9921c6d69975e559bc988886f724
b27c0e4e3d4a61f437f5628186e9f356f6be30d6
10bfc280bfb82264e7b280ec68c31cfaebe9294ee15d13529d00ee20c09fd82e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 01 Nov 2022 22:52:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 29 Oct 2022 22:25:05 GMT
Expires: Sat, 05 Nov 2022 22:25:04 GMT
Etag: "b27c0e4e3d4a61f437f5628186e9f356f6be30d6"
Cache-Control: max-age=343357,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76383369acf90b49-OSL
adspredictiv.com/jump/next.php?stamat=m%257CfrYhPi9iaQdHkAH0dEdHP3xP.262%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWerCuBAztbK5_k5wJIGYBBkQxcyT0pWtUi8TJF56zd5WqKz7vLkVamJKoo8uk66UAjdn2waj1PbdTQGo-EZMFAg%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6260596693121873&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
35.190.38.40302 Found 504 B URL HTTP/2 adspredictiv.com/jump/next.php?stamat=m%257CfrYhPi9iaQdHkAH0dEdHP3xP.262%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWerCuBAztbK5_k5wJIGYBBkQxcyT0pWtUi8TJF56zd5WqKz7vLkVamJKoo8uk66UAjdn2waj1PbdTQGo-EZMFAg%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6260596693121873&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
IP 35.190.38.40:0
Hash 853b8a1a847fa2562e80804837e37d7e
bf4cd1af19a84b777f8c63266e5d2cfcb775dc17
6bc53b04c428cc5907b5fcaf9e297125769bc5882a103fa517dac937973c7c28
GET /jump/next.php?stamat=m%257CfrYhPi9iaQdHkAH0dEdHP3xP.262%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWerCuBAztbK5_k5wJIGYBBkQxcyT0pWtUi8TJF56zd5WqKz7vLkVamJKoo8uk66UAjdn2waj1PbdTQGo-EZMFAg%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6260596693121873&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Tue, 01 Nov 2022 22:52:26 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CwiaT4iOqoGU3BP-GH0dEdHP3xP.5ce%252CErKjNjIMOG8qo4VIrGHbCjXcFnBM_ttWPCVzI6zCvlByosZM38C3s3HpDLwCwrHLmgYo5AV5e-xG4buXqk1TB9AWd3xZECHWq9TgotpK-EY_gwjFxb4xEpFb5pg_CZCkbERZVqrmUAiaY6zV2lFhLWvzBLW4IkGNmD9eKNkVzlOCJ1JvqsfibIlIUdZGMDMo86sgowOmO8Wx3ClXsgXNhWyYjYS5mmN2vjNnMmlVgMVOJRS_jhZb5ynFFCGUNX4OoWoyptmuKi-ir04an4P-_KcdGH3NW8MpaHRIR8RVbfl-bl9MBc_BQmotFmzVaxJK3tovFo4BOPdi8GMOR3z4vbAN2WVn5ORGyhJBGjtyD9m4XIEcwkhe5sPAq9eXu95cGQv3uAgjcWdQ16xVuztq_oubn4dYuUeNdByOBjZLGAdG4LmFcb8-2ErQ3ofdcnXvGmN_a2P-SVcKRvwhq0tOHjOD5tvbKAIknYctByowXMQVvr7gSYQj6_5GCt-ec-TFSSIAGGNT8aU5K_UNRiIbBKJOAsKC8rx9Jbltn8m2VQmAeAEmzs7F2iBZF4Hie4uwNBGQjWWtf2YzaEKG4uheMu0t3FCpNdmEOwiBo6-2xDREZO9F9vOR9Cy18dZUmQDE
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=Download&s1=10_6399862-828379781-353572507&s3=6361a32a108c15000126f502
188.72.236.34302 Found 97 B URL HTTP/1.1 ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=Download&s1=10_6399862-828379781-353572507&s3=6361a32a108c15000126f502
IP 188.72.236.34:0
File type HTML document, ASCII text
Hash af9e9cedeaa91805085cf3958febe16a
b16776a3a8859ce92713fec5a4b7e2180a8f9936
e0ffb4577d72e9a8f44ff8c5f2a9d398aabb3d629fa65cc70dc2ce391b258a75
GET /GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=Download&s1=10_6399862-828379781-353572507&s3=6361a32a108c15000126f502 HTTP/1.1
Host: ti-files.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 01 Nov 2022 22:52:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 97
Connection: keep-alive
Location: https://appsredprosoft.com/Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A
