xxxtik.com/auth
104.16.243.78301 Moved Permanently 0 B IP 104.16.243.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /auth HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 29 Nov 2022 11:19:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 29 Nov 2022 12:19:34 GMT
Location: https://xxxtik.com/auth
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771af2f9f8be0b65-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14590
Expires: Tue, 29 Nov 2022 15:22:44 GMT
Date: Tue, 29 Nov 2022 11:19:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4022
Cache-Control: max-age=87529
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:34 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:38:23 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 10:19:36 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3598
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16972
Expires: Tue, 29 Nov 2022 16:02:26 GMT
Date: Tue, 29 Nov 2022 11:19:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: H3/CRAOJ0iFEoG6woyNaUtV+z9FhilFkKiI/pSQsq0xfMDHvih8Iox+dklWzAZCdUn80R/Sa4os=
x-amz-request-id: A1M7G67RYWSGR6YA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 10:45:25 GMT
age: 2049
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ef45ce8aa9fc0f54d9986134bc483a
33ac4d27cb54a7dcfe49aa543226a9dd16077e7c
d80de7ff9f9c4da75de45305caa9599dcf74dceb60b4727f3e3eb16c957a9961
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3862
Cache-Control: max-age=95613
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:34 GMT
Etag: "6384ae2d-117"
Expires: Wed, 30 Nov 2022 13:53:07 GMT
Last-Modified: Mon, 28 Nov 2022 12:48:45 GMT
Server: ECS (amb/6B9C)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xxxtik.com/runtime-es2015.c08fb42c249b65273e90.js
104.16.243.78200 OK 2.3 kB URL HTTP/2 xxxtik.com/runtime-es2015.c08fb42c249b65273e90.js
IP 104.16.243.78:0
File type ASCII text, with very long lines (3879), with no line terminators
Hash 44180801a044b0b1b71f92f08a6dd9c2
069d2f96dd107c6881ba2ace343bae442860edc2
cee070e5f17ef00e0853103ef3894b8a11a9158c51eca821ae4f71d1d80915dc
GET /runtime-es2015.c08fb42c249b65273e90.js HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
etag: W/"43fea3bfda93b53aff56bfb70ffebb73"
x-amz-request-id: tx000000000000009bd9f1e-006380970d-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2107
server: cloudflare
cf-ray: 771af2fc8bbcb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 852
Cache-Control: max-age=165685
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:35 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 09:21:00 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4cff2e8373b14a9ec9ee205b54651a35
d1c49820d0bb77f86bb160a265586fc0ad96648b
fcb1febaadeda9afea47f800cb1dd89d1366e1e61811c51c6a65eb8ded9c9016
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCB1FEBAADEDA9AFEA47F800CB1DD89D1366E1E61811C51C6A65EB8DED9C9016"
Last-Modified: Tue, 29 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11753
Expires: Tue, 29 Nov 2022 14:35:28 GMT
Date: Tue, 29 Nov 2022 11:19:35 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.61.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.61.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xfI3FEWZBs743qULHnqppg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vbG2y8orEXvx7zdN13mdJDIKvfY=
xxxtik.com/auth
104.16.243.78200 OK 30 kB IP 104.16.243.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1090)
Hash 2921795404d280cb7ac6b006c7943513
058aa6c6bcdb481f08c9b9da977678df3df197ea
87e69268d518d29f035c81a63e24fe12839573177a980777924f8f6ee11cc683
GET /auth HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: text/html; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
x-amz-request-id: tx000000000000009ff2e94-0063847731-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 404
cf-cache-status: HIT
age: 33357
server: cloudflare
cf-ray: 771af2fbaac3b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 94d394d6beaad25971b7f1e02d93b841
07359fac8e3e5c10dee86bdb0d2a468ab90d8f9a
06c4f25efd09668ee6bc8cc7b4d278841c5abb5d31c0e029cda8b43c4ee4a489
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100333
Date: Tue, 29 Nov 2022 11:19:36 GMT
Etag: "6384b816-1d7"
Expires: Wed, 30 Nov 2022 15:11:49 GMT
Last-Modified: Mon, 28 Nov 2022 13:31:02 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YTVsgBNCNduYg_PXBA4abYmU8hbIxpc_yyIo8zZiUSmgKHYLRbZEeg==
