aff.subtec.net/?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=90f7dq5a59zsc8n548
67.212.184.149200 Let's rock 1.5 kB URL HTTP/1.1 aff.subtec.net/?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=90f7dq5a59zsc8n548
IP 67.212.184.149:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3320), with no line terminators
Hash 594b24a5d8456afa7d50df64dffb601a
f9bd69b621ed8f2d4d6578c2aa03f35f53a78083
1c5da4662747d0deb0429969256336209a85e94d7da82523c9e68bfd7933995e
GET /?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=90f7dq5a59zsc8n548 HTTP/1.1
Host: aff.subtec.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Mon, 17 Oct 2022 07:33:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u=adda8bf825957474f5d79ac79b75497d; expires=Tue, 17-Oct-2023 07:33:24 GMT; Max-Age=31536000; path=/
Location: http://aff.subtec.net/?utm_term=7155381172594278456&ver=4viyaptcjo
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 10ab470535c002d333b4f27d38b51091
ed3b0850c5d75881de410f7e8ca35e012e38bd38
31d6655d048ec8a62e00125766fea65cde04beae0b11f12ce7f722c9a5f7e232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31D6655D048EC8A62E00125766FEA65CDE04BEAE0B11F12CE7F722C9A5F7E232"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12045
Expires: Mon, 17 Oct 2022 10:54:09 GMT
Date: Mon, 17 Oct 2022 07:33:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 17 Oct 2022 06:51:05 GMT
Expires: Mon, 17 Oct 2022 06:59:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Py2xAKcK9epSlFPW2VVmjNl_EvRxJlyeHLMuh1wRGorWPFDY-hA8PQ==
Age: 2539
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17296
Expires: Mon, 17 Oct 2022 12:21:40 GMT
Date: Mon, 17 Oct 2022 07:33:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: KtByQ7RzOga+576cZCXg+6riY1JZzggy+V/UGTaI+AQ1UsXt795oCLohcq9271/P1fDFtkgDnEo=
x-amz-request-id: 1PXCV4953S2R7H64
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 17 Oct 2022 06:35:21 GMT
age: 3483
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 17 Oct 2022 07:33:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
aff.subtec.net/?utm_term=7155381172594278456&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b780b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191355
67.212.184.149200 OK 3.1 kB URL HTTP/1.1 aff.subtec.net/?utm_term=7155381172594278456&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b780b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191355
IP 67.212.184.149:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4712)
Hash 9b21d57c6b5a34638a5965b7b3052cfb
63f6a4550322836fcd0241af3d859f067031bce5
bfd0bef1fd967d905bb9c36269590b42da5e1f1fed80e970d895771e7821b0a6
GET /?utm_term=7155381172594278456&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b780b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191355 HTTP/1.1
Host: aff.subtec.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aff.subtec.net/?utm_medium=712049d6c4bc9c2fd466d344eca81dbee8c87b72&utm_campaign=main_mainstream_v1&cid=90f7dq5a59zsc8n548
Cookie: u=adda8bf825957474f5d79ac79b75497d
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Oct 2022 07:33:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
aff.subtec.net/proc.php?795a50eade8912c28f82cb29563a7330053e0b26
67.212.184.149200 Let's rock 1.5 kB URL HTTP/1.1 aff.subtec.net/proc.php?795a50eade8912c28f82cb29563a7330053e0b26
IP 67.212.184.149:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3592), with no line terminators
Hash a7cc838cf2791893c60f538526f7d5aa
7f6bd0491a21a113a37f8d3aacec154bbf55668b
8ef5e9bc490694d545c50d8ab991a17589ab857eb8df33aec296851cf1bd49c8
GET /proc.php?795a50eade8912c28f82cb29563a7330053e0b26 HTTP/1.1
Host: aff.subtec.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://aff.subtec.net/?utm_term=7155381172594278456&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b780b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbecebedefefefeae5e5e9e7e5e4e1191355
Cookie: u=adda8bf825957474f5d79ac79b75497d
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 Let's rock
Server: nginx
Date: Mon, 17 Oct 2022 07:33:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431
Content-Encoding: gzip
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
51.68.85.158200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266
IP 51.68.85.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3751)
Hash bf5192656f98e4300868ddf392a0454f
6d37ea9299c8c113702f67d2e9c15119ab34013b
4b5c483cf7e05906dd92bdd655a7a3521bfb8b387fc5ef71bb9d434c2e285334
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://aff.subtec.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 07:33:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 17 Oct 2022 07:07:43 GMT
Cache-Control: max-age=3600
Expires: Mon, 17 Oct 2022 07:32:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S4GZX4_2Yqk2a-AmMjczACs59JXNdrXwk-4dy1w483iVW1vCvxRWGg==
