exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
301 Moved Permanently 0 B URL HTTP/1.1 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Oct 2022 01:58:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 10 Oct 2022 02:58:57 GMT
Location: https://exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nkgmBFdJEe%2BBnJzfwARLFRbMUU7wvPJeGYzATcmW7gZE%2BvYDbXQhD3a%2BB2d%2BmBbRUkvWXvhinmILXmBCP29LTsSMHsPctfpRV7HceICOyzvr2HhKCBlbOGLmEfyt3gB%2FmbZm9FGu01YcKPOTN41w"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 757bc1002e59b506-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 10 Oct 2022 01:48:16 GMT
Expires: Mon, 10 Oct 2022 02:26:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: feQl296vTOtNQEFwwVerKgtaYy758gADu7vDVuW74o2ptSP4xSBYlw==
Age: 641
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf768e41672570b0a4a9fe86045915fc
2249064a86b2ba11e28208b9fba1c9f1db4f3e9e
a049499f78078df12f4d1c5180f1f36715a5c99db4f31c18ee06bcf0b6382b30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A049499F78078DF12F4D1C5180F1F36715A5C99DB4F31C18EE06BCF0B6382B30"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11939
Expires: Mon, 10 Oct 2022 05:17:56 GMT
Date: Mon, 10 Oct 2022 01:58:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7cba6aada5c0a04c1c0644769c09f64e
ed02f174a9b718951911343af8ec181c6d205b1d
ba863e734d5d38ed160758ab0b09d1b0f44fc795dcbcee4199329b011fcd1bd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA863E734D5D38ED160758AB0B09D1B0F44FC795DCBCEE4199329B011FCD1BD1"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6585
Expires: Mon, 10 Oct 2022 03:48:42 GMT
Date: Mon, 10 Oct 2022 01:58:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tbbl2NjYbZNbxb1zhou4Y7ZZ7KBlRL+fq5fXtW7cmRUmLxcvJvQRQ9LEDrtVmb8Ggomf1MPf1JM=
x-amz-request-id: 0JD09XT7ZPBY5BPD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 10 Oct 2022 01:00:14 GMT
age: 3523
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 10 Oct 2022 01:29:41 GMT
Expires: Mon, 10 Oct 2022 02:29:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2nHI4y6ROl6LYUvI2cI2WSVKC3nFGf-1PF2JHyVhGZ5VW_7x-AtKcw==
Age: 1756
ocsp.digicert.com/
200 OK 471 B IP
Hash 0e2d9e91637474eeaf391312eed441bd
5d29603c731b75308f7d1f584b3ac4c263c96a9e
7da864345088083e1a6fec2d95e07186ef8dbcef8505570e547844c556dfe3be
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1699
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:58:58 GMT
Last-Modified: Mon, 10 Oct 2022 01:30:39 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
200 OK 24 kB URL HTTP/2 exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1627)
Hash 09e5cb8314ba39357a77f27ce099913e
67889bb008c687ed8ee53c7701f1e6fa0432a609
1b5b73767e916ec684d3f977b8a536c153f52264f7f5b9c85886637a02475f83
GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_{lander.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1
Host: exceptionalphonesecurity.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 10 Oct 2022 01:58:58 GMT
content-type: text/html
last-modified: Mon, 13 Jun 2022 09:09:10 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30r%2B6SO%2FkaCquaiaznNho1dQOmMJ4Okucm4HLj4JYZRs3VoYaewCDSx5M9LU9Tbxkd6dk90LMhYIXwq9BBGzyiMs%2F8RQWF4O5wTTkYF53Xo%2FVXqDoD11%2FROf%2BUgv%2BTP85qQFe2ldQIc5WrsVdo7a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757bc101df310b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=317780,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 757bc1071a6bb509-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8
IP
Hash 7e1da03b7d5254f7b1d93874c8f85ce4
c1ff6bec84dd9b2bf2bbcd11bb8791444f04b2d7
ff9366f794284e39381efd6b8ae4b6273469134c741ca7c3d6a1e1248e1a98d4
GET /p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:58 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 5afc52b7c0dd277b6eb7959df5d2d75f
2d62ff817a603dbe03412fd744b2c9818b35b326
56b56c27834081e7462829f813d398e9f97669738433d85a8b611fb640e91b2d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 10 Oct 2022 01:58:58 GMT
Last-Modified: Mon, 10 Oct 2022 00:15:55 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: h7UCpV44to5N-Ok-D4LOPBpUqpl-NU3KuB4mbU6SLPnF0BLe_2tKqQ==
Age: 6183
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 5afc52b7c0dd277b6eb7959df5d2d75f
2d62ff817a603dbe03412fd744b2c9818b35b326
56b56c27834081e7462829f813d398e9f97669738433d85a8b611fb640e91b2d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 10 Oct 2022 01:58:58 GMT