Age: 6047
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 5585d8957e5544b8d883b72f42aecd07
fc19b65528b34e9625e7c31f445ba84f29f33546
1faf70d4807102c5649cab0fbcabdb9994a26b7a36b3eecc959be9d82b543bc2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xxxtik.com
access-control-allow-credentials: true
set-cookie: uid_id2=e6b234f2-b475-42eb-bd3e-19cc8b5357df:3:1; expires=Fri, 26 Nov 2032 11:19:36 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
xxxtik.com/assets/icons/porndude.png
104.16.243.78200 OK 2.4 kB URL HTTP/2 xxxtik.com/assets/icons/porndude.png
IP 104.16.243.78:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash abbfc76d055cdcc328045f3aa74e8a6e
6fc57c476e8b524aa244a57cfdea32b45401b43a
da12d3951fbbeaae494541313ccf71787d64d36656f39b80d7d85573494f565c
GET /assets/icons/porndude.png HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: image/png
content-length: 2363
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: "abbfc76d055cdcc328045f3aa74e8a6e"
x-amz-request-id: tx000000000000009bd8ef0-006380967f-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2268
accept-ranges: bytes
server: cloudflare
cf-ray: 771af3042c8db4ff-OSL
X-Firefox-Spdy: h2
lebinaphy.com/c-Dh9.6ob/2L5blvSMWGQW9RNEDQQ/zgOfTFkPx/Nzyp0L0xN/DtMQ5XOvTwEe4K
88.85.94.246200 OK 15 kB URL HTTP/2 lebinaphy.com/c-Dh9.6ob/2L5blvSMWGQW9RNEDQQ/zgOfTFkPx/Nzyp0L0xN/DtMQ5XOvTwEe4K
IP 88.85.94.246:0
File type Unicode text, UTF-8 text, with very long lines (5600)
Hash d5198825007be365fdaf8e580355b65b
dba28b83e8503c3dc35463f12c4209e4761559d1
6bef9d0ddd8daa1891e5ffa8621734782b17a468069a6aee3814dde8b382cf18
GET /c-Dh9.6ob/2L5blvSMWGQW9RNEDQQ/zgOfTFkPx/Nzyp0L0xN/DtMQ5XOvTwEe4K HTTP/1.1
Host: lebinaphy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: application/javascript
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
last-modified: Tue, 29 Nov 2022 11:19:36 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2Njk2OTY2NjIsInpvbmVzIjp7IjQzMzYzOTYiOls0MzM2Mzk2LDEsMTY2OTY5NjY2Ml0sIjQ0MTg1MjIiOls0NDE4NTIyLDEsMTY2OTcwNDgxNF0sIjQ0MjcwMzciOls0NDI3MDM3LDEsMTY2OTYzNDc5MV0sIjQ0Mzk5MTciOls0NDM5OTE3LDEsMTY2OTcyMDc3Nl19fQ==; max-age=1701256776; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
api.xxxtik.com/util/meta
104.16.243.78200 OK 745 B IP 104.16.243.78:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d620f73cbac6906fac598a75401162e
68216d8264a45fcc9f44e07be412c0325cb70acc
e46bed8c9a5450745a52fd7da32151f5b90a3ae788880561bc713aa019f1c330
GET /util/meta HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxxtik.com/
Origin: https://xxxtik.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"124-XFknRzv5j7mGAEsLz+cWnY2Rf/k"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 771af30418dab511-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/assets/fonts/Epilogue-Regular.ttf
104.16.243.78200 OK 48 kB URL HTTP/2 xxxtik.com/assets/fonts/Epilogue-Regular.ttf
IP 104.16.243.78:0
File type TrueType Font data, 16 tables, 1st "GDEF", 16 names, Microsoft, language 0x409, Copyright 2020 The Epilogue Project Authors (https://github.com/Etcetera-Type-Co/Epilogue)Epilog\012- data
Hash 973e9e9418b5f8e8763e2e088e7ce011
e55f90d91ecfcc566c41b7295ee8e9c6b153f2a0
e39a8ce4e705c7f1f8fd1482d1c92dc7695d14517e99a7312623e155267a8339
GET /assets/fonts/Epilogue-Regular.ttf HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: font/ttf
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"02986281c9b30ba0359d3873ce633b4b"
x-amz-request-id: tx000000000000009bd8eda-006380967e-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2327
server: cloudflare
cf-ray: 771af2fc8bc4b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.xxxtik.com/tag/all
104.16.243.78204 No Content 0 B IP 104.16.243.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /tag/all HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://xxxtik.com/
Origin: https://xxxtik.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 11:19:36 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: authorization
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 204
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771af3061b89b511-OSL
X-Firefox-Spdy: h2
