firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 21:52:52 GMT
Expires: Sun, 23 Oct 2022 22:33:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XUt9AJ-DrH6InCbNnDKRG4y9jaQVtLgWKN1iOXmP7TfYsTJcVcgPBg==
Age: 2080
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Sun, 23 Oct 2022 23:42:12 GMT
Date: Sun, 23 Oct 2022 22:27:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11860
Expires: Mon, 24 Oct 2022 01:45:12 GMT
Date: Sun, 23 Oct 2022 22:27:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MWSb4R4sykCzF/k7QZp+Xit3VNsMBZNsRHSNSZ4C68Hk0uSUE0nP1Ie8RghQPqUqjwV4np7ODUInrel4T+RWuw==
x-amz-request-id: R2PBRT6ZSXJH1Z7T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 22:08:15 GMT
age: 1157
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=EA%20Sports%20UFC%204%20PC%20Download%20Free&s1=3530_959433&s3=6353ff6387f8990001db9496
188.72.236.34302 Found 164 B URL HTTP/1.1 ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=EA%20Sports%20UFC%204%20PC%20Download%20Free&s1=3530_959433&s3=6353ff6387f8990001db9496
IP 188.72.236.34:0
File type HTML document, ASCII text
Hash b35139a2ee8987939291520bf4678579
22385bb3b9046913837399d9f9c736b75bf72e38
0c1a3abac70182bffcdcc9e7a2816b52609a11fa1b3a756cdb22d1bbccaf0d50
GET /GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=EA%20Sports%20UFC%204%20PC%20Download%20Free&s1=3530_959433&s3=6353ff6387f8990001db9496 HTTP/1.1
Host: ti-files.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 23 Oct 2022 22:27:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 164
Connection: keep-alive
Location: http://c.srvpcn.com/click?id=cdarvl056phk510fegng&e=7de94241-6cb2-4f4d-96d3-bf871b24b8bf&px=34&c=ANS_VWMPKgUAFDgCAE5PFgAMAMXZJNgA
Set-Cookie: bd_context=/NrCQNpmDdTA9NVwnJ6jsKwOIgduVixfpk4w2lHzTZWPdT7ufmitM5lnst/taAatnQG527Jpoy1TR7pynYPKGkIEgczuHi6ICGsky/hbGDgS/w8RnZBoRgZJj/gVVQBjZ/C1sZHe6V//aJfV2Rsv8ndZ3b2BB7I3bezj7wQ32XJvHGytnzkTsh+bv1cCSwZBH6lvNfQrYvH8MKMZ7CrMMRo8LK6PZvp0tDTYllfATVRoI7hErCDhfY2m30JUWG/gpNbDIWffUBGluGNTJOBPmXsPa2rRAKt6IwGK+7F2uOdHF68IPBc4jfI/yPYQVhe6FfsNCb1hick=; Expires=Mon, 23 Oct 2023 22:27:32 GMT
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
c.srvpcn.com/click?id=cdarvl056phk510fegng&e=7de94241-6cb2-4f4d-96d3-bf871b24b8bf&px=34&c=ANS_VWMPKgUAFDgCAE5PFgAMAMXZJNgA
54.144.72.99303 See Other 0 B URL HTTP/1.1 c.srvpcn.com/click?id=cdarvl056phk510fegng&e=7de94241-6cb2-4f4d-96d3-bf871b24b8bf&px=34&c=ANS_VWMPKgUAFDgCAE5PFgAMAMXZJNgA
IP 54.144.72.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?id=cdarvl056phk510fegng&e=7de94241-6cb2-4f4d-96d3-bf871b24b8bf&px=34&c=ANS_VWMPKgUAFDgCAE5PFgAMAMXZJNgA HTTP/1.1
Host: c.srvpcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sun, 23 Oct 2022 22:27:32 GMT
Content-Length: 0
Connection: keep-alive
Location: http://bilqi-omv.com/zcvisitor/e2dfb013-5321-11ed-af8e-0a858640f087/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 23 Oct 2022 21:43:40 GMT
Cache-Control: max-age=3600
Expires: Sun, 23 Oct 2022 21:46:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0eGj66VeWANMqx7hH0mB73nkIRLgMN0QdT3FRf_ZvcZD3LbkPHUk7w==
Age: 2632
bilqi-omv.com/zcvisitor/e2dfb013-5321-11ed-af8e-0a858640f087/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
35.174.150.83302 0 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/e2dfb013-5321-11ed-af8e-0a858640f087/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97
IP 35.174.150.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/e2dfb013-5321-11ed-af8e-0a858640f087/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=06d8a3f0-48cd-11ed-a334-0a918cbcbb97 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Sun, 23 Oct 2022 22:27:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j
Server: JGXmwQMK
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5786
Cache-Control: max-age=126936
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:33 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:43:09 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a5a2ff9998cb0167da6b6614ed884f55
f0b89b07731946d33d9100e29026e539f1135586