Age: 1542
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=2de24f6e01304703e98aff82bbe63027&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=2de24f6e01304703e98aff82bbe63027&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=2de24f6e01304703e98aff82bbe63027&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Mon, 17 Oct 2022 07:33:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7155381172594278456&website=23431-8ba4a04z&placement=23431&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5daefeaeaeeeceee5e4e6e8e0e4e7e0e61266&eyeg=3&eyer=0.06663898036679305&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=aff.subtec.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Mon, 17 Oct 2022 07:33:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000e5a29b3b977f1b0a6335d4093a6885381017-202210-flb*5467509-4538f*M7155381172594278456*sl_5467509-4538f*e95146fc0c56dc2b71ff4eea3f839e850b032c6c*23431-8ba4a04z*23431
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfc92c8f6ee7599505d969732542ac42
7f4804d49c8ccd76ccffa6b72d41b1df611eb090
406c057a8392b9fa0ab09efa8b3222a58ec5fc17fa73f55a1f093e3d1092b0e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6099
Cache-Control: max-age=94501
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:25 GMT
Etag: "634bbb97-1d7"
Expires: Tue, 18 Oct 2022 09:48:26 GMT
Last-Modified: Sun, 16 Oct 2022 08:06:47 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
www.wewillserv.com/favicon.ico
51.68.85.158204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Mon, 17 Oct 2022 07:33:25 GMT
Connection: keep-alive
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZBkXqKsV5UNbRmhqNxRbcw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eS+eujfGISx9XhFPKKpLaet8WF4=
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash a7f69410e810c1604954bbf993e43fc1
fe8b630391b2ef225aaec9bd2f4156d5f12f27e2
162eb7d9efa916de31d0e322211ccf78526474917020c19fdc401ad1e966068a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 17 Oct 2022 07:33:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 17 Oct 2022 00:09:37 GMT
Expires: Tue, 18 Oct 2022 00:09:37 GMT
ETag: "fe8b630391b2ef225aaec9bd2f4156d5f12f27e2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000e5a29b3b977f1b0a6335d4093a6885381017-202210-flb*5467509-4538f*M7155381172594278456*sl_5467509-4538f*e95146fc0c56dc2b71ff4eea3f839e850b032c6c*23431-8ba4a04z*23431
34.90.46.36302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000e5a29b3b977f1b0a6335d4093a6885381017-202210-flb*5467509-4538f*M7155381172594278456*sl_5467509-4538f*e95146fc0c56dc2b71ff4eea3f839e850b032c6c*23431-8ba4a04z*23431
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000e5a29b3b977f1b0a6335d4093a6885381017-202210-flb*5467509-4538f*M7155381172594278456*sl_5467509-4538f*e95146fc0c56dc2b71ff4eea3f839e850b032c6c*23431-8ba4a04z*23431 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 17 Oct 2022 07:33:25 GMT
content-length: 0
location: https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=634d0545373e320001ad69e9&s=503
set-cookie: afclick=634d0545373e320001ad69e9; expires=Tue, 17 Oct 2023 07:33:25 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d6466d52ef6d6cd173fccf69080a3167
3698d5293b23ae25486b6b5f2960e7bea4dd0966
2afa5fd9e3caabfece17b5a3b983e768933a2705493f314a3994ba8ba429ebe4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AFA5FD9E3CAABFECE17B5A3B983E768933A2705493F314A3994BA8BA429EBE4"
Last-Modified: Sun, 16 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10601
Expires: Mon, 17 Oct 2022 10:30:07 GMT
Date: Mon, 17 Oct 2022 07:33:26 GMT
Connection: keep-alive
t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=634d0545373e320001ad69e9&s=503
51.161.115.163302 Found 0 B URL HTTP/1.1 t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=634d0545373e320001ad69e9&s=503
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=634d0545373e320001ad69e9&s=503 HTTP/1.1
Host: t2.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 17 Oct 2022 07:33:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12bbr5cth7
Raund: 19q
Location: https://48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=634d05461bbecc4428484781
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2547608542a34c42579866d7fb9a1c4f
1e7aadfc2b0236e636e290687570f3e88bbfeafb
dfe484059e06d666cbf1d95df481860cfdac8f644e0f670c4d6ffd31cb0a829a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFE484059E06D666CBF1D95DF481860CFDAC8F644E0F670C4D6FFD31CB0A829A"
Last-Modified: Sun, 16 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Mon, 17 Oct 2022 13:32:54 GMT
Date: Mon, 17 Oct 2022 07:33:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Mon, 17 Oct 2022 09:05:19 GMT
Date: Mon, 17 Oct 2022 07:33:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Mon, 17 Oct 2022 09:05:19 GMT