reproductiontape.com/pixel/purst?dl=0&th=0&sc=0&rs=1480&rd=1480&fd=1026&bv=22.10.v.10&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 reproductiontape.com/pixel/purst?dl=0&th=0&sc=0&rs=1480&rd=1480&fd=1026&bv=22.10.v.10&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1480&rd=1480&fd=1026&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 11:19:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
api.xxxtik.com/user/explore
104.16.243.78204 No Content 0 B URL HTTP/2 api.xxxtik.com/user/explore
IP 104.16.243.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /user/explore HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://xxxtik.com/
Origin: https://xxxtik.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
date: Tue, 29 Nov 2022 11:19:36 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: authorization
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 204
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771af3062b8fb511-OSL
X-Firefox-Spdy: h2
reproductiontape.com/9c/2b/1e/9c2b1eee0894cbb289451ca96f7bb8e9.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 reproductiontape.com/9c/2b/1e/9c2b1eee0894cbb289451ca96f7bb8e9.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37136), with no line terminators
Hash 152cc416ea5ca7004ded15383b97ab2c
cf96dc3f643d6dfde23bfe7c6e269b831e3cf1c5
fa9a3d0ac447d0e59ba71f8bf64e7a7064edf150bfbabfe542880804455d9d02
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /9c/2b/1e/9c2b1eee0894cbb289451ca96f7bb8e9.js HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 29 Nov 2022 11:19:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b60f9fd47b4b54d0cae6c9980c025fa4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sya9yncn3q.com/get/1877814?zoneid=1877814&jp=_clade8hl1db844lsmaa7ev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642701611149998
62.122.171.6200 OK 1.6 kB URL HTTP/2 sya9yncn3q.com/get/1877814?zoneid=1877814&jp=_clade8hl1db844lsmaa7ev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642701611149998
IP 62.122.171.6:0
Hash d03d018a8add59070a0230d1544eb89a
9cd6b11a2f2bdce8d356387e1210ec433997115f
6610ea63faedc38659207b4293e238d4d5806073686bc850530810700449c299
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1877814?zoneid=1877814&jp=_clade8hl1db844lsmaa7ev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642701611149998 HTTP/1.1
Host: sya9yncn3q.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2211290619809bd7e5f1cf4f1c9f4cd55a00; Path=/; Expires=Wed, 29 Nov 2023 11:19:36 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
api.xxxtik.com/util/ad
104.16.243.78200 OK 28 B IP 104.16.243.78:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8c37ef1c638fa1b48be33a9f51b1f4ae
2841ab40832c49fbf03dc08aa20e7d72d6a9e09d
e784d325f7754120121e1182df64aa767361e2621bb749c2a620fe740a28efa0
GET /util/ad HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer null
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: application/json; charset=utf-8
content-length: 28
x-powered-by: Express
access-control-allow-origin: *
etag: W/"1c-KEGrQIMsSfvwPcCKog59ctap4J0"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771af3068c25b511-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2612
Expires: Tue, 29 Nov 2022 12:03:08 GMT
Date: Tue, 29 Nov 2022 11:19:36 GMT
Connection: keep-alive
limurol.com/ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2211290619f4446f2d214e4244ae8bd5ad8e; Path=/; Expires=Wed, 29 Nov 2023 11:19:36 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13238
Expires: Tue, 29 Nov 2022 15:00:15 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13238
Expires: Tue, 29 Nov 2022 15:00:15 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13238
Expires: Tue, 29 Nov 2022 15:00:15 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
xxxtik.com/assets/fonts/Epilogue-ExtraBold.ttf
104.16.243.78200 OK 60 kB URL HTTP/2 xxxtik.com/assets/fonts/Epilogue-ExtraBold.ttf
IP 104.16.243.78:0
File type TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2020 The Epilogue Project Authors (https://github.com/Etcetera-Type-Co/Epilogue)Epilog\012- data
Hash 5460f951bdc9f19b1f7a20b872ad23ec
79cec1aef0946651a72cd2f973ad15df4942476a
414e3370371613447a91812fae9533e10e21aa1dfaede31cdd1934e8dd53a8bb
GET /assets/fonts/Epilogue-ExtraBold.ttf HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/styles.c61175e2881f4b754112.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: font/ttf
