avgle.com/video/QuuHGHRGtHl/hnds-039-1
104.21.45.211301 Moved Permanently 0 B URL HTTP/1.1 avgle.com/video/QuuHGHRGtHl/hnds-039-1
IP 104.21.45.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/QuuHGHRGtHl/hnds-039-1 HTTP/1.1
Host: avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 23 Nov 2022 10:37:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 23 Nov 2022 11:37:31 GMT
Location: https://avgle.com/video/QuuHGHRGtHl/hnds-039-1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hPeC8dLQnTe6bQ7MLnR4nIftwHGHZPP0Z2VTRdXhaaho3Lvl2IMj7pFbMMskBGgsqrK6gaClkB9uTR5dq1qoZw345xFdzLLt2V%2FfPaYuPo8GiGPlp1jPhMmdvDM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e9451ede6a0b4d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3595
Expires: Wed, 23 Nov 2022 11:37:26 GMT
Date: Wed, 23 Nov 2022 10:37:31 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5201
Cache-Control: max-age=91225
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:31 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 11:57:56 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9325
Expires: Wed, 23 Nov 2022 13:12:56 GMT
Date: Wed, 23 Nov 2022 10:37:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 23 Nov 2022 10:17:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1224
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 74f77b1c29e46355ef40246ced386ba9
34c59f3dc95189755f46ec1b6be70d0562390ee2
3a3de983fb3e30258bf40f373d3a1a0779c72fca7daa62d438800000350f4e7e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:31 GMT
Last-Modified: Wed, 23 Nov 2022 08:57:13 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /0ZXjlKpbSde2nStNpQq0QDyLVLFQidTDC4cI3UPrXIr5EBVBlYruQkoG23Mcyp2ElMRtUduCaI=
x-amz-request-id: E3720RB783QWNZYR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 23 Nov 2022 09:39:57 GMT
age: 3454
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 10:37:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 74f77b1c29e46355ef40246ced386ba9
34c59f3dc95189755f46ec1b6be70d0562390ee2
3a3de983fb3e30258bf40f373d3a1a0779c72fca7daa62d438800000350f4e7e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:31 GMT
Last-Modified: Wed, 23 Nov 2022 08:57:13 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
104.17.24.14200 OK 30 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (32077)
Hash 5e4764d3c94d1a1db8c3d0890278b6d1
e5171f2f46e16d32df5f634ba21e47256fa9689c
5077e8927721a6a3ae5d78b456b7041230d627774a0a319beebacc88290b8328
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 30360
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-17b8b"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1014406
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDcjRVO6Lb3%2ByHn8vboAMvE07d%2FiX3rRp7%2FynIfTdT7B65d61l5OkfHs7goqvgo%2FebHegPOSukED9qdLT5aiav01jsU1DbedbUhH7HR98EqM0DNDBZAqrwqnVzYPXE4Ib6EWEMvH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945232c48b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css
104.17.24.14200 OK 2.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (6454), with CR line terminators
Hash dd0c975ac6cf18356e3a64a9e09c5d66
fb70cfe7308a9e4c162d7cbdb01ba7ceff8137ea
8524ee13d851584493788f99f936112522ed17b1829e2a3409715899c8831a06
GET /ajax/libs/toastr.js/latest/css/toastr.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: text/css; charset=utf-8
content-length: 2672
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ffe-1a55"
last-modified: Mon, 04 May 2020 16:17:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 43621
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtUDgaDLdisfUtgUhT3UVIKY7Ddcl5PGREveO2vZn1LaC4VmLlioTr3Dn0P%2BbYjjlS9BhLSMi2kC3hEYCOt5IL4Ie9VF9LgTz6pSyAfmh43iVL5gn5mTYTgRlbprCEDLcs9SZFtq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945232c4cb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js
104.17.24.14200 OK 1.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (5215)
Hash b3cd1197cd16cf84e2e4313f2ba15142
5b83415c62121e0967d874ad7b12b93e059cee18