Set-Cookie: bd_context=LPO9wEnu1j/uDSj/9Hz0KyjPTuEhc6OErbNlCONFGBn4l64bjxGLksSfTmwXD7YZLCrjoLmX2Rq7TiIIbPIqNuHpqHgEIzqetWC2CPBOuVk/K4Qom5u92T/HlHCEimW5QJit/6t0JNPmQzBChtZ0FR3BukgJJZRUREcB+BIKu2w1rR3iVeP8TWek5AWceBHvsU6BYN/wwjII/PKvv4/bztyY8oqvqMl9W0cnZjUih9IxMk3KgU5MWPR0cUL/vle19s3MkXL/cGRkv4s9yBF9yxME4yVeextCB4D6PJUFgdLiAvfspYqHCyY8goeivZhn76CZ/h/n7G42qVbeWsQDu9xD; Expires=Wed, 01 Nov 2023 22:52:27 GMT
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e591a6276d2303eb75f8adf10243eaa9
b4d4a9a5b2bcd5c27e98edaa36ce7896a2f3d3d3
7d803e116eacee6bfaef586cfdb5e00bdd0bab39e40a4cb51b43d27e074f78ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7D803E116EACEE6BFAEF586CFDB5E00BDD0BAB39E40A4CB51B43D27E074F78FF"
Last-Modified: Mon, 31 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3772
Expires: Tue, 01 Nov 2022 23:55:19 GMT
Date: Tue, 01 Nov 2022 22:52:27 GMT
Connection: keep-alive
adspredictiv.com/jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
35.190.38.40200 OK 3.1 kB URL HTTP/2 adspredictiv.com/jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
IP 35.190.38.40:0
Hash 9a4aae7934ba8cb591e73337c190240e
9948d42f3dc2b7719100f7f991e26ea7ecce0e60
90699b4e4e004c9d310e9517b09a0f6f840694b0b373b1a5b64f3772a15720e0
GET /jump/next.php?r=6399862&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 01 Nov 2022 22:52:26 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
appsredprosoft.com/images/download-folder.png
104.21.50.78200 OK 7.2 kB URL HTTP/2 appsredprosoft.com/images/download-folder.png
IP 104.21.50.78:0
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 85df17557e29cecfb1d8571c28ecec14
104358afff7e6fa44680b7b2fabbad2add4252de
6df950db7753838e1f7bf3ea19e7987d889d287cfb4e2015cd1d582acd411323
GET /images/download-folder.png HTTP/1.1
Host: appsredprosoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://appsredprosoft.com/Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 01 Nov 2022 22:52:27 GMT
content-type: image/png
content-length: 7205
last-modified: Fri, 15 Jul 2022 13:19:54 GMT
etag: "1c25-5e3d7dfb83670"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1222
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94hyl7epXECNJIKyPHOGFlcyXp9okXCb6eKJIi8yvFH9%2FPdmmPSIdrqoSBO9y1CRjru%2Fpo8joCqD%2FjrzfxlFZvBlYBWE6rEAgkLM5qFXoObl5deToEnDeEOJcrPt4T%2FjJx2KyOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7638336e0d4f0b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
surf.ueive.com/rc/736006a179?affclick=22K02042223A034363012829swPaY&pubid=34363
104.21.2.182200 OK 0 B URL HTTP/2 surf.ueive.com/rc/736006a179?affclick=22K02042223A034363012829swPaY&pubid=34363
IP 104.21.2.182:0
GET /rc/736006a179?affclick=22K02042223A034363012829swPaY&pubid=34363 HTTP/1.1
Host: surf.ueive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 01 Nov 2022 22:52:24 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=dZ5GUcc/w/+WDPqAngtM4y3Q1+KWK1K/kONpGpSut5svhQ2Ip5lvyttgj0Hvp7gaDuOf+RdeFyj4+LsgeolLIxfdvke5Tmce3oODtgXQ1ygM7JsWCtXDmFYHrO9S; Expires=Tue, 08 Nov 2022 22:52:24 GMT; Path=/
AWSALBCORS=dZ5GUcc/w/+WDPqAngtM4y3Q1+KWK1K/kONpGpSut5svhQ2Ip5lvyttgj0Hvp7gaDuOf+RdeFyj4+LsgeolLIxfdvke5Tmce3oODtgXQ1ygM7JsWCtXDmFYHrO9S; Expires=Tue, 08 Nov 2022 22:52:24 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRcCBTtMkDGihLjzT%2BbTKCbYlCYZY9M59hUPuqHFYWTduN%2BCpMr3GcNBHCiMyCELyilXk%2FfBHMv5jEqyfqLvBeL18wLZm37zfnU3KDbsMcVWPhFMJxaNhQFN97TXCNfm8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7638335b2f6fb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