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"59324237cca6756fd31c478be041dccc"
x-amz-request-id: tx000000000000009bdee5a-006380967f-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2268
server: cloudflare
cf-ray: 771af3049cf6b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13238
Expires: Tue, 29 Nov 2022 15:00:15 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UmhWm03jrsV8dFagrzIA0E-8eL8dykoO5kw3cYOBd172dCGqNdAX-Q==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:49:48 GMT
age: 26989
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 22e7d3e11e78242383e452adb9299016
035a1b4a2a7889787532ec2637d5c21e06daf672
990f18423bafc9cc3daaa1bd1290313b6cb3d3a391f642d01fd6797ad4fc9ca8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51b530e0-9ee5-45ee-95e9-a687ac33f22c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3004
x-amzn-requestid: 1e6e228a-fb73-4ed3-881b-6b0e5c8297c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrFRXoAMFUJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-45059338501b45d943d7e08c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rmBhEB-x2sOvI7XfEpZQ0-lXEDWZ4los77q017Im-Lwb32ZLA0Zvcg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:45:15 GMT
age: 23662
etag: "035a1b4a2a7889787532ec2637d5c21e06daf672"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 28886
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b7d3821d0bd11c196724846a7b9fe22
5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c
b4f820555c4daf6e112c1a395bc57e22f0ef8e2e4299a0ffbb54e0bf18c87f47
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f728a04-45b0-4726-b646-628601e2ebbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8578
x-amzn-requestid: 4f948bb9-74db-4a5d-927d-a6b893735531
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFxnWHq-IAMF4LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efc95-2f9e98ca2dad65a80e2195c2;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vSvGc0JIh4JOWTlagt4uDD_CDPiWOSfYYEI4lUBPsQb4qJMOEbBcmw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 23:18:30 GMT
age: 43267
etag: "5b1700fa9cd4f1aaafda28ac28a0e2086fa8499c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 21e355b150a487a2f53dee584298df33
b98bdd119f74f5bc47b60cf04b8a79aad2ab8ffd
553c3bc8af974f94efe5ca96e6f3dd51e4f7e5811656c268ced90fa377222cb7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "553C3BC8AF974F94EFE5CA96E6F3DD51E4F7E5811656C268CED90FA377222CB7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6164
Expires: Tue, 29 Nov 2022 13:02:21 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 8281
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 635eba2ec841f80118a858a94bb84ff5
591895548f1f166a16c790740656cb194d0f7760
d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2611
Expires: Tue, 29 Nov 2022 12:03:08 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
limurol.com/ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1877814/?pb=e1342a69d08a91e9ae15ce1b5f3b70d61669727976&psp=aRYjt_MGotj26kdGAtfKz6Yh06LotmUqThhLut7IXjvq34OsgjdenDv3cTeIHBOoMSeMlRDmKo9szEZl9Qa67VeWrvN-uaNvD-0xAmjmdDzhhCvjyyqX5t9YkWNI5AyHpqEJ3YjKr_8Puq33WcIn7wK-7X-tOHjWST8y0mwfqOYhRcyywW-syia3U-XNjCzik4Uc2iVJK09nLKOFxVqLIrxl0aK4HQ-fEaZbx-oj6nLWA9fzLWqsyjrnq5kyPdXqmad7y5eJuJahP0NtZZUZ_EjHiEWdXdM3n0yQR-0ky2E7tp9iwxTiG_JMuC-kVV688HogoXZop2I8gP3Yxks_yvqUyfYFzxU64t_w3r_OSZX5DVJoQ0KrhmFQE8k4qCnmbuQ34IRi2M8VZXTGfVYqzS0AnAS1orVzfAt3z8hFn5iw4fC6HaOpJM9pok3W2PC8KXc9LY66AfyUetIJ_LcIWa97Gvzq5LJW_iHRsrFgbdL78Ke_nKrTBkw9YblRuOQr7IPGH0-vD8m7GYIJwruGxDMppnLyn_3Sk6TacLFXdbB-eIAsZcQikaJcd__3P25uqWanh31BcBma03A5LaSdNfPK_XHjovifZGpUvt6rS1Spl3TrHUa9wn9KyA63f6ITO5ehn43wi8wuItLz--b3h7ORQzAjCm1JTMvYXEbXqBwrN50lN0nGZ65BE3pVnLnGV0nH5ZMHZao-hCEUvWwAWBgZ14wUB6mRRUXG3owZbHqLgk8U8BYPrhK_IqIAUEe5LlYhWr6lrBRFnac9lfXtjWslvMAJ&cb=_cl7muak89pidqyof563sev&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2211290619b67d6055136a45ada83f35d2c1; Path=/; Expires=Wed, 29 Nov 2023 11:19:37 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.13200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 11:19:37 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27ddcf48248101cc428aaf54df01369a
Strict-Transport-Security: max-age=0; includeSubdomains
xxxtik.com/assets/icons/apple-icon-180.png
104.16.243.78200 OK 7.2 kB URL HTTP/2 xxxtik.com/assets/icons/apple-icon-180.png