b0d31a82c4bf805dbe6a6cd27221f847ec39c095895d63ba2f9738a5b65149eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0D31A82C4BF805DBE6A6CD27221F847EC39C095895D63BA2F9738A5B65149EB"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10404
Expires: Mon, 24 Oct 2022 01:20:57 GMT
Date: Sun, 23 Oct 2022 22:27:33 GMT
Connection: keep-alive
go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j
18.184.197.212200 OK 1.6 kB URL HTTP/1.1 go.money616.xyz/s4?sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j
IP 18.184.197.212:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Hash 4bad0572fbbb36410804df400067167b
2592cda88d6580e57d35a1f93b1870afbf4a06d3
4eb3784785dd4e0db4e86972a8a51bdb2d0d054e78615fb460b28a9885fa0a3b
GET /s4?sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1554
Date: Sun, 23 Oct 2022 22:27:33 GMT
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b4947263357a5cf383a519dcca40228
cfacf43717b7f1d77314dae8390737274d913315
3edf03c09f18dfb6c8677c751e99f9ab6e26890c438338338dcfb218b8d7162a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 22:27:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=517651,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75ede695dc9ab527-OSL
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wVKIiI0rb62vrwU+yw4bhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6KzCG6ie/Bj8KjrQZnxMmBArB68=
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b4947263357a5cf383a519dcca40228
cfacf43717b7f1d77314dae8390737274d913315
3edf03c09f18dfb6c8677c751e99f9ab6e26890c438338338dcfb218b8d7162a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 22:27:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=517651,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75ede6974df7b527-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash fc1c377eeb1159d1d0455b77614ee35d
30ebba642437c03f70010f15b7022eda505116a3
6e3476237e3a4048c1249b56344bc5eedf3f72f7aab2b2a8a09db4d4275a17a2
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 22:27:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 10:07:29 GMT
Expires: Fri, 28 Oct 2022 10:07:28 GMT
Etag: "30ebba642437c03f70010f15b7022eda505116a3"
Cache-Control: max-age=601079,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75ede699faa3b529-OSL
topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=6359262-1264786048-2966871915&sub2=&sub3=309529620&sub4=126766&sub5=1666564053&sub6=6359262&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166656405310000TNOTV415326358024V20
85.17.54.17302 Found 191 B URL HTTP/1.1 topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=6359262-1264786048-2966871915&sub2=&sub3=309529620&sub4=126766&sub5=1666564053&sub6=6359262&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166656405310000TNOTV415326358024V20
IP 85.17.54.17:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text
Hash f332f5e097972df7b5fc2036da607401
79c9413abbdb38f61697b88016a3a8eeb19ffc2a
a02c109092f4d04489a40703d93d544f626f68a7da92d1e73a01f67fd3946a1f
GET /631d71ca60776e00012e0e8f?sub1=6359262-1264786048-2966871915&sub2=&sub3=309529620&sub4=126766&sub5=1666564053&sub6=6359262&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166656405310000TNOTV415326358024V20 HTTP/1.1
Host: topsolutions.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sun, 23 Oct 2022 22:27:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 191
Connection: keep-alive
Location: https://adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6359262-1264786048-2966871915&ref_id=6355bfd6d715a30001696cbd&sub2=5cc839de65115c0001015b85
Referer:
Referrer-Policy: no-referrer
Set-Cookie: redhash=NjM1NWJmZDZkNzE1YTMwMDAxNjk2Y2JkfDB8NjMxZDcxY2E2MDc3NmUwMDAxMmUwZThmfHw0ZWU5YmFhOC02NmJjLTRhMTctODdkYi05YWYxYzJhZGNhZDR8MTY2NjU2NDA1NA==; Path=/; Domain=topsolutions.rdtk.io; Expires=Mon, 23 Oct 2023 22:27:34 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 3d3f3a662afd3821be45bd398d574c17
d75d094bf1cd9d98f87b5bcb551b44811b703381
2514fedb43587bc8610923fde64b2da4090bfc08e7ac103aad15d7fd4a7f385c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5473