ed2fb5b46a4b7e540ddbe08f457d1c2bce74880a8a4298c8b2799039c3297328
GET /ajax/libs/toastr.js/latest/js/toastr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 1885
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ffe-15a1"
last-modified: Mon, 04 May 2020 16:17:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1102647
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9%2Fe1z0d8c7zgGNO8nwa1jCZpAi%2FD09JFVm7j8hfONPa4XqN%2BghJVUh1wNbyLp%2FeeeBK3QboYrlHpKGuP47LNqTmJHoO4TMB%2FyoIlEY0%2Fp83VN4v5ybz5f7NcBS2UY%2Bp%2B2Ad1Rjz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945232c4eb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.6.0/clipboard.min.js
104.17.24.14200 OK 3.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.6.0/clipboard.min.js
IP 104.17.24.14:0
File type Unicode text, UTF-8 text, with very long lines (10471)
Hash 6ff421e07461e358546f892b1096cfee
f6088693a7e4d439331cca3ffa7c5780475a7682
5e2be23f69c9ba8db0ce2eb68d825f9c7e842aeb605a09e6248a4b7a488c979a
GET /ajax/libs/clipboard.js/1.6.0/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 2971
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e29-2953"
last-modified: Mon, 04 May 2020 16:09:13 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1790667
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XP8ooFFHqAcYZ48p%2FibPpgEl03spfkZJHFiLtY4t1mLOKI0KSTeE3%2BAka2babXR2tWbwwvffgEGRKslj8KkXJpsRlIwSDa5WGcxmzQuigB6SFp4YrZ%2BJeHSM7zSqrep3bGk5lNp5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945232c4bb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/video.js/5.20.3/video-js.min.css
104.17.24.14200 OK 12 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/video.js/5.20.3/video-js.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (39368), with no line terminators
Hash a3d749fa144167d371d6441e2890a1ba
bcb060070f22fea928113286a340fc11cb58790e
e6f570094305dabd55355842c61dd6b851bda2b3c2cf785253a9d7355b4bff25
GET /ajax/libs/video.js/5.20.3/video-js.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: text/css; charset=utf-8
content-length: 12020
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0401e-99c8"
last-modified: Mon, 04 May 2020 16:17:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 14485693
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n63ocsCfdHJPrHRzcS%2F4dGVajNvVcZGH4IXDCCZiawQJevKpNVAadQv0HR4Mn2VFA1mb9RF7%2BRDuvI8TwqXdnBqR93SEFypZ3TQPvkBgoGSd8QnJb24OOvWkyHvwe3QXSRxjjqNM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945232c58b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/video.js/5.20.3/video.min.js
104.17.24.14200 OK 44 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/video.js/5.20.3/video.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (31992)
Hash b70521cd3823a72b55763e7e2c4ef079
c1d770e0362719ffd4868dc00f3b79541682ca5d
1624978bcfedc8e577a69444d7ac683254ce520750cad223f639950c83d47ff3
GET /ajax/libs/video.js/5.20.3/video.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 44324
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb0401e-3d5fb"
last-modified: Mon, 04 May 2020 16:17:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 11542084
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6BsHGUvcGe0VWvvow%2BdQoEHSkTfwZp%2BpSHG5TF2CXaRdnQ5ll%2Fq1ZWxf4Gup7exou79HFX6cZLZyZ%2FagtA4%2Be5tDSgDiKvk8ow0gHGd1u3e1kJGU58uh2HhdMEwPBVevjPp7rlRg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945233c74b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
151.101.85.229200 OK 1.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (1619)
Hash 0216b1edd2fa7ad9cfa258108fd95af4
39c12f744959428d391ab0593dcc69295e63fd18
ae34cfdf4075a9766062b578ca857f1b10e53ea9979d87769b37bc388daf1138
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 23 Nov 2022 10:37:32 GMT
age: 15220
x-served-by: cache-fra-eddf8230059-FRA, cache-bma1621-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1062
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.10.0/js/md5.min.js
104.17.24.14200 OK 1.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.10.0/js/md5.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (3730)