Date: Mon, 17 Oct 2022 07:33:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Mon, 17 Oct 2022 09:05:19 GMT
Date: Mon, 17 Oct 2022 07:33:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59c9f4b6a5cb5571f7e8ec52f3548732
9bd1c495d09547b8cc983f71b90471f42ec61f94
25c4798d1ef0730368cc5c6d41a4596c5c914865f6f7a4fad97bdd4ce017894e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25C4798D1EF0730368CC5C6D41A4596C5C914865F6F7A4FAD97BDD4CE017894E"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5512
Expires: Mon, 17 Oct 2022 09:05:19 GMT
Date: Mon, 17 Oct 2022 07:33:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac5c50f8ffe0da11f1adb9f67d811cf
2b586d1c26208d6fe7df3a4cec286e28f21807ca
12414dcf4afa766503c9328fe626c2d1317a0d6838887e0dd30e9b56e85ea3d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8120
x-amzn-requestid: 72dc9c52-0bd3-46db-ac5e-b5e02bfd3a3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHu52HR_oAMFXeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c91d8-0ad83a4e6e88d0570d559f3b;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 23:20:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YMNrHVua3QwQe_vRZLZPqof9lCUX4D-MVqcjXLKOwX391UX6AaZfAg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 17 Oct 2022 04:36:18 GMT
age: 10629
etag: "2b586d1c26208d6fe7df3a4cec286e28f21807ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ddd17c7d44a2e136710171f237ded665
577a22b126e54bfe0e4e4ce26b0fb866bc7fe007
b1327c4f33db5488ae49b1c2f7d5b49804d4245fd0bd92c41005b9045281f2a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e0224bc-3141-475c-88f3-48e2d36f204f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: c0479303-34b2-45d8-b794-4b83003312ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHjNXE81IAMFWaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c7f22-702cee0d437cbdc349efa2e8;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:01:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eT73QK1fx-IvCFC2OGRnsLRxjaEkC2w-HZr5ri2D4NRBESTD5ktWrQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 22:23:46 GMT
age: 32981
etag: "577a22b126e54bfe0e4e4ce26b0fb866bc7fe007"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f373211-2a7c-4172-9970-e41b5cdd2ff5.webp
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f373211-2a7c-4172-9970-e41b5cdd2ff5.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbb333539d9d631772019ea75c64def0
23e741acd08554e761fede4996ea830e7480eba5
2adb81f8f5b027c11529e903cd66d3ba4bf8a64e920fcc7b57a6eb098cf9385d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f373211-2a7c-4172-9970-e41b5cdd2ff5.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5865
x-amzn-requestid: 6ee1ef56-c5ae-4a1c-83cc-13a6308c43d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aCOWbHWmIAMF9dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634a5dc2-71bc71847cacbd2d10892051;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 07:14:10 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: IAEbS6sbN71cdom1IZ2iqn3mtheF8Oa0r80dI4Mu01PWodYyWMVLTg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 08:23:48 GMT
age: 83379
etag: "23e741acd08554e761fede4996ea830e7480eba5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11eb11e4-2e9a-4cbb-8f18-f9cd1ff95c13.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11eb11e4-2e9a-4cbb-8f18-f9cd1ff95c13.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c576e702d841b64be3271085aa92ecca
bf29138062674bfa105d5a49932a1fd6a8476bfa
a3384dac3cb867f7deed86488280dc09955d61caaace117effb6d074d9f65a70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F11eb11e4-2e9a-4cbb-8f18-f9cd1ff95c13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12924
x-amzn-requestid: 0525aa3e-75c8-461c-a59a-6aca1de5ce45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHrl0E2poAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c8c8b-72af2dac1fbae4a239e814b7;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:58:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GDJjewRL2F2yMA-cvfcdgN75RIXt4xAQFtuzffH174Qz2ppaPfo__Q==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 23:22:17 GMT
age: 29470
etag: "bf29138062674bfa105d5a49932a1fd6a8476bfa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa84a5d2e-fd71-49c6-b1da-724e3933fb34.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa84a5d2e-fd71-49c6-b1da-724e3933fb34.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9145c370e3b0e5f89c0861548c4b40fa
3cb352d4db5a8bcc8567a4f98d9c4580fbc1a28b
470409bfe1fa86d8ffa38280673fb64b54ec726dc4fcd19222e04de1ab2e6166
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa84a5d2e-fd71-49c6-b1da-724e3933fb34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5509
x-amzn-requestid: 3de58d17-8910-4442-a087-db38166fa689