Cache-Control: max-age=93182
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:34 GMT
Etag: "63547373-13a"
Expires: Tue, 25 Oct 2022 00:20:36 GMT
Last-Modified: Sat, 22 Oct 2022 22:49:23 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6359262-1264786048-2966871915&ref_id=6355bfd6d715a30001696cbd&sub2=5cc839de65115c0001015b85
34.91.145.202302 Found 0 B URL HTTP/2 adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6359262-1264786048-2966871915&ref_id=6355bfd6d715a30001696cbd&sub2=5cc839de65115c0001015b85
IP 34.91.145.202:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=364&offer_id=140&sub4=6359262-1264786048-2966871915&ref_id=6355bfd6d715a30001696cbd&sub2=5cc839de65115c0001015b85 HTTP/1.1
Host: adverster.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-length: 0
location: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
set-cookie: afclick=6355bfd64579870001344a07; expires=Mon, 23 Oct 2023 22:27:34 GMT; secure; SameSite=None
afoffers={"140":1666564054}; expires=Mon, 23 Oct 2023 22:27:34 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5f8d8d9c70bde85be51daec5f6620d6b
1be3d0199bfb8f26c4697046ce42dd51ada54ffb
b1b091940959ff0fe1ada347156e6c703b42a9f1f9bdd4b5adaa38826b895c17
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B1B091940959FF0FE1ADA347156E6C703B42A9F1F9BDD4B5ADAA38826B895C17"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4212
Expires: Sun, 23 Oct 2022 23:37:46 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10909
Expires: Mon, 24 Oct 2022 01:29:23 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10909
Expires: Mon, 24 Oct 2022 01:29:23 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10909
Expires: Mon, 24 Oct 2022 01:29:23 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10909
Expires: Mon, 24 Oct 2022 01:29:23 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10909
Expires: Mon, 24 Oct 2022 01:29:23 GMT
Date: Sun, 23 Oct 2022 22:27:34 GMT
Connection: keep-alive
adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j
35.190.38.40200 OK 13 kB URL HTTP/2 adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j
IP 35.190.38.40:0
Hash 9f50205e9b5c697b94e714b4465417aa
c02a63ef8dda244f56d976b5e4ef1a7a0d434583
7d89f032452bcb5d02e5af1517bd4d48761a36d8158e9288ed3b916992cc0834
GET /jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 23 Oct 2022 22:27:33 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c16ee3c480c8ee5b51b7dd88375649ae
885e2070d3ea7973fd978e1e9c247ce248afdbbb
4086d5476b9f3b6c06535fc588784c19a52008178cbdeccbff4c98497bd8e428
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: 5bbcd9f1-fa0a-4591-a38c-b472e2ef148f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelC7EZ4oAMFmvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b545-754aa64e1249811f2c019641;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qkk3lDqVtpedvxCxGrNyJVjGIW6-VJqpMgBxHjaRatILglKJ96Tfvg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 2458
etag: "885e2070d3ea7973fd978e1e9c247ce248afdbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b4612fa-9557-465f-8ec2-dc7a447daaac.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b4612fa-9557-465f-8ec2-dc7a447daaac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6b24b0e9eeeecd44eafc5957dc5450db
e071eb9837a242f41035da077dc6c9b0178d8f9f
33e9c9c03180d2855606be0605c894180d81e151e2f4b4b2bacf5325c11152d4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b4612fa-9557-465f-8ec2-dc7a447daaac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9495
x-amzn-requestid: f9246128-d6a3-49e0-982d-9f75d110aa2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelztGlqoAMFs8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b67d-7f04a07955c3c9a8644475a0;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:47:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FDwmWmTCnCZt2aCUx9Tb3r4RJ4co-0A1dAbABurYrJNcyGa6ZMmONw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:13 GMT
age: 1881