Hash 05661a68288a93edb3a6009260995872
bdfd274ad45670c0f7e162d33f521576dc3b71f4
611c3d43cc5a80a7e4831274225cf0b97d28edf26e4c1e4d7a1adfc06929c0f4
GET /ajax/libs/blueimp-md5/2.10.0/js/md5.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 1339
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8b-eb6"
last-modified: Mon, 04 May 2020 16:06:35 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 12243332
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ooexio2ZfUzrLyCLIdDAseDc6NI1m1MuXFrVORXMlEtd679hU1O71zoBVUofrUnTnCUkmGepCEhbpSrnIPbILl8bSHJOdlp4eucR7EQwKNcXZiU9shKyXQsXzLZrf6G3xGRJXdni"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945233c70b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jStorage/0.4.12/jstorage.min.js
104.17.24.14200 OK 2.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jStorage/0.4.12/jstorage.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (542)
Hash ec5adb5acdffd5db6b4e5978a2042874
c5eab3c8eb6a2a214e599d06d3295ddca37dd34c
0308db7a602a1a9819ac538afb08e0c57bea89c1a052521b2055ad385693353b
GET /ajax/libs/jStorage/0.4.12/jstorage.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 2503
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ebe-1e97"
last-modified: Mon, 04 May 2020 16:11:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 13780512
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRV3sq6f9ial1ACzaVU785scHWAAO4K03ciJBfQZGgFSUClsaH83HoVa7efGa9U%2FjrhluI2a1nEzmtWfF%2FvhlyePeOOd65xXuxo90gHSvuste5SlqOMUG3pi01M3W%2B2lccMFchar"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945234c77b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/json2/20160511/json2.min.js
104.17.24.14200 OK 1.2 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/json2/20160511/json2.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (3133)
Hash e97f465dd6f6747af6f7a54a0a6484cd
760d09ec643c3a05f825a7dd3256954df2adf112
e48b1c68cfc013bdc7e11c3a8951554e880c3b1f5cd99e1a9c993d1cbc6a9985
GET /ajax/libs/json2/20160511/json2.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 1235
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec8-c63"
last-modified: Mon, 04 May 2020 16:11:52 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1086816
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fpQNca7UFCKjhA1YK7czfdYhkqmpR6faRNCyjEG3PdEz5gZBPjBDDmfxbZk0029ldyLLdFrXbd6SJSPKhREB4w4j6ZhO0C9JU%2FKc4y4yrkD8hByAmJ%2F%2BDhxDxCqdzh%2F6zTkTknzz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945234c8ab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.min.js
104.17.24.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/peerjs/0.3.14/peer.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (32125)
Hash ac90cd1b5f01c2fab6e9f2189849b421
a35dde5d5695655fe7ccddf969b5535faeb4fd0c
7ae8e1712478be9918709714a29496d8fc83fbe742e000a38b6379647220ba5d
GET /ajax/libs/peerjs/0.3.14/peer.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 10459
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f88-a497"
last-modified: Mon, 04 May 2020 16:15:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 19935434
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1RO%2BV%2BqxYSzpNhWvBP5JxURSg7dBPhFkh5QdyncRlvnhv7Xl8S7H24veCNp14jX%2F1MCwyRrOPrcPveugpZb5raP9zVyLuN4LZAqy0SzU26Wmiv7tI83ZA74T9b3%2B%2FN7PZonerjAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945235c94b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery_lazyload/1.9.7/jquery.lazyload.min.js
104.17.24.14200 OK 1.1 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery_lazyload/1.9.7/jquery.lazyload.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (3309)
Hash edf1dd25b1ab3d24fbf2444b4061838c
e59cb30ed49d56313ee1f770f6784f5faaa1199f
c31915d8a610a15ca29180348abb37bdaff9d8bde76f13c0e78bc841e633c06e
GET /ajax/libs/jquery_lazyload/1.9.7/jquery.lazyload.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 1120
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-d35"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1787927