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHf0MEovIAMFcMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c79b4-1f7abb967a64717077d6eca8;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8hUZ4l1dIZ8Epv6VIZQ7-CF7ARbBekaKFMwtyaALY1yf_-TQs-z7KA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 21:50:12 GMT
age: 34995
etag: "3cb352d4db5a8bcc8567a4f98d9c4580fbc1a28b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33dc6416-1273-4434-89dc-098ea71abbf2.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33dc6416-1273-4434-89dc-098ea71abbf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00bfa49ee360823765aa6ea3a7b08b9c
fe6c8ba4546cdcbf5e375cffc0212f569fe38eaa
a7ae5c72036d8bf6af81658c402a65f1c17b474c2eb94bda7e0c47e25e151860
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33dc6416-1273-4434-89dc-098ea71abbf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10135
x-amzn-requestid: e892507b-03c1-4229-9176-6af04bf2171d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHf5OH2FIAMFXPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c79d4-29af6a1175f21a5321348591;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 21:38:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9_JlHok8KTsQ6gsXnkwudfhqvheJCHKVqcC7qm819hiqg9jA3_BCDw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 21:50:12 GMT
age: 34995
etag: "fe6c8ba4546cdcbf5e375cffc0212f569fe38eaa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=634d05461bbecc4428484781
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 48.us.findthewnd.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=634d05461bbecc4428484781
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=48&subid=48.503&ref=&s1=634d05461bbecc4428484781 HTTP/1.1
Host: 48.us.findthewnd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=48&subid=48.503
Date: Mon, 17 Oct 2022 07:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a6af6afed78a73b4d9af0d6a2c4e71
3572cfaf935eac9a539946cb6bd012b1c6154068
aca3fb898606df413426ff05b24e5c2814d7d746ba2f95fb2fe2bc1a37b0e8bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACA3FB898606DF413426FF05B24E5C2814D7D746BA2F95FB2FE2BC1A37B0E8BF"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9818
Expires: Mon, 17 Oct 2022 10:17:06 GMT
Date: Mon, 17 Oct 2022 07:33:28 GMT
Connection: keep-alive
redir.findthewind.xyz/click/invalid/?tid=48&subid=48.503
198.211.113.186302 Found 230 B URL HTTP/1.1 redir.findthewind.xyz/click/invalid/?tid=48&subid=48.503
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 90febcb2a62ac7e4149297e66bf35f2e
d998f49976838f36db5ec5f8bee47f0ff6e1ddb3
877fbd10ae194b887dfff2de0a0439cde4b33ac994d1dc1b325e3eaac79f1c38
GET /click/invalid/?tid=48&subid=48.503 HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://cola.labtrffc.com/r.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=48
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Mon, 17 Oct 2022 07:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca36f8339dfde7d0a7b9258609d50924
9d5af470e6d92517999d3f7e014b58b61912a910
8bdfa515b7d3b6d2d6cb30ae0694ced2d19e3c1ecf013beb28fb2a043059a4ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDFA515B7D3B6D2D6CB30AE0694CED2D19E3C1ECF013BEB28FB2A043059A4EC"
Last-Modified: Sat, 15 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7388
Expires: Mon, 17 Oct 2022 09:36:36 GMT
Date: Mon, 17 Oct 2022 07:33:28 GMT
Connection: keep-alive
cola.labtrffc.com/r.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=48
51.83.143.92302 Found 0 B URL HTTP/1.1 cola.labtrffc.com/r.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=48
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=48 HTTP/1.1
Host: cola.labtrffc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 17 Oct 2022 07:33:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12l0ammm1d
Raund: 2fk
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=634d0548a7786227511c4913&fid=888
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6c69e7e38e643d13b0e64517f246779a
963d69e27c2341a0c3441af24554568a2b3dafc3
31f024294e6e62d05356b1354850c5fd75c6f3f643e09edc8f5ffc0ffc00b2cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31F024294E6E62D05356B1354850C5FD75C6F3F643E09EDC8F5FFC0FFC00B2CB"
Last-Modified: Sun, 16 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11540
Expires: Mon, 17 Oct 2022 10:45:49 GMT
Date: Mon, 17 Oct 2022 07:33:29 GMT
Connection: keep-alive
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=634d0548a7786227511c4913&fid=888
5.161.78.177307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=634d0548a7786227511c4913&fid=888
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=634d0548a7786227511c4913&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Mon, 17 Oct 2022 07:33:29 GMT
content-type: text/html
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=634d0548a7786227511c4913&source=888.no.firefox.