etag: "e071eb9837a242f41035da077dc6c9b0178d8f9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 772-513, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 241254190455726276608.000000\012- data
Hash 88436497b6fe5e22155afc45e9e8fe3e
5004575548d76d878a7f27bb3fc4a9a10e8f6909
304c2388dd96c82582d490cd473174b11eac53bf408a29ed78e23d77139ef243
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13962
x-amzn-requestid: 84f8b505-da9d-421c-b00a-3d6407aac332
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDQETqoAMFwxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b547-566c7abb12b09a565be85833;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N-R8_VOQSIhikiT-qqPi0ABMoZnr234hdcdinyzBath9A8M6aUZ37A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:54:05 GMT
age: 2009
etag: "5004575548d76d878a7f27bb3fc4a9a10e8f6909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9782993-f413-4e6d-95c2-333fbe657f63.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9782993-f413-4e6d-95c2-333fbe657f63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2e664fa8596d38b4f74c45198a1d034
71daf3c8a99c89c8437645e97c7f14dd10d02d30
8f2cba60d7770cdfb781bfb95c33d9da1b03cab9ed5354b8a79d86e22b489663
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9782993-f413-4e6d-95c2-333fbe657f63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10565
x-amzn-requestid: 77d1f33a-cf70-44b9-a589-0cdadbea8d82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0FDBoAMFvFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-2a30ebbb731766f675647a98;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MAguR4SfghsNzQUE6EIpLZ2bnc8yu8-YToIKS9mUCW6NhLLXtBjNew==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:14 GMT
age: 1880
etag: "71daf3c8a99c89c8437645e97c7f14dd10d02d30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7f5d706-03b5-40c4-9fef-abddcb255f99.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7f5d706-03b5-40c4-9fef-abddcb255f99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1974529bf378941c1b76662e2b283988
cdde9ea46af873e3f838bdb35d69cc0844016311
7c39112dbb1088fe09e010fcd5d85b63a34ac40c7b93e0e9873715ccdf0ac579
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7f5d706-03b5-40c4-9fef-abddcb255f99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10420
x-amzn-requestid: 9fbc5930-f615-4548-a683-061be9a67bb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDFGPhoAMFVzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b546-0563eb5f6ba62af65182fc3c;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DQSSMaj6KDZSErVdSgL7O7J_LUeBmrsI5lZ3xrI_RcyGH3OYApJVmw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:59:37 GMT
age: 1677
etag: "cdde9ea46af873e3f838bdb35d69cc0844016311"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
free3dgame.xyz/files/1.png
146.190.28.107200 OK 91 kB URL HTTP/2 free3dgame.xyz/files/1.png
IP 146.190.28.107:0
File type PNG image data, 268 x 341, 8-bit/color RGBA, non-interlaced\012- data
Hash b1ca79a348b74c1f02654dcdc06fbd7a
015f9320975c34adbacd595681605c79797c0880
19ddba2395038bfe50d196bd2313219bcace3ebf24837e50c700d1f8f5e63a87
Analyzer Verdict Alert quad9 Sinkholed
GET /files/1.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: image/png
content-length: 91434
last-modified: Tue, 24 May 2022 10:25:50 GMT
etag: "628cb2ae-1652a"
expires: Tue, 22 Nov 2022 22:27:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/desc.jpg
146.190.28.107200 OK 517 kB URL HTTP/2 free3dgame.xyz/files/desc.jpg
IP 146.190.28.107:0
File type JPEG image data, progressive, precision 8, 3360x1882, components 3\012- data
Size 517 kB (517070 bytes)
Hash abd6f700139d33406e689ae523063675
6fa1dd814d4c2d6a770e644c5aa0a0d7facdeba0
99f3f7d43320f66092019658c89c57d8a0bb5b748b9841384c4324acab71cc52
Analyzer Verdict Alert quad9 Sinkholed
GET /files/desc.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: image/jpeg
content-length: 517070
last-modified: Tue, 24 May 2022 11:29:05 GMT
etag: "628cc181-7e3ce"
expires: Tue, 22 Nov 2022 22:27:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