expires: Mon, 13 Nov 2023 10:37:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qKffzNi0ItqQV6%2Bt8qvOqyrScLI6YxKoebP1JjuyQEv%2FMu9ZeJ3lC4%2BHwUlX5B3vKmZMfv3jSdHwjK9RNoabcdRwpZUUoaOL14RAitK4ZjmF%2BukCWO2LEFJcr570kbCy8MgDZ6b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76e945241dd3b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Wed, 23 Nov 2022 10:37:32 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 2.1 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
File type gzip compressed data, from Unix\012- data
Hash 6442708c71aefea0458532bae4285b01
656b3e55014be9fee291faa423d582d8a6969dbe
debe3e2a042e319adf4da3fe9638a0d67ad10c256971fd337a46aee412a1188f
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "45D62751EB8C99050148DBA50C8A82B8170ECCEF"
Expires: Wed, 23 Nov 2022 21:00:00 GMT
Last-Modified: Wed, 23 Nov 2022 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2325
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e945246c4fb509-OSL
r3.o.lencr.org/
23.36.76.226200 OK 775 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4349cb781c1b15aa332463e8fd5cbd2f
90f5aa525765c9716475942a104df4a7f6d99a92
0f5be5436cc739761d835853430aae2b6b177f886868142d85afbace822e6f9e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53C65A35FFCA7928AC266270A55DFC462D025720265F4E67B00549F2C9D37881"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=691
Expires: Wed, 23 Nov 2022 10:49:03 GMT
Date: Wed, 23 Nov 2022 10:37:32 GMT
Connection: keep-alive
static-clst.avgle.com/videos/tmb13/429896/default.jpg
45.133.44.9200 OK 21 kB URL HTTP/2 static-clst.avgle.com/videos/tmb13/429896/default.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash 4f016ffaaf2f892c6f2dc7f72a0c84fe
c91d3adf1a3c2d95ec16a582eeddc7340b0c0204
7c9fe38374a035e8394f0dfac1957f002ca8e0a0c1497d84ba5ae73e45815c84
GET /videos/tmb13/429896/default.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: image/jpeg
content-length: 21175
server: nginx/1.16.1
last-modified: Thu, 03 Sep 2020 05:06:15 GMT
etag: 4f016ffaaf2f892c6f2dc7f72a0c84fe
x-timestamp: 1599109574.74884
x-object-meta-mtime: 1599109574.720120244
x-trans-id: tx0afe94b91408427091c48-0062a9e590
x-openstack-request-id: tx0afe94b91408427091c48-0062a9e590
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:32 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 065495ec7a963a205abd9c8dbc75cb5d
ea416d0df4f6706150bda5da2077174f5cdd986b
1b2a2afee887651b23a849f14ace89b330329f6bf61c331545a3f6d12037aee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-clst.avgle.com/users/801235.jpg
45.133.44.9200 OK 69 kB URL HTTP/2 static-clst.avgle.com/users/801235.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
Hash defb0c0ca5767044e0340952536d6a2f
a57332668d9eaa8e9b20143ffad2ec4cac5112a8
c8c0657982c762588c2f62eb166fa87552fa210012b59e92227ed4f827d06628
GET /users/801235.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avgle.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: image/jpeg
content-length: 68643
server: nginx/1.16.1
x-object-meta-mtime: 1604971990.466799092
last-modified: Tue, 10 Nov 2020 01:33:11 GMT
etag: d892d8003132ef004f47c0e5f7d878d9
x-timestamp: 1604971990.31654
x-trans-id: txf9abeeeff95f42d6bb0f3-0062a8dd87
x-openstack-request-id: txf9abeeeff95f42d6bb0f3-0062a8dd87
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:32 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 065495ec7a963a205abd9c8dbc75cb5d
ea416d0df4f6706150bda5da2077174f5cdd986b
1b2a2afee887651b23a849f14ace89b330329f6bf61c331545a3f6d12037aee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static-clst.avgle.com/av/11.gif
45.133.44.9200 OK 1.0 MB URL HTTP/2 static-clst.avgle.com/av/11.gif
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 300 x 250\012- data
Size 1.0 MB (1031414 bytes)
Hash 562e7633504e467a32b098c3ed097193
ab107cb9123b9ff72f8ab3e5f7f154de99ae0cde
65aeb8e37e70b909142363a8a345685103848c9ddca099ad0a4919fe171bc4ce