IP 104.16.243.78:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 5368473da77744b7bb51877003f576f5
8fe9f0317027936cc6ac7563cc5504298b7e293b
2dabb3d8333c64b8c6c5cfde229248f759d6292017caacd189dadcf92da8be08
GET /assets/icons/apple-icon-180.png HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Cookie: ppu_main_f7527c3637baa7f63d75672dc54eece8=1; __PPU___PPU_SESSION_URL=%2Fauth; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e6b234f2-b475-42eb-bd3e-19cc8b5357df%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: image/png
content-length: 7187
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: "5368473da77744b7bb51877003f576f5"
x-amz-request-id: tx000000000000009bdfe56-006380970b-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2107
accept-ranges: bytes
server: cloudflare
cf-ray: 771af30a9d63b4ff-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig
142.250.74.170200 OK 0 B URL HTTP/2 firebase.googleapis.com/v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1alpha/projects/-/apps/1:560873874866:web:ba1c6ecca2355d7a4670ab/webConfig HTTP/1.1
Host: firebase.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-goog-api-key
Referer: https://xxxtik.com/
Origin: https://xxxtik.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xxxtik.com
vary: origin, referer, x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-goog-api-key
access-control-max-age: 3600
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firebaseinstallations.googleapis.com/v1/projects/xxxtik/installations
142.250.74.106200 OK 0 B URL HTTP/2 firebaseinstallations.googleapis.com/v1/projects/xxxtik/installations
IP 142.250.74.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/projects/xxxtik/installations HTTP/1.1
Host: firebaseinstallations.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key
Referer: https://xxxtik.com/
Origin: https://xxxtik.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xxxtik.com
vary: origin, referer, x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key
access-control-max-age: 3600
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xxxtik.com/favicon.ico
104.16.243.78200 OK 3.1 kB IP 104.16.243.78:0
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 56b68e054992397efc0b29f884191662
d1b316e70e467545fecad2f0cb502af10ef7d193
e12548d8c29f844f73f823240cdca89479609890b50f0e919608331cbc64930a
GET /favicon.ico HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Cookie: ppu_main_f7527c3637baa7f63d75672dc54eece8=1; __PPU___PPU_SESSION_URL=%2Fauth; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e6b234f2-b475-42eb-bd3e-19cc8b5357df%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
etag: W/"29106370cf95f66f4650a10526790182"
x-amz-request-id: tx000000000000009bdee89-0063809680-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 3365
server: cloudflare
cf-ray: 771af30a9d65b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.xxxtik.com/user/explore
104.16.243.78200 OK 13 kB URL HTTP/2 api.xxxtik.com/user/explore
IP 104.16.243.78:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 3e7e1e1b83cc3cf62086651dd0b1b612
dfee7f30e76647a3ec1220c9868187a1bfb85b7c
eabc1fb067e46915acbf1734ea38f32ba132f0cdee68d2b9bde98af64c668df7
GET /user/explore HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer null
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"14a19-z8E8QkzK6azLPUMVR3IuqZMWKbc"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 771af3072d50b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?l=dataLayer&id=G-5QBTTR6TGX
142.250.74.168200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtag/js?l=dataLayer&id=G-5QBTTR6TGX
IP 142.250.74.168:0
File type ASCII text, with very long lines (2996)
Hash 6969d91160546531d15766bd200956df
cbce01d36f5e2bbe3c078fc049716d88353de5bd
cf0387b0d9fe682e41730f842f2d5cc51dba44efaee91d5ce2ff048ff1e1bd46
GET /gtag/js?l=dataLayer&id=G-5QBTTR6TGX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 11:19:37 GMT
expires: Tue, 29 Nov 2022 11:19:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66047
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 11:19:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firebaseinstallations.googleapis.com/v1/projects/xxxtik/installations
142.250.74.106200 OK 490 B URL HTTP/2 firebaseinstallations.googleapis.com/v1/projects/xxxtik/installations
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (330)