free3dgame.xyz/files/mob.jpg
146.190.28.107200 OK 294 kB URL HTTP/2 free3dgame.xyz/files/mob.jpg
IP 146.190.28.107:0
File type JPEG image data, progressive, precision 8, 1182x2100, components 3\012- data
Size 294 kB (294511 bytes)
Hash 6293f6397f0fc4f54cdee9f1016aa620
e1fe2d942487529eef53fc77e5eae9b518ec2944
657405356cbcd646c8090fdb0dbc62755bea4b1b2b0fae0fdade66a4af776f2b
Analyzer Verdict Alert quad9 Sinkholed
GET /files/mob.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: image/jpeg
content-length: 294511
last-modified: Tue, 24 May 2022 11:28:39 GMT
etag: "628cc167-47e6f"
expires: Tue, 22 Nov 2022 22:27:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/bg-box.png
146.190.28.107200 OK 37 kB URL HTTP/2 free3dgame.xyz/files/bg-box.png
IP 146.190.28.107:0
File type PNG image data, 823 x 424, 8-bit/color RGBA, non-interlaced\012- data
Hash d9aab159517209305f0ae6ae43af0c2e
77763dcbe0c4223da8eba455022c7d41d21fe434
158ebf4b5f0045d2235408626133e56e8acef48a5b2cc4d69fd005d951954a63
Analyzer Verdict Alert quad9 Sinkholed
GET /files/bg-box.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/files/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: image/png
content-length: 37399
last-modified: Tue, 24 May 2022 10:25:14 GMT
etag: "628cb28a-9217"
expires: Tue, 22 Nov 2022 22:27:34 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 22:27:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
216.58.207.195200 OK 32 kB URL HTTP/2 fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 31516, version 1.0\012- data
Hash 9e4726d312080161871f0472659ecf14
e0231f21da02732e9ef19c2280ea5a7aa25f04de
68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
GET /s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://free3dgame.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 02:24:20 GMT
expires: Sun, 22 Oct 2023 02:24:20 GMT
cache-control: public, max-age=31536000
age: 158594
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
free3dgame.xyz/files/apple-touch-icon.png
146.190.28.107200 OK 9.4 kB URL HTTP/2 free3dgame.xyz/files/apple-touch-icon.png
IP 146.190.28.107:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 049ac8181fb1c147054e1ec9ae763d70
565397e7f0a82d7c31abccddbd9a310fddb3591d
6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95
Analyzer Verdict Alert quad9 Sinkholed
GET /files/apple-touch-icon.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:35 GMT
content-type: image/png
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Tue, 22 Nov 2022 22:27:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
free3dgame.xyz/files/lang.js
146.190.28.107200 OK 3.4 kB URL HTTP/2 free3dgame.xyz/files/lang.js
IP 146.190.28.107:0
Hash 2278caa9b2a4748968951088405819ed
acfe0dfba926e481f21fd3eb33d0425b4d064e4d
fc118db09973cc994d91a5053e9247af773bfc94c404dfe355124f07d6ef36ff
Analyzer Verdict Alert quad9 Sinkholed
GET /files/lang.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Mon, 24 Oct 2022 10:27:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
free3dgame.xyz/files/favicon-16x16.png
146.190.28.107200 OK 493 B URL HTTP/2 free3dgame.xyz/files/favicon-16x16.png
IP 146.190.28.107:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash a2a4b5d7c260fd7b81ea7daa0922c45c
736f12c449c0d7b8809bd0efc96a041b2dd0b377
80a2bb3256c6169c7b0784d69b3f199510a9e345bbff1f7480ac209fcd985b78
Analyzer Verdict Alert quad9 Sinkholed
GET /files/favicon-16x16.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:35 GMT
content-type: image/png
content-length: 493
last-modified: Tue, 24 May 2022 10:22:25 GMT
etag: "628cb1e1-1ed"
expires: Tue, 22 Nov 2022 22:27:35 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be00a57-fe20-4b17-bbdf-88b9daf542a7.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be00a57-fe20-4b17-bbdf-88b9daf542a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4352d6f8e696e348db1207f9b911582c
9806f4179ac2ee4ead5e04dfbdd6c563af6caa6f
3a763dd67f5e89a0e2b3f11b2ddcb73e9526dd4657e0b1df79f9e8fdab53c96a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be00a57-fe20-4b17-bbdf-88b9daf542a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: 01d2c959-06a2-48b5-bac3-4136c0578487