GET /av/11.gif HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avgle.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:32 GMT
content-type: image/gif
content-length: 1031414
server: nginx/1.16.1
last-modified: Mon, 16 Jul 2018 06:00:03 GMT
etag: 562e7633504e467a32b098c3ed097193
x-timestamp: 1531720802.06411
x-object-meta-mtime: 1531720803.689893764
x-trans-id: tx770aba3a04c940288d819-0062a879bf
x-openstack-request-id: tx770aba3a04c940288d819-0062a879bf
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:32 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 540214403653202b567bbdb8bd9a9c53
6342a7ea2e234a16e3649f5def6e6b4ee71f4327
0e98c628ccc37531db4adadd4a47f284c9cfb43cdcf1126edf72afb77f144467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E98C628CCC37531DB4ADADD4A47F284C9CFB43CDCF1126EDF72AFB77F144467"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11307
Expires: Wed, 23 Nov 2022 13:45:59 GMT
Date: Wed, 23 Nov 2022 10:37:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 540214403653202b567bbdb8bd9a9c53
6342a7ea2e234a16e3649f5def6e6b4ee71f4327
0e98c628ccc37531db4adadd4a47f284c9cfb43cdcf1126edf72afb77f144467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E98C628CCC37531DB4ADADD4A47F284C9CFB43CDCF1126EDF72AFB77F144467"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11307
Expires: Wed, 23 Nov 2022 13:45:59 GMT
Date: Wed, 23 Nov 2022 10:37:32 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Open+Sans:400,700
142.250.74.10200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 142.250.74.10:0
Hash 20447aa3fadc7b304b012367f697dce7
0c90812229b178eb08a0c26866b943ec05b63d82
b22f02336cdffa464ca873c9558211d9d6f2d875a4c75adfa6aa9287c91181d2
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 23 Nov 2022 10:37:32 GMT
date: Wed, 23 Nov 2022 10:37:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 23 Nov 2022 10:11:11 GMT
cache-control: public,max-age=3600
age: 1581
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6242
Cache-Control: max-age=87205
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:32 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 10:50:57 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 18 kB IP 142.250.74.3:0
Hash b1f673a570558fd6d55fbbc29184bf41
ad2c4d32a9ec5400a8631a745cbe00a975b657ea
8b426f0fc43100d73497f736ba751b83c5da1aa8894ab01ad82c3968978442bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e238b3d81c4cebbbdef2975be450bec0
ca3c31ff2418da628f98ad427af626b6db3477f7
3d5213a5052d7090676e7a13ec0c5807f370aa58eed4855de838c457b04efa79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:27:05 GMT
Expires: Tue, 29 Nov 2022 08:27:04 GMT
Etag: "ca3c31ff2418da628f98ad427af626b6db3477f7"
Cache-Control: max-age=509971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e945247c42b4fa-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e238b3d81c4cebbbdef2975be450bec0
ca3c31ff2418da628f98ad427af626b6db3477f7
3d5213a5052d7090676e7a13ec0c5807f370aa58eed4855de838c457b04efa79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:27:05 GMT
Expires: Tue, 29 Nov 2022 08:27:04 GMT
Etag: "ca3c31ff2418da628f98ad427af626b6db3477f7"
Cache-Control: max-age=509971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e94527f8fcb4fa-OSL
poweredby.jads.co/js/jads.js
185.94.236.244301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
cellarpassion.com/0b/f5/91/0bf5912fc4018c81ad1216ca56074d5b.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 cellarpassion.com/0b/f5/91/0bf5912fc4018c81ad1216ca56074d5b.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37136), with no line terminators
Hash 1d443c19cbae2f017ac86471f750d4ce
3b8a7003198c591080ce3576460193ffab468ae7
cdc7d71e9e1dcd582bfcd11c9fb55e2a96502b9482a5dd79d27fc87ac069dd87
Analyzer Verdict Alert quad9 Sinkholed
GET /0b/f5/91/0bf5912fc4018c81ad1216ca56074d5b.js HTTP/1.1
Host: cellarpassion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39ff66add14f6046b8aea2d3163dda21
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e238b3d81c4cebbbdef2975be450bec0
ca3c31ff2418da628f98ad427af626b6db3477f7