set-cookie: emwxcid_4_1=52Q5zeEeQ26mCNW96z2uzbfdujlxtHyS6nbR6CbWYp2Wyoklrd; expires=Tue, Oct 17 2023 07:33:29 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca36f8339dfde7d0a7b9258609d50924
9d5af470e6d92517999d3f7e014b58b61912a910
8bdfa515b7d3b6d2d6cb30ae0694ced2d19e3c1ecf013beb28fb2a043059a4ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDFA515B7D3B6D2D6CB30AE0694CED2D19E3C1ECF013BEB28FB2A043059A4EC"
Last-Modified: Sat, 15 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7387
Expires: Mon, 17 Oct 2022 09:36:36 GMT
Date: Mon, 17 Oct 2022 07:33:29 GMT
Connection: keep-alive
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=634d0548a7786227511c4913&source=888.no.firefox.
51.83.143.92302 Found 0 B URL HTTP/1.1 cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=634d0548a7786227511c4913&source=888.no.firefox.
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=634d0548a7786227511c4913&source=888.no.firefox. HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 17 Oct 2022 07:33:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12boxlbgc5
Raund: 2h2
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox..linux.firefox.&k=bfb&url=&xrw=&lid=634d0549d7d5ec0f9b7b8931
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox..linux.firefox.&k=bfb&url=&xrw=&lid=634d0549d7d5ec0f9b7b8931
5.161.78.177307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox..linux.firefox.&k=bfb&url=&xrw=&lid=634d0549d7d5ec0f9b7b8931
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888.no.firefox..linux.firefox.&k=bfb&url=&xrw=&lid=634d0549d7d5ec0f9b7b8931 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: emwxcid_4_1=52Q5zeEeQ26mCNW96z2uzbfdujlxtHyS6nbR6CbWYp2Wyoklrd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Mon, 17 Oct 2022 07:33:29 GMT
content-type: text/html
content-length: 164
location: https://ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888.no.firefox..linux.firefox.
set-cookie: emwxcid_4_1=52Q5zeEeQ26mCNW96z2uzbfdujlxtHyS6nbR6CbWYp2Wyoklrd; expires=Tue, Oct 17 2023 07:33:29 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888.no.firefox..linux.firefox.
51.83.143.92200 OK 171 B URL HTTP/1.1 ron.trffclb.com/a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888.no.firefox..linux.firefox.
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash e89d166e59dfaa83fe00395942586d67
b20a524f6657e254dc089a0c0c42cf80e5a2f2ef
402b04451cb39e5df2832f5d3a462dd4e4c29c44bc65a0213a836989457be546
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:7omnig4vw718godha&d=6213b4b0ff85982fd6331e4b&s=888.no.firefox..linux.firefox. HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Oct 2022 07:33:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2gu
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.
51.83.143.92200 OK 505 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (567)
Hash b59355af5a2958f63f65d35534e4b043
8b5e8d57ca69615999126178dbebebef3fc565ba
801d867c305e59b706832d8a9588bbd3866db8d7f42adb2a21a373c67cd24b45
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox. HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Oct 2022 07:33:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=634d05491a39ac6d3d1977d1; expires=Thu, 20-Oct-2022 07:33:29 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888.no.firefox..linux.firefox.