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelH3GnGoAMF5zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b565-6bc5d32d1bc2a3a9651bee67;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: leFh8aw0FVcdghUHhSrAsgNSURA29BxP0z0FMnUGN3LbQujdh3B49w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:16:07 GMT
etag: "9806f4179ac2ee4ead5e04dfbdd6c563af6caa6f"
content-type: image/jpeg
age: 694
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?stamat=m%257CKyYjKSIhaQdHkAH0dEdHP3xP.b28%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Lk5_HW8zgTv-eAzzBol2OiMAXmfOZ-OHOE4qv5LIpDjHfYKIHs9PlXBWS8-MkSkUw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j&cbur=0.01755083990857398&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
35.190.38.40302 Found 0 B URL HTTP/2 adspredictiv.com/jump/next.php?stamat=m%257CKyYjKSIhaQdHkAH0dEdHP3xP.b28%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Lk5_HW8zgTv-eAzzBol2OiMAXmfOZ-OHOE4qv5LIpDjHfYKIHs9PlXBWS8-MkSkUw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j&cbur=0.01755083990857398&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
IP 35.190.38.40:0
GET /jump/next.php?stamat=m%257CKyYjKSIhaQdHkAH0dEdHP3xP.b28%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWcXBWw_8ugBqX7bJIEHCX0Lk5_HW8zgTv-eAzzBol2OiMAXmfOZ-OHOE4qv5LIpDjHfYKIHs9PlXBWS8-MkSkUw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6359262&sub1=pyrrhous-marten&sub2=bravo-pur-k8en3qj53j&cbur=0.01755083990857398&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Sun, 23 Oct 2022 22:27:33 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CAjPqNhESoGU3B0-GH0dEdHP3xP.57c%252CGu_EOatakJHqLWNSKE87ED3F8UTUBEoPKycems87gLxY3hPI07dBB7EyvgzdLZxOB3IDcerwyg_sAk5P0Yz2p5ZgjSffuL_hqe2Jv1YEWMha1_WnpY721rWDTzSlUqSzU9T5VOuJPwkcb3IhKrub7nwRnbrKRnGWNuci8S7QRLKssV_V8hidElDlw2UXr0JhHJfA4K7XpUfHAJlFdsAO1Jk3sGJE_GGFa301JHUmqMdoPxaERrNkj2gl50Vm6gjYQYj55xEvrjbUmo9gSh-AikVZcfOShPB705A_zvpjIHoMOMNJfd68_mugxIYKgPD5CX91J74_9i8bA-TQim5sYghXn1HCI82TnLxBAUuvl0iOb2rP84QYgclIdkTSxBcHlSB7urJeg3sPGMof2uQeJGb2MOTj48zOrjLv1SYNIBw-8TyISmZZ8ENiUKTYDYQfmwPXdXp-c8GAwZRfhYTklFfQmIoGjB1mp1JgZgfCzNWa7yM7vxqddA61_pOO5MmUtgN3DGe5QMirhAyBc9HxscTZakgSruazaa-VeWw3Tl--WilQ8jen1T-13zrOKaPi2q0ZD7KfHr76s7y_UxR6PLAQLu3YCLxeRR44Kvs_UqA%252C
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Archivo:wght@400;600&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Archivo:wght@400;600&display=swap
IP 142.250.74.10:0
GET /css2?family=Archivo:wght@400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 23 Oct 2022 22:27:34 GMT
date: Sun, 23 Oct 2022 22:27:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
free3dgame.xyz/files/main.css
146.190.28.107200 OK 0 B URL HTTP/2 free3dgame.xyz/files/main.css
IP 146.190.28.107:0
Analyzer Verdict Alert quad9 Sinkholed
GET /files/main.css HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: text/css
last-modified: Wed, 25 May 2022 07:54:53 GMT
vary: Accept-Encoding
etag: W/"628de0cd-11de"
expires: Mon, 24 Oct 2022 10:27:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
146.190.28.107200 OK 0 B URL HTTP/2 free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
IP 146.190.28.107:0
Analyzer Verdict Alert quad9 Sinkholed
GET /?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364 HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: text/html
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
free3dgame.xyz/files/jquery.min.js
146.190.28.107200 OK 0 B URL HTTP/2 free3dgame.xyz/files/jquery.min.js
IP 146.190.28.107:0
Analyzer Verdict Alert quad9 Sinkholed
GET /files/jquery.min.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6355bfd64579870001344a07&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6359262-1264786048-2966871915&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 22:27:34 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Mon, 24 Oct 2022 10:27:34 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2