3d5213a5052d7090676e7a13ec0c5807f370aa58eed4855de838c457b04efa79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:27:05 GMT
Expires: Tue, 29 Nov 2022 08:27:04 GMT
Etag: "ca3c31ff2418da628f98ad427af626b6db3477f7"
Cache-Control: max-age=509971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e945281b9fb4ff-OSL
cellarpassion.com/be/fd/41/befd41ae888030d201577e0b904c54e7.js
173.233.137.36200 OK 29 kB URL HTTP/1.1 cellarpassion.com/be/fd/41/befd41ae888030d201577e0b904c54e7.js
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 677d2722673250ecfe13135a2199f3c1
c097be0f66e33ef6dafb7cb85f790547b29d3ad0
100802cb7f487612dd91fb52ab0b32ee7f9f32f21788d4a327aa0dcec122d7a1
Analyzer Verdict Alert quad9 Sinkholed
GET /be/fd/41/befd41ae888030d201577e0b904c54e7.js HTTP/1.1
Host: cellarpassion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3d972e119ef39cfe005f95e2865c7b0d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e238b3d81c4cebbbdef2975be450bec0
ca3c31ff2418da628f98ad427af626b6db3477f7
3d5213a5052d7090676e7a13ec0c5807f370aa58eed4855de838c457b04efa79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 08:27:05 GMT
Expires: Tue, 29 Nov 2022 08:27:04 GMT
Etag: "ca3c31ff2418da628f98ad427af626b6db3477f7"
Cache-Control: max-age=509971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e945283c7ab51d-OSL
push.services.mozilla.com/
44.237.163.41101 Switching Protocols 439 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.163.41:0
Hash 91ae9446e9608ad9a90c94edc203c773
29eccec768717682ef041c4afacb72cbb52ae834
4020eac97b87a0774066c7085491eb1323e25c1010a34b56de18d185dadb4d31
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 52G6IDFapEgb0f4mh/LMJQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 78bRdiYIe6qta9CiO8FW2sONke0=
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 82401689b683af7cb8bfc79971fcaacc
e1bd44f9f5a52703768671ebed52417d29c70d14
a0edcb7c8b70be0faae8f29ae8a8672a29e1113389d93454d821fb69d3d1e28c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A0EDCB7C8B70BE0FAAE8F29AE8A8672A29E1113389D93454D821FB69D3D1E28C"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12541
Expires: Wed, 23 Nov 2022 14:06:34 GMT
Date: Wed, 23 Nov 2022 10:37:33 GMT
Connection: keep-alive
poweredby.jads.co/js/jads2.js
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.244:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avgle.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:33 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Wed, 23 Nov 2022 10:37:33 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3ac9d4b21bf0dd17e1a638b3ffb7b550
99f0b6faf30610a0f701dce2f4f5ac885a2b5a3a
6a685e8d10b091280d4896ea3d1babc05c08aa9ab4d527a3dca07bca7a95ac67
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98868
Date: Wed, 23 Nov 2022 10:37:33 GMT
Etag: "637ccf16-1d7"
Expires: Thu, 24 Nov 2022 14:05:21 GMT
Last-Modified: Tue, 22 Nov 2022 13:31:02 GMT
Server: ECS (dcb/7EEC)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Rn8bvTKtybexTAHaqDkXiBEjQrFbMXtfUi0Tav8lgZ1WPsqXi07DjA==
Age: 2059
simplewebanalysis.com/stats
18.185.190.54200 OK 4.2 kB URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
Hash 595887cd7372845cb4639b661e34722d
6be3c2a1d1d84cc046b3473c34aa22d44a257031
0bcc38b6a1024ac124cbd49b119462640d2b915d05dd6a30388758337432f3de
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://avgle.com
access-control-allow-credentials: true
set-cookie: uid_id2=a22b50ab-6799-475a-a822-e7508e40158e:1:1; expires=Sat, 20 Nov 2032 10:37:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3ac9d4b21bf0dd17e1a638b3ffb7b550
99f0b6faf30610a0f701dce2f4f5ac885a2b5a3a
6a685e8d10b091280d4896ea3d1babc05c08aa9ab4d527a3dca07bca7a95ac67
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96928
Date: Wed, 23 Nov 2022 10:37:33 GMT
Etag: "637ccf16-1d7"
Expires: Thu, 24 Nov 2022 13:33:01 GMT
Last-Modified: Tue, 22 Nov 2022 13:31:02 GMT
Server: ECS (dcb/7F13)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wbcEyNxEVaKU6K5N3BqQbshyUDBTe1UZks6iifmvOdpYWpKUfh-KIA==