Last-Modified: Mon, 10 Oct 2022 01:25:01 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5ufPlruyVH5rukoNPVwezuWvVw3a5Wwm6egdXMXXLL6E7ZAc84_Q0g==
Age: 2038
overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
200 OK 314 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}
IP
ASN #14061 DIGITALOCEAN-ASN
Hash a8d303e670bd8ec49427559b5a6be403
e81ad7b833f2e7688d00e8f6fd34ad904426ee1c
d559e34fc8a001b9423fab8d1bfe317a1afffc36618558738a692e67009c8275
GET /api/v3.0/clickapi/img?aid=1&clickId={clickid} HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Set-Cookie: currentClickid=%7B%221%22%3A%22%7Bclickid%7D%22%7D; Max-Age=31536000; Path=/; Expires=Tue, 10 Oct 2023 01:58:58 GMT; Secure; SameSite=None
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DUKCL1h3RB1BwTEfS3L+NA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Z1GRtTXBa67SJTQUeKn3/pmBzeQ=
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
200 OK 144 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash bf5958568e9977f0cbfd4f0910c93dd3
d9d5cfea94d0d14c860ccb03915ceb937e532b8e
0cee15dc77aff9b76dad02481c92d865ffb84a9cb1b384cee54aa2f8357dfcf6
OPTIONS /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3784d51b845b6458ac5e47947914d0e7
d42190a870d1a9662844de39e846e8f2c02f4020
412ea59b1ee52460b0a20d90741cbb515278c6b426108cbe1456c57f6030850d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "412EA59B1EE52460B0A20D90741CBB515278C6B426108CBE1456C57F6030850D"
Last-Modified: Fri, 07 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20689
Expires: Mon, 10 Oct 2022 07:43:47 GMT
Date: Mon, 10 Oct 2022 01:58:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 37b5995b674c2f0c957f22c888cf78d6
acb0420adc483a26af7523a418c738b75ee27e46
eb33c7a7432cc4a9ce46e0193967b2b3f5340967c7bea1b1130bb7b1706e7766
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB33C7A7432CC4A9CE46E0193967B2B3F5340967C7BEA1B1130BB7B1706E7766"
Last-Modified: Sun, 09 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 10 Oct 2022 07:58:58 GMT
Date: Mon, 10 Oct 2022 01:58:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 86f93eb683e097438861d7dad56af2fb
a9bc9f0df4af30a0c04392a30e646f9a0270e3c3
d0fda66fd94a08e74460ffd61d7085e9ad827fff3dd7715a24af1eba55444857
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0FDA66FD94A08E74460FFD61D7085E9AD827FFF3DD7715A24AF1EBA55444857"
Last-Modified: Fri, 07 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10798
Expires: Mon, 10 Oct 2022 04:58:56 GMT
Date: Mon, 10 Oct 2022 01:58:58 GMT
Connection: keep-alive
app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
301 Moved Permanently 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /device_by_model?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Server: gunicorn
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: text/html; charset=utf-8
Location: /device_by_model/?model=rv:96.0
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Content-Length: 0
Via: 1.1 vegur
analytics.tiktok.com/api/v2/pixel
200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 902
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Cookie: _ttp=2FvKV9nbxADkL566VGpD08wgN4j
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 202210100158580DD758131853281CE388
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ab3c4d6060b7de2bf96c71c97b69177e94ab7f833ba0d6bd54cf24c2ffb177f002d75027211bfb77c2c67bf4ba3b8a761b689417edbc772d1322b6610d7e9efdc2f0781ee824b9d5ae841dc4396ae418
x-origin-response-time: 59,23.36.66.38
x-akamai-request-id: 28517546.3b3beafd
expires: Mon, 10 Oct 2022 01:58:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 10 Oct 2022 01:58:58 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-cache-remote: TCP_MISS from a23-36-66-38.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=140, origin; dur=58, inner; dur=11
x-parent-response-time: 195,23.36.79.13
X-Firefox-Spdy: h2
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 8 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash f30c3a40e9a3e65c868c754a5de95919
65101ff283414b70636ff494d866190a66ed9978
875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe
OPTIONS /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Allow: GET,HEAD
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
200 OK 0 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Server: gunicorn
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: text/html; charset=utf-8
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur
overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