Cookie: bt-603611c5b7eaf46891533240=634d05491a39ac6d3d1977d1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 17 Oct 2022 07:33:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 10ut8eivbv
Raund: 2fx
Location: https://popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8f16fcc16a1672091be0b2e4fb688c75
babec8415076e083cb32f29fbbb8bc251b0419f4
a64cfd2a18a3b188841b02acb985cb8c2289c129d5c20ab8cc9e15a1f7a322a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5587
Cache-Control: max-age=86423
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:30 GMT
Etag: "634b9e0e-117"
Expires: Tue, 18 Oct 2022 07:33:53 GMT
Last-Modified: Sun, 16 Oct 2022 06:00:46 GMT
Server: ECS (amb/6BBB)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8f16fcc16a1672091be0b2e4fb688c75
babec8415076e083cb32f29fbbb8bc251b0419f4
a64cfd2a18a3b188841b02acb985cb8c2289c129d5c20ab8cc9e15a1f7a322a2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5587
Cache-Control: max-age=86423
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:30 GMT
Etag: "634b9e0e-117"
Expires: Tue, 18 Oct 2022 07:33:53 GMT
Last-Modified: Sun, 16 Oct 2022 06:00:46 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
pritha-ner.com/0496764100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
35.174.150.83302 0 B URL HTTP/1.1 pritha-ner.com/0496764100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
IP 35.174.150.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0496764100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP/1.1
Host: pritha-ner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Mon, 17 Oct 2022 07:33:30 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Location: https://www.luvbind.com/join
Server: uapKkcBH
popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
172.67.141.89200 OK 8.4 kB URL HTTP/2 popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
IP 172.67.141.89:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8c104cc403a7bbc9a0f02156a0609d09
d1a36dfb73f529e5346310d28ddd358c77491bff
72f04f4aa5a4c2757691441fa2b847b3a0211c7f24b0c386a057136a946fdf10
GET /serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ== HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 17 Oct 2022 07:33:30 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BflD7Rj54zgV0rrurUHTUJMf9r0J6xvUKX33OgCzGfZiY1dfXZiqaY2xLhaPzhu2Z95G9%2BNOKxgEVrgFlJ7kUdRbOrDUeFE5FAbOWKFkwjBf7FkuDqoLfJloxX4vA4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b758af8cfdfac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
54.230.245.130200 OK 580 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
IP 54.230.245.130:0
Hash b9f539b0058b3916aad60a6b50a6b662
1a28bfde5267b2ac4c6de028c3d01ff4d84dbf29
35cc39ab61d8326d0b0105a4420b11f4106685a0d67d609454ef4ef252c48b7b
GET /themes/cleanPeppermintBlack_657d9013/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Mon, 17 Oct 2022 06:34:11 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Content-Encoding: gzip
ETag: W/"62b4441b-555"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 78c6Un5Em5aTcufQNF32k3DXcmQX2NGBVETSJIM3vUdVbZX0vhiTGQ==
Age: 3560
d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
54.230.245.130200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3caf.js
IP 54.230.245.130:0
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /scripts/js3caf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Mon, 17 Oct 2022 02:32:48 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HKjim7Dbho6uTiGnTaBgxalHi7u04JVuDUumT0WoKofoXEYxkFeHmw==
Age: 18043
d38psrni17bvxu.cloudfront.net/themes/assets/style.css
54.230.245.130200 OK 343 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/assets/style.css
IP 54.230.245.130:0
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sun, 16 Oct 2022 07:34:23 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P_PfB21w7dshpUX4r5Nxok58vrlD4Rr2s10POzAhyVidaYCZUqKkHg==
Age: 86348
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash b5c42585a5131b8d5f97a25ab47684a0
10e1bc971dbbf5b8ff10e1965c48fd9765b8a088
d40e780722e8280dc82cbfcfe15f6811182c0a66a775aa4a6c9e6c4e6ed97b5c
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Mon, 17 Oct 2022 07:33:31 GMT
Expires: Mon, 17 Oct 2022 07:33:31 GMT
Cache-Control: private, max-age=3600
ETag: "1064828637097345081"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.130200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.130:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 16 Oct 2022 09:14:38 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: k2Qj6k5439QLVjpxWdeWQ00uRAZ51hVRo_hbpZGFBy7299hIWkRS9A==