Hash 289dffda954111f425be00963230ac03
e92a491b5a7442f6f041c6d257109bf80eff372f
a92a56b084628f7c9e74c7ad433e85d82df5dd7bc708b498bd6da25b36d99c94
POST /v1/projects/xxxtik/installations HTTP/1.1
Host: firebaseinstallations.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxxtik.com/
content-type: application/json
x-goog-api-key: AIzaSyAm9k1Y1GRbET-w1Z9joYMp63x1EHwZ5fY
Origin: https://xxxtik.com
Content-Length: 131
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 29 Nov 2022 11:19:37 GMT
server: ESF
cache-control: private
content-length: 490
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://xxxtik.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dd71cb59bfd5e31191d61da63fec244a
998886e4743fc393838dbee7a6632d392e268e73
54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12637
Expires: Tue, 29 Nov 2022 14:50:14 GMT
Date: Tue, 29 Nov 2022 11:19:37 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
104.21.234.92200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 7d08e108469ec4f191e487612733570d
2266c4c3096af8f69a10bc37510286c32b473ba3
a59c526f279e496457e39c08b2db1db6a7bdaca08af2d514f0a761b93246a46c
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: cea6af9819853f2048af2d3e8911ed3a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 29 Nov 2022 11:19:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzffTOBZdNdBuXNFetncYaHMuUdgo5hrafjgJ6tqAiZAwFkK%2BvmkMJzlmS36McOS01tSaXY2H9w%2Fa7j5UsXkfjs6nj4jHWc9mZGmhLL9KUBea8%2Bp2C3TmCBFl7yD0l%2F%2BBGffXlM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771af3084b3cdc31-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e6b234f2-b475-42eb-bd3e-19cc8b5357df&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=9c2b1eee0894cbb289451ca96f7bb8e9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=e6b234f2-b475-42eb-bd3e-19cc8b5357df&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=9c2b1eee0894cbb289451ca96f7bb8e9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=e6b234f2-b475-42eb-bd3e-19cc8b5357df&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=9c2b1eee0894cbb289451ca96f7bb8e9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 29 Nov 2022 11:19:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 538068629b2ff47d0a041c8940e4cf0b
Strict-Transport-Security: max-age=0; includeSubdomains
region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX>m=2oeb90&_p=1741707535&_fid=dCKeVJ6wPFnPFVe1yt0e2x&cid=1339670554.1669720777&ul=en-us&sr=1280x1024&_s=1&sid=1669720776&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2Fauth&dt=xxxtik%20-%20Hot%20TikTok%20porn%20videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-5QBTTR6TGX>m=2oeb90&_p=1741707535&_fid=dCKeVJ6wPFnPFVe1yt0e2x&cid=1339670554.1669720777&ul=en-us&sr=1280x1024&_s=1&sid=1669720776&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2Fauth&dt=xxxtik%20-%20Hot%20TikTok%20porn%20videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-5QBTTR6TGX>m=2oeb90&_p=1741707535&_fid=dCKeVJ6wPFnPFVe1yt0e2x&cid=1339670554.1669720777&ul=en-us&sr=1280x1024&_s=1&sid=1669720776&sct=1&seg=0&dl=https%3A%2F%2Fxxxtik.com%2Fauth&dt=xxxtik%20-%20Hot%20TikTok%20porn%20videos.&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://xxxtik.com
date: Tue, 29 Nov 2022 11:19:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xxxtik.com/styles.c61175e2881f4b754112.css
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/styles.c61175e2881f4b754112.css
IP 104.16.243.78:0
GET /styles.c61175e2881f4b754112.css HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
etag: W/"4944d2eb3580e06ced39ea24a67e75df"
x-amz-request-id: tx000000000000009bdee49-006380967e-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2273
server: cloudflare
cf-ray: 771af2fc8bc0b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/assets/images/feather-sprite.svg
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/assets/images/feather-sprite.svg
IP 104.16.243.78:0
GET /assets/images/feather-sprite.svg HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: image/svg+xml
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"8bf209bf8ac81043e662f44c3cd28171"
x-amz-request-id: tx000000000000009bd8de7-0063809679-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2268
server: cloudflare
cf-ray: 771af3048cebb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/636-es2015.c45292405eac6e6cdd4a.js