200 OK 126 B URL HTTP/1.1 overalltrack.com/api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1
IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash c8f85db18fe8f89306f6c0819c67036d
7b5c44e4a9fd70e664aa4fe54fc0bd7bb3963a31
a71ab24977d03d440189548647bee7fdbdf0d6dee44478d1f6b44f17699a75ee
GET /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_{lander.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1
Host: overalltrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
404 Not Found 90 B URL HTTP/1.1 app1-smartsecurity-etl.herokuapp.com/device_by_model/?model=rv:96.0
IP
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 2333fc4fb0305a69c4127a26296830f7
8019da38e6449bf32aacc41b941155d3cca9e578
7b9954a74aab72fdb8478c4209d31f54ae822cd90c2c392c2bfb9f5736fdb4f3
GET /device_by_model/?model=rv:96.0 HTTP/1.1
Host: app1-smartsecurity-etl.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Connection: keep-alive
Server: gunicorn
Date: Mon, 10 Oct 2022 01:58:58 GMT
Content-Type: application/json
Allow: GET, HEAD, OPTIONS
X-Frame-Options: DENY
Content-Length: 90
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Via: 1.1 vegur
my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_%7Blander.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6c97374191884f76b1add582b8a18843; expires=Tue, 10 Oct 2023 01:58:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85fe5d9cfcd60b9cf8f9915c99fdf577
4d9a3d70cb870090be34b8b2f72fe8ab049ec7dc
b11e31fd76a00bb9eeda809a129b21a5d7e7705ca44e67196194cc90d2bc6255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B11E31FD76A00BB9EEDA809A129B21A5D7E7705CA44E67196194CC90D2BC6255"
Last-Modified: Fri, 07 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17288
Expires: Mon, 10 Oct 2022 06:47:07 GMT
Date: Mon, 10 Oct 2022 01:58:59 GMT
Connection: keep-alive
primaveratrack.com/testb.php
200 OK 126 B URL HTTP/1.1 primaveratrack.com/testb.php
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash a5b3bfed693e840e5d91095409c6af0b
7fbe8433eda44893839708d5ce47d7a7041005fd
a04e547854da7a70b03398e9329527420ef9f14486d35d5c3186ee46248f25a4
GET /testb.php HTTP/1.1
Host: primaveratrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 10 Oct 2022 01:58:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
200 OK 40 kB URL HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js
IP
Hash b9712ac86a09aeb538e178dfd12795b5
173e63f32fa9ce9852f98c68cff0ec8b92fb560c
4878e2650073c2a9baae9f86bae380a4e0c8439c362453c6ddcb51a41819cc86
GET /pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1665367139357&hash=pUD_y2I0bvM51gwCdxSb4IdaUVukhO-t5TiSQjvZHSo&rm=D
200 OK 255 B URL HTTP/2 track.profitableredirect.com/redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1665367139357&hash=pUD_y2I0bvM51gwCdxSb4IdaUVukhO-t5TiSQjvZHSo&rm=D
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash de8ab645056a8f8a15edbbc7b143db6e
efffa3c5deaab6a66b6bc6e3e7f825a3d7af7eb1
78e82c2f577490b708665560db3b6d26b33a0f8c8a81e5f27b428ec323070119
GET /redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1665367139357&hash=pUD_y2I0bvM51gwCdxSb4IdaUVukhO-t5TiSQjvZHSo&rm=D HTTP/1.1
Host: track.profitableredirect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=yQn8Nrx5DEdjeHY8GgvM2JOm-EzPNRTujK5q16d6l5Y; cc-v4=uPCvQyOWUV0GCxHMqEoxrJIHcWYfp%2FwyjowPyTTxwbr3Vbo%2FIunJkQwLJGYFt5HhH%2F7fKnxAEL9OltCPrRs1SNyHP0TUjxSqAoVm58ZSXdGaX8n5KlZXYKK3Uo3Bf8%2B%2FV5ok3p8y76LjMxpwvt9yqg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
content-type: text/html;charset=UTF-8
content-length: 255
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8719bb958ec53e043cb7e9583240e37b
d05a5fd58214ace924df02f244582cf3f7356cb8
2411a378479edb491a03df162fa59e7431df9c45bba8357c35c2cdc62b4cde38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2411A378479EDB491A03DF162FA59E7431DF9C45BBA8357C35C2CDC62B4CDE38"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10781
Expires: Mon, 10 Oct 2022 04:58:40 GMT
Date: Mon, 10 Oct 2022 01:58:59 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 682756c159438150586fc69afb46c61b
00bdc31369f89c5e870f26f14623d52525a2957f
8a7e3419834d3c07de43258122ab78f3514191c5862cfeb080e9c0ceef042aa2
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 01:58:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 16:52:37 GMT
Expires: Thu, 13 Oct 2022 16:52:36 GMT
Etag: "00bdc31369f89c5e870f26f14623d52525a2957f"
Cache-Control: max-age=312216,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 757bc10f9b1f1c16-OSL