Age: 80333
d1lxhc4jvstzrp.cloudfront.net/themes/registrar/images/logo_domaindiscount24.png
143.204.42.83200 OK 24 kB URL HTTP/2 d1lxhc4jvstzrp.cloudfront.net/themes/registrar/images/logo_domaindiscount24.png
IP 143.204.42.83:0
File type PNG image data, 1000 x 375, 8-bit/color RGBA, non-interlaced\012- data
Hash f5bb4f052f94e2a72c962962aa27dda4
9bd27ad606cd9939828dbfd0dfae185868b2052c
adc1a1bcfe83901649be1a2c92037bdb7f41efd7646b9c5117b9cb0659455914
GET /themes/registrar/images/logo_domaindiscount24.png HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.luvbind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 23477
server: nginx
date: Sun, 16 Oct 2022 07:40:40 GMT
last-modified: Fri, 09 Jul 2021 12:37:58 GMT
accept-ranges: bytes
etag: "60e84326-5bb5"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: X6p4Y-iSSE6MRxJN5UtNrStn9_Yo9A5iWcUubAsDNXaRlOuvbeQTzg==
age: 85971
X-Firefox-Spdy: h2
ww1.luvbind.com/favicon.ico
15.197.146.198200 OK 0 B URL HTTP/1.1 ww1.luvbind.com/favicon.ico
IP 15.197.146.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww1.luvbind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 07:33:32 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ww1.luvbind.com/track.php?domain=luvbind.com&toggle=browserjs&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D
15.197.146.198200 OK 20 B URL HTTP/1.1 ww1.luvbind.com/track.php?domain=luvbind.com&toggle=browserjs&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D
IP 15.197.146.198:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=luvbind.com&toggle=browserjs&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D HTTP/1.1
Host: ww1.luvbind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 07:33:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4968b6ba4593c5a26ff6f56a60231029
ec4d98794f75aad9181a0aa7a4f0488de726a557
522aab87cbb3b9a8f4d0fc55cf2ff30094ffb327937f3fc235db48e7b8f2fa0a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww1.luvbind.com/ls.php
15.197.146.198201 Created 0 B IP 15.197.146.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ls.php HTTP/1.1
Host: ww1.luvbind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2226
Origin: http://ww1.luvbind.com
Connection: keep-alive
Referer: http://ww1.luvbind.com/
HTTP/1.1 201 Created
Date: Mon, 17 Oct 2022 07:33:32 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 634d054c8cb7726b4b692b2c
Charset: utf-8
Access-Control-Allow-Origin: http://ww1.luvbind.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_IGa8Y51+DFTACTg/Ef1mcvSj4nAkqM/1aAtFXpk7juP2nDR2Q5YMptgOyuuYjykp8MhTIxxzZxoI6d1GMb/igw==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a35313a5a8c552374d17bb5cf9044e3d
b8473dbaf91506e1bb3e2bfe3c235844b16ea6fa
9e5d1e5feedb206d1bc8a477332ed31f57a365362fa46531145af2f4fef867ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2798683493254288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301015%2C17301018%2C17301068%2C17301071%2C17301094%2C17301097&format=r3%7Cs&nocache=9321665992016753&num=0&output=afd_ads&domain_name=ww1.luvbind.com&v=3&bsl=8&pac=2&u_his=13&u_tz=0&dt=1665992016755&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=861&frm=0&cl=480127119&uio=--&cont=tc&jsid=caf&jsv=480127119&rurl=http%3A%2F%2Fww1.luvbind.com%2F&adbw=master-1%3A530
142.250.74.164200 OK 2.0 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2798683493254288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301015%2C17301018%2C17301068%2C17301071%2C17301094%2C17301097&format=r3%7Cs&nocache=9321665992016753&num=0&output=afd_ads&domain_name=ww1.luvbind.com&v=3&bsl=8&pac=2&u_his=13&u_tz=0&dt=1665992016755&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=861&frm=0&cl=480127119&uio=--&cont=tc&jsid=caf&jsv=480127119&rurl=http%3A%2F%2Fww1.luvbind.com%2F&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5230)
Hash 840ed3037a32e050d185662d789969a1
e5a07fca474f250987900d8495deaffb6c835193
e3d7c05190b479965e4355f29047c9ccef04849d1e273853942f334043d95542
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket102&client=dp-teaminternet09_3ph&r=m&hl=no&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2798683493254288&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301015%2C17301018%2C17301068%2C17301071%2C17301094%2C17301097&format=r3%7Cs&nocache=9321665992016753&num=0&output=afd_ads&domain_name=ww1.luvbind.com&v=3&bsl=8&pac=2&u_his=13&u_tz=0&dt=1665992016755&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=861&frm=0&cl=480127119&uio=--&cont=tc&jsid=caf&jsv=480127119&rurl=http%3A%2F%2Fww1.luvbind.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.luvbind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Mon, 17 Oct 2022 07:33:32 GMT