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/636-es2015.c45292405eac6e6cdd4a.js
IP 104.16.243.78:0
GET /636-es2015.c45292405eac6e6cdd4a.js HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"68317f95773f02566ffc4d1bdac6dc79"
x-amz-request-id: tx000000000000009bd8ef4-006380967f-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2268
server: cloudflare
cf-ray: 771af3037badb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/main-es2015.0dc6b2ec20836a4bdd3e.js
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/main-es2015.0dc6b2ec20836a4bdd3e.js
IP 104.16.243.78:0
GET /main-es2015.0dc6b2ec20836a4bdd3e.js HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
etag: W/"58fc58376e142004eedae7481cdedbd7"
x-amz-request-id: tx000000000000009bdec79-0063809674-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2107
server: cloudflare
cf-ray: 771af2fc8bbeb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/421-es2015.63cc4fdc545020366c8d.js
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/421-es2015.63cc4fdc545020366c8d.js
IP 104.16.243.78:0
GET /421-es2015.63cc4fdc545020366c8d.js HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"857a580123ceb2c633bb3f10346619cd"
x-amz-request-id: tx000000000000009bd956e-00638096ae-5c92220d-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2044
server: cloudflare
cf-ray: 771af303abd4b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/polyfills-es2015.6a08dc48db5c67a09c90.js
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/polyfills-es2015.6a08dc48db5c67a09c90.js
IP 104.16.243.78:0
GET /polyfills-es2015.6a08dc48db5c67a09c90.js HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 25 Nov 2022 10:17:38 GMT
x-rgw-object-type: Normal
etag: W/"c8f0d497527ca84e1915e692c57ee8c3"
x-amz-request-id: tx000000000000009bdfe6a-006380970c-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2107
server: cloudflare
cf-ray: 771af2fc8bbdb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sya9yncn3q.com/t/9/fret/meow4/1877814/91310734.js
62.122.171.6200 OK 0 B URL HTTP/2 sya9yncn3q.com/t/9/fret/meow4/1877814/91310734.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /t/9/fret/meow4/1877814/91310734.js HTTP/1.1
Host: sya9yncn3q.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-10f52"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
api.xxxtik.com/tag/all
104.16.243.78200 OK 0 B IP 104.16.243.78:0
GET /tag/all HTTP/1.1
Host: api.xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer null
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:37 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"7a157-gV/VK/POU05Gdjju/U9mxoah7C0"
x-do-app-origin: 4abf1627-e6ab-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 771af306fce4b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
xxxtik.com/assets/images/loading.svg
104.16.243.78200 OK 0 B URL HTTP/2 xxxtik.com/assets/images/loading.svg
IP 104.16.243.78:0
GET /assets/images/loading.svg HTTP/1.1
Host: xxxtik.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxtik.com/auth
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 11:19:35 GMT
content-type: image/svg+xml
last-modified: Fri, 25 Nov 2022 10:17:37 GMT
x-rgw-object-type: Normal
etag: W/"37cbaacdfe18fe4346c8c951c59e8542"
x-amz-request-id: tx000000000000009bdee37-006380967e-5c92156a-fra1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public,max-age=10,s-maxage=86400
x-do-app-origin: 21d6262b-e6ae-11ec-b1dc-0c42a19a82a7
x-do-static-catchall-document: index.html
x-do-orig-status: 200
cf-cache-status: HIT
age: 2327
server: cloudflare
cf-ray: 771af2fc7bbab4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.sizokiwhe.pro/afc293/896c4467b56b.js
67.216.89.41200 OK 0 B URL HTTP/2 www.sizokiwhe.pro/afc293/896c4467b56b.js
IP 67.216.89.41:0
GET /afc293/896c4467b56b.js HTTP/1.1
Host: www.sizokiwhe.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://xxxtik.com
Connection: keep-alive
Referer: https://xxxtik.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.1
date: Tue, 29 Nov 2022 11:19:36 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315358824, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsrP7jnHS8YSuPjrkuTCVphpOep5ZtMQ/BuVATeWDB/wTQllwENXNztQTLJe45skbcoX9tdP2QpeUs+d51zS043U
x-served-from: l1
x-vhostid: 110, 22019
content-encoding: br
X-Firefox-Spdy: h2