datatechone.com/log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314
200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314
IP
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 453
Origin: https://ouhastay.net
Connection: keep-alive
Referer: https://ouhastay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 10 Oct 2022 01:58:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://ouhastay.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 42ce7c34fdc275b2f972223772146c64
fab0b21bb1662563533a391c80dca7ab7b6fa350
884975d638b0fdf58c0ae37c6d63eb768c48346db8b147ba9b2962509632b5f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "884975D638B0FDF58C0AE37C6D63EB768C48346DB8B147BA9B2962509632B5F1"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11882
Expires: Mon, 10 Oct 2022 05:17:01 GMT
Date: Mon, 10 Oct 2022 01:58:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 42ce7c34fdc275b2f972223772146c64
fab0b21bb1662563533a391c80dca7ab7b6fa350
884975d638b0fdf58c0ae37c6d63eb768c48346db8b147ba9b2962509632b5f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "884975D638B0FDF58C0AE37C6D63EB768C48346DB8B147BA9B2962509632B5F1"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11882
Expires: Mon, 10 Oct 2022 05:17:01 GMT
Date: Mon, 10 Oct 2022 01:58:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 42ce7c34fdc275b2f972223772146c64
fab0b21bb1662563533a391c80dca7ab7b6fa350
884975d638b0fdf58c0ae37c6d63eb768c48346db8b147ba9b2962509632b5f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "884975D638B0FDF58C0AE37C6D63EB768C48346DB8B147BA9B2962509632B5F1"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11882
Expires: Mon, 10 Oct 2022 05:17:01 GMT
Date: Mon, 10 Oct 2022 01:58:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaace23d-b928-4d0c-a0a1-b704713419b5.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaace23d-b928-4d0c-a0a1-b704713419b5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b810629f9c09752af6b6510aa553a7dc
9529f0f6b6a2ccef9d8d1ec5cf85dfee6021f53d
2f4e2f650fc0ef13d63ae3003d036a56e29ef53b3f58ce4701aff51827eb93a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaace23d-b928-4d0c-a0a1-b704713419b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6911
x-amzn-requestid: d6a87eb0-73fa-40b9-8185-d40198f7135a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zjn5uG1_IAMFu8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e203e-0c3e82fa1ee3f37849ab0dcd;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 00:24:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O6IKGUjg_FaiTiCkght-zQlXA-526F6GMQS0G98g4GW1bJCVrrJ4sg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 23:35:08 GMT
age: 8631
etag: "9529f0f6b6a2ccef9d8d1ec5cf85dfee6021f53d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 94e8e091-1136-41a7-843c-44c4ffe9e688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZqylGGYwoAMFQIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6340fe20-60b47aeb3b55af4f755577f4;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 04:35:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fzfUAL2jahiFgsqMExf1dB_7PFJt9wwO2BDKo3XJHSvk5AeeNP8FQg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:42:23 GMT
age: 15396
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0cb8976d18c6197dc99cd60d784f188b
2e6d5041aff56cc2313cc23438be450b6113f111
27b99d13f075013f66e3ca3d03074cc0b96bd6da63d094701c2f29e017362b8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12292
x-amzn-requestid: d5129b2b-c513-4fa1-8b2c-9bda19870905
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMF5goAMFXRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-360ad9352303c09b3b6c2dce;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: moJJY-yrF8AGl9YHrQw-B2sUiGYAdUJERlssxR-i8UDb2r_SZpCfQw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:21:30 GMT
age: 13049
etag: "2e6d5041aff56cc2313cc23438be450b6113f111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e748e58f80c6b771f918c1633817aa3
59e4de3cb5a18090fa3fef06f4dabf9f7f9928a9
bd357a97c0ca7f25e8d30250bf07c5497bc54d3b042aa5db79cab0fb5e63a2a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 38f93e67-dfd2-4324-bc0f-24e36a1c9b7f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatLHd3IAMFWdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-4ac21e2b2f55935d2df721ee;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: as7FWdjU-fvqivr4GW4aCMTY2fU3d3V44RBDVwunGurJPnDs6UkQaQ==