104.21.74.141200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 104.21.74.141:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 01 Nov 2022 22:52:24 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 4807
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IUaTfetfaIhFSZFDxkADbMIOFyjhx8gTje64yskVSTnom%2FtY%2BclLJkUvWQJjzVZSTI2N4iro0mKQZavciyp1Syp2cmftp2%2BeLVAGEZwUQynmVQmvgpNZrjQdAKOq3iJqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7638335c5bd1b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
appsredprosoft.com/css/style.css
104.21.50.78200 OK 0 B URL HTTP/2 appsredprosoft.com/css/style.css
IP 104.21.50.78:0
GET /css/style.css HTTP/1.1
Host: appsredprosoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://appsredprosoft.com/Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 01 Nov 2022 22:52:27 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 13:41:32 GMT
etag: W/"10bf-5e3d82d1501b0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1222
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhl4Ia3aN4m7YyB9cKSaJd7LJUiTzggF6FV6tZ4%2BOiF%2Fi4qjhPFCo1L2pj%2B1j8%2BzYoMwCkCWcNUxKKSwERcJeIhrM6cNEg3MX1qzkGtRL%2BKTk%2Bzm6j6%2BlpU0b%2F%2Fsj2CliJm%2F2pE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7638336e0d4e0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
appsredprosoft.com/Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A
104.21.50.78200 OK 0 B URL HTTP/2 appsredprosoft.com/Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A
IP 104.21.50.78:0
GET /Download.zip?c=ACujYWOsJwUAFE4CAE5PFwAMANdvyc4A HTTP/1.1
Host: appsredprosoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 01 Nov 2022 22:52:27 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.2
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 01 Nov 2022 22:52:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=odhUEFI8mRTZgYomnvveQlVJHzkX9ir%2BUsCP7ayDmOhJQp3yRLBKlDPY2o4hflRp7TcEUx%2Bxvp6uK3%2BGMaLH%2FxDJ%2Ba8Gk90wmrip5e74k71JKvw578Bs1XOsNpnoIWtO5OD%2F4WY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7638336d3cb80b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aditmedia.g2afse.com/click?pid=10&offer_id=17142&sub1=166734314610000TNOTV415326358024Vef&sub2=6399862-828379781-353572507&sub3=86077
34.141.179.97200 OK 0 B URL HTTP/2 aditmedia.g2afse.com/click?pid=10&offer_id=17142&sub1=166734314610000TNOTV415326358024Vef&sub2=6399862-828379781-353572507&sub3=86077
IP 34.141.179.97:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET /click?pid=10&offer_id=17142&sub1=166734314610000TNOTV415326358024Vef&sub2=6399862-828379781-353572507&sub3=86077 HTTP/1.1
Host: aditmedia.g2afse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6361a32848e70a0001a68f26; afoffers={"18720":1667343144}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 01 Nov 2022 22:52:26 GMT
content-type: text/html; charset=utf-8
set-cookie: afclick=6361a32a108c15000126f502; expires=Wed, 01 Nov 2023 22:52:26 GMT; secure; SameSite=None
afoffers={"18720":1667343144,"17142":1667343146}; expires=Wed, 01 Nov 2023 22:52:26 GMT; secure; SameSite=None
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2