expires: Mon, 17 Oct 2022 07:33:32 GMT
cache-control: private, max-age=3600
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 1999
x-xss-protection: 0
set-cookie: NID=511=mHMToBnYniEPiAenQKKaEwtQs5ERTRPVqVDpmgk_va7l2HhoFlGdjuayw50Usd6-yY_6YcIgqu-NoSDDtHGeENr4ebs6eUgBzH9QlUmOPnmW-BXKQ9Fv9vQSAz61TCW9y1o8Lw3vU0eJbdVtJiRrQ2VAzDzCj2Aj7iThJe7cAUs; expires=Tue, 18-Apr-2023 07:33:32 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+678; expires=Wed, 16-Oct-2024 07:33:32 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=ww1.luvbind.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
172.217.21.162200 OK 181 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ww1.luvbind.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 16a137e6f0e88ae1e4c443a0449e5082
f830b1c2d287a3047d38786d8d79fad189d6128c
bd5a4be8910aabde00b72584ee68a9950cd44e7a5074d159a1e47bcb8e12301a
GET /gampad/cookie.js?domain=ww1.luvbind.com&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.luvbind.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 17 Oct 2022 07:33:32 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a6e1c15b41a9baf3dcf134b8132912a6
7a9c0e0a369023808a9d9732610cd6f206c584ab
f247489aeb512583b0e1721922abd34e7d98bfb71d2de21d0c6f179cf585d365
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a35313a5a8c552374d17bb5cf9044e3d
b8473dbaf91506e1bb3e2bfe3c235844b16ea6fa
9e5d1e5feedb206d1bc8a477332ed31f57a365362fa46531145af2f4fef867ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fd45160527768a71e8fba7ab4e1025f
ee7db36c417d0dd2d644c937a43b6d4f22eac534
0a567583609a374e792ce06df225e39b88ebf22cd3e85212444b94551113a9ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fd45160527768a71e8fba7ab4e1025f
ee7db36c417d0dd2d644c937a43b6d4f22eac534
0a567583609a374e792ce06df225e39b88ebf22cd3e85212444b94551113a9ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
142.250.74.1200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 16 Oct 2022 19:02:58 GMT
expires: Mon, 17 Oct 2022 18:02:58 GMT
cache-control: public, max-age=82800
age: 45034
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.1200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 17 Oct 2022 04:04:22 GMT
expires: Tue, 18 Oct 2022 03:04:22 GMT
cache-control: public, max-age=82800
age: 12550
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fd45160527768a71e8fba7ab4e1025f
ee7db36c417d0dd2d644c937a43b6d4f22eac534
0a567583609a374e792ce06df225e39b88ebf22cd3e85212444b94551113a9ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 17 Oct 2022 07:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww1.luvbind.com/track.php?domain=luvbind.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D
15.197.146.198200 OK 20 B URL HTTP/1.1 ww1.luvbind.com/track.php?domain=luvbind.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D
IP 15.197.146.198:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=luvbind.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2NTk5MjAxMS4xMTk1Ojk4Y2Y0NDJkZjRjNTExODAzZDRhM2ExOWUzMmQ0NWQ0MWFhYjNjMGQ2NmViN2RmZDMwMWYwM2Y5MzdjMjAwNTk6NjM0ZDA1NGIxZDJkOQ%3D%3D HTTP/1.1
Host: ww1.luvbind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.luvbind.com/
Cookie: __gsas=ID=f27199c3a632ff8d:T=1665992012:S=ALNI_MYXFR8hM7eYNHPFEzBnKllLTobZhA
HTTP/1.1 200 OK
Date: Mon, 17 Oct 2022 07:33:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 17 Oct 2022 07:33:32 GMT
expires: Mon, 17 Oct 2022 07:33:32 GMT
cache-control: private, max-age=3600
etag: "2550235239229647042"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
popmyads.com/gget
172.67.141.89302 Found 0 B IP 172.67.141.89:0
POST /gget HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 505
Origin: https://popmyads.com
Connection: keep-alive
Referer: https://popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Mon, 17 Oct 2022 07:33:30 GMT
content-type: text/html; charset=UTF-8
location: http://pritha-ner.com/0496764100?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Mon, 17-Oct-2022 07:33:32 GMT; Max-Age=2; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoAHbXMV0PPg33KvgapHTrVHu2N3LbCO%2BzZP0IZIr4h93xZPxNXPMwIwJw3ck%2FroDCsJ7QeJe0Tke07nosTKeU9a38yXSKr3SZJuoSjnYllnPe8zL%2FOaC%2FQhNg%2BoLL4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b758b04d82fac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2