via: 1.1 fc9b6e8f934a073c1a1983c7599b93ba.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:49:14 GMT
age: 14985
etag: "59e4de3cb5a18090fa3fef06f4dabf9f7f9928a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cefb9479bc2fe5087f9d2b89ef3cec2b
aa219f193812c6a2d0313316ce13fe74f1d468d0
a806ef995ed2285bd9f0d553df49aa28924e640805e1f50284baad1c0aec06bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10113
x-amzn-requestid: 7a9800c5-81ed-4a23-bbe0-0041ab682856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalQEPPoAMF3yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5a9bedb10c4f8c2c60ab3769;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MROeeTPtb6DfMHkig6fHcYuYiv1-udvJVfB1jygcDYLy4LuZmgRE_Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:21:32 GMT
age: 13047
etag: "aa219f193812c6a2d0313316ce13fe74f1d468d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg
200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cb1e1243af4405d2ddfc86ece266cff
bcd47a41fc6b0384c03fa00b8fa4a23805fa3b28
6df8b3b5420bad300304d14e8e18d65e4179a76d2f7e0a24bce23655318f49a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8218
x-amzn-requestid: 694a656a-0f68-4d3a-a316-1da1ce908c11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMFwzoAMF4Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-277be490531f4d3b4cf11540;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ET8XIJOYbM-nYBsZAjB4smh6AvsCpGjZzZBUquDwj37xR-ATPIm7Wg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:24:25 GMT
age: 12874
etag: "bcd47a41fc6b0384c03fa00b8fa4a23805fa3b28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 780 B IP
Hash 78d07b29c6af81f2d5bb29d8dd23e628
d83b75e00dc7eedba0dd08e7eb8a847c3d2d6ed4
ef44ff9fdf68a8df0459cd4324b2bd8729e6d0f3c078710480cc8e435a186dd6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 01:58:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=317779,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 757bc10f8dbbb509-OSL
ouhastay.net/favicon.ico
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouhastay.net/afu.php?zoneid=3647676
Cookie: OAID=338e829561bb498794c581b6aa3ce656; oaidts=1665367139
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=338e829561bb498794c581b6aa3ce656
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=338e829561bb498794c581b6aa3ce656
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=338e829561bb498794c581b6aa3ce656 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouhastay.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=338e829561bb498794c581b6aa3ce656; expires=Tue, 10 Oct 2023 01:58:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ouhastay.net/?z=3647676&syncedCookie=true&rhd=false
302 Found 0 B URL HTTP/2 ouhastay.net/?z=3647676&syncedCookie=true&rhd=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=3647676&syncedCookie=true&rhd=false HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 439
Origin: https://ouhastay.net
Connection: keep-alive
Referer: https://ouhastay.net/afu.php?zoneid=3647676&var=3647676&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=338e829561bb498794c581b6aa3ce656; oaidts=1665367139
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx
date: Mon, 10 Oct 2022 01:59:00 GMT
content-length: 0
location: https://spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=603156102393368737&cost=0.001972&zoneid=3647676&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=linux&osversion=other&carrier=?&user_activity=high&rdk=rk3
x-trace-id: 834c5564dbd7488d1cea0dc5d1025d09
link: <https://spo76rt28r.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://ouhastay.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=338e829561bb498794c581b6aa3ce656; expires=Tue, 10 Oct 2023 01:59:00 GMT; path=/; secure; SameSite=None
oaidts=1665367139; expires=Tue, 10 Oct 2023 01:59:00 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 17 Oct 2022 01:59:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=603156102393368737&cost=0.001972&zoneid=3647676&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=linux&osversion=other&carrier=?&user_activity=high&rdk=rk3
302 Found 0 B URL HTTP/1.1 spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=603156102393368737&cost=0.001972&zoneid=3647676&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=linux&osversion=other&carrier=?&user_activity=high&rdk=rk3
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /news.php?key=kzpgib0wc95k23usqnoz&SUBID=603156102393368737&cost=0.001972&zoneid=3647676&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=linux&osversion=other&carrier=?&user_activity=high&rdk=rk3 HTTP/1.1
Host: spo76rt28r.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Mon, 10 Oct 2022 01:59:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=fygxhea7; expires=Tue, 11-Oct-2022 01:59:00 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15; expires=Tue, 11-Oct-2022 01:59:00 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://bo2217ok3tro9.com/1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15
Strict-Transport-Security: max-age=31536000
bo2217ok3tro9.com/1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15
200 OK 1.4 kB URL HTTP/1.1 bo2217ok3tro9.com/1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 0bbb113ff85b78b6485a9783946e6948
8663005f0ad88c2a768937edb56177387103594d
70c7e9fa94eb5b8fb5b61e0ee25167ace062bea13773331f7d02814822fbf004
GET /1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15 HTTP/1.1
Host: bo2217ok3tro9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 10 Oct 2022 01:59:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
unpkg.com/axios/dist/axios.min.js
302 Found 524 B URL HTTP/2 unpkg.com/axios/dist/axios.min.js
IP
Hash 5aa421e6598964ea13258506997088c3
8af90ad42035d75a242ebdb74be2ebc2c716757e
c6e00889b4ce4acb5d5c233b4d0c5c3911f83455c4707ae3343bf1e78dbf2b33
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 10 Oct 2022 01:59:00 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.1.2/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GEZSDHTSXN34C0DJGVXMQXK5-ams
cf-cache-status: HIT
age: 467
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 757bc115898db4ed-OSL
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
200 OK 555 B URL HTTP/2 www.google.com/recaptcha/api.js
IP
File type ASCII text, with very long lines (850), with no line terminators
Hash e75e7b4c9bf71c4a14d5e1d1946b161a
36148f31ea702a23a3f0dafd907a9069234021e7
e43b40968f165ec7b121020103aa40529d891aa2d03ead26ed47adefc4d6ab6d
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 10 Oct 2022 01:59:00 GMT
date: Mon, 10 Oct 2022 01:59:00 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 555
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 43141c37657b2dc617dc65bfe97a865c
df200056afa06387a505aac1d8098c6675356ba9
e9e99ad50877b82025b812718da985f84e52654af4b62244ca3a162c2da17cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:59:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5855dca2f41651669a3211635c24ce5a
3f17ede289a3ac814e80a0acefbcd97246ab51de
ca400e5e49929039d4382b1ce2defadc76d86b5756fac8dbaa6d237d5ef1699c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:59:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-547JG5H
200 OK 37 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-547JG5H
IP
File type ASCII text, with very long lines (2039)
Hash d01fe8b76cf5ea800229e11e440e3f11
0e236482fce4d2a4c1bc4740a0738785017922b5
32b98d08102f2a8c462e6da5caba9ee93aa21bcd5a5f39a560802526c248e593
GET /gtm.js?id=GTM-547JG5H HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 10 Oct 2022 01:59:00 GMT
expires: Mon, 10 Oct 2022 01:59:00 GMT
cache-control: private, max-age=900
last-modified: Mon, 10 Oct 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 37256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bo2217ok3tro9.com/1/bg.png
200 OK 61 kB URL HTTP/1.1 bo2217ok3tro9.com/1/bg.png
IP
ASN #24940 Hetzner Online GmbH
File type PNG image data, 400 x 299, 8-bit grayscale, non-interlaced\012- data
Hash d7096ad35844972e015e865729d13235
42c79d98b50275dcc447bd61d845ee2ed52ae45e
8bccdb408e67a3b44e0f5d417486c8d251f2e4acbae8542465aad3c7052341dd
GET /1/bg.png HTTP/1.1
Host: bo2217ok3tro9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 10 Oct 2022 01:59:00 GMT
Content-Type: image/png
Content-Length: 61362
Last-Modified: Wed, 13 Jul 2022 07:58:38 GMT
Connection: keep-alive
ETag: "62ce7b2e-efb2"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 43141c37657b2dc617dc65bfe97a865c
df200056afa06387a505aac1d8098c6675356ba9
e9e99ad50877b82025b812718da985f84e52654af4b62244ca3a162c2da17cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:59:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bo2217ok3tro9.com/favicon.png
404 Not Found 114 B URL HTTP/1.1 bo2217ok3tro9.com/favicon.png
IP
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b9841984dca9ab290d79563f36ae6d8d
35a6cc4edf0c92bd155144871968659dafb4d1c3
546c212f587bf539f97ed64bbc3ae6c09bd7ee64976e71f091df859c217a0c14
GET /favicon.png HTTP/1.1
Host: bo2217ok3tro9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/1/?lpkey=16e765d7365a74c240&uclick=fygxhea7&uclickhash=fygxhea7-fygxhea7-p2-h9wj-8rwj-2tx9-he4k-404e15
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx/1.22.0
Date: Mon, 10 Oct 2022 01:59:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:59:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bo2217ok3tro9.com
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 21:02:07 GMT
expires: Thu, 05 Oct 2023 21:02:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 363413
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 01:59:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Oct 2022 12:31:58 GMT
expires: Sun, 08 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 134823
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20221010015858E4A8A94E6339EA1AEE2A
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf600abfded03f52e527228925ae696ca9b57d66d960e5707b2f14f7a4550033614452877d0bf50d86f710e587060edcbe4390fb8ea1765e7bc86dc93182e0664609e90498ee23cf1b3b1daaf69d5f7ff578
content-encoding: gzip
x-origin-response-time: 8,23.218.220.133
x-akamai-request-id: 3649c630.3b3beaa6
expires: Mon, 10 Oct 2022 01:58:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 10 Oct 2022 01:58:58 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
vary: Accept-Encoding
set-cookie: _ttp=2FvKV9nbxADkL566VGpD08wgN4j; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-218-220-133.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=101, origin; dur=8, inner; dur=3
x-parent-response-time: 109,23.36.79.13
X-Firefox-Spdy: h2
ouhastay.net/afu.php?zoneid=3647676
200 OK 0 B URL HTTP/2 ouhastay.net/afu.php?zoneid=3647676
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=3647676 HTTP/1.1
Host: ouhastay.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 01:58:59 GMT
content-type: text/html; charset=utf8
x-trace-id: 0721c880d421c0e914e33f9668564298
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=338e829561bb498794c581b6aa3ce656; expires=Tue, 10 Oct 2023 01:58:59 GMT; path=/; secure; SameSite=None
oaidts=1665367139; expires=Tue, 10 Oct 2023 01:58:59 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/axios@1.1.2/dist/axios.min.js
200 OK 0 B URL HTTP/2 unpkg.com/axios@1.1.2/dist/axios.min.js
IP
GET /axios@1.1.2/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bo2217ok3tro9.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 10 Oct 2022 01:59:00 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"67d4-ae22gWc+WteU0z+fBbiwjqlAwTs"
via: 1.1 fly.io
fly-request-id: 01GERZ66JWEKENZHQ1YJ54WKY8-ams
cf-cache-status: HIT
age: 229297
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 757bc115a9a0b4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/identify.js
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20221010015858509BE046F2FBC6125C45
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ab3c4d6060b7de2bf96c71c97b69177ee4c93e944f5d7ba0db2adcd59d1649a767fe151fa5c34f181086eed4712544bf8e843e933daa250a5bb03b44f3553c93b5add5e294005002432c08d800ce2022
content-encoding: gzip
x-origin-response-time: 7,23.36.66.15
x-akamai-request-id: 118534f8.3b3beaa3
expires: Mon, 10 Oct 2022 01:58:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 10 Oct 2022 01:58:58 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-36-66-15.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=96, origin; dur=7, inner; dur=3
x-parent-response-time: 103,23.36.79.13
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq
IP
ASN #20940 Akamai International B.V.
GET /i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20221010015858EB3B0B8CB722F0267774
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ab3c4d6060b7de2bf96c71c97b69177ee4c93e944f5d7ba0db2adcd59d1649a7f85570232539e54f36aed890e02bf3f8013970db2a324ccf73959b19d8d6ea6047055e77173c0a4588c522617543a28c
content-encoding: gzip
x-origin-response-time: 7,23.36.66.15
x-akamai-request-id: 11853330.3b3bea32
expires: Mon, 10 Oct 2022 01:58:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 10 Oct 2022 01:58:58 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-36-66-15.deploy.akamaitechnologies.com (AkamaiGHost/10.9.5-44356082) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=96, origin; dur=7, inner; dur=3
x-parent-response-time: 102,23.36.79.13
X-Firefox-Spdy: h2
104.21.6.184
204.48.29.15
139.45.195.253
78.46.92.254
104.16.126.175
167.114.103.223
23.36.76.226