Age: 119
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 5b0ddacb6e172a7e1ee64301b3a81929
88ad9e896c10d420a8a3fdde620e59f54e400597
7055bd5a3294223b9e3226e8a4e8a76db5fd92644c71fdb7a46f6489b1db716b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://avgle.com
access-control-allow-credentials: true
set-cookie: uid_id2=c486212e-870f-4581-bbc9-27f144f88ba6:1:1; expires=Sat, 20 Nov 2032 10:37:33 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 82401689b683af7cb8bfc79971fcaacc
e1bd44f9f5a52703768671ebed52417d29c70d14
a0edcb7c8b70be0faae8f29ae8a8672a29e1113389d93454d821fb69d3d1e28c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A0EDCB7C8B70BE0FAAE8F29AE8A8672A29E1113389D93454D821FB69D3D1E28C"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12541
Expires: Wed, 23 Nov 2022 14:06:34 GMT
Date: Wed, 23 Nov 2022 10:37:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 965364ed25e7fb7aa5a20edc0d75f46c
c0f6d3f1ea2b3aea84325c3394506251d41a58f6
9d0fd157bc98e44f661ae8a42155680d6f887cc6c261f360e5bfb5936639d038
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D0FD157BC98E44F661AE8A42155680D6F887CC6C261F360E5BFB5936639D038"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10532
Expires: Wed, 23 Nov 2022 13:33:05 GMT
Date: Wed, 23 Nov 2022 10:37:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1743d3006d8795e72132f0ba7ceb9ab
f0a54160253643c30664494929a2bcad1b588758
ba89480f86e7a00ec063f75ea94a86fb806679d09090db14be6863b5cfb19d80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA89480F86E7A00EC063F75EA94A86FB806679D09090DB14BE6863B5CFB19D80"
Last-Modified: Mon, 21 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7986
Expires: Wed, 23 Nov 2022 12:50:39 GMT
Date: Wed, 23 Nov 2022 10:37:33 GMT
Connection: keep-alive
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
216.58.207.195200 OK 35 kB URL HTTP/2 fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 34852, version 1.0\012- data
Hash 0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:17:47 GMT
expires: Thu, 23 Nov 2023 08:17:47 GMT
cache-control: public, max-age=31536000
age: 8386
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 661 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 66d097d5699c756903e66ca3537ec9d3
195cbb392da23f4a29a1d442a6e27ffd52bd7053
9c864d40409c792a012be628d0281a028ce3a96f23e421f368dd09d0f28dae57
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8865E4ED2BD051BB80F55AC07AA310D68863082AF5E2382729740BACF9EEF5BB"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Wed, 23 Nov 2022 12:48:04 GMT
Date: Wed, 23 Nov 2022 10:37:33 GMT
Connection: keep-alive
parkingridiculous.com/pixel/purst?dl=0&th=0&sc=0&rs=1612&rd=1612&fd=1016&bv=22.10.v.10&tmpl=136
173.233.137.36200 OK 0 B URL HTTP/1.1 parkingridiculous.com/pixel/purst?dl=0&th=0&sc=0&rs=1612&rd=1612&fd=1016&bv=22.10.v.10&tmpl=136
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1612&rd=1612&fd=1016&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r.trackwilltrk.com/s1/71ecf247-65a7-4be4-8c6d-e8e2855141c9?externalId=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv1=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623c966461d6e2757e4d7921&cv5=623c962a61d6e2790d5b93d2&cv6=en&cv7=300X250+Next+to+Video+C&cv8=Firefox&cv9=5cebd9b761d6e237774d8107&cv10=exim_adxad_stub2_300x250_
185.98.53.17200 OK 9.6 kB URL HTTP/1.1 r.trackwilltrk.com/s1/71ecf247-65a7-4be4-8c6d-e8e2855141c9?externalId=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv1=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623c966461d6e2757e4d7921&cv5=623c962a61d6e2790d5b93d2&cv6=en&cv7=300X250+Next+to+Video+C&cv8=Firefox&cv9=5cebd9b761d6e237774d8107&cv10=exim_adxad_stub2_300x250_
IP 185.98.53.17:0
ASN #39572 DataWeb Global Group B.V.
Hash c47947baf60a5fb7b6041a1639f3c2c3
f012feb7979b01a4dc120c6b1c6a51e280127e73
251a8a297bd252c97fe4a936207a80eee3ef9ee2b3a0e24022957716fe1f1088
GET /s1/71ecf247-65a7-4be4-8c6d-e8e2855141c9?externalId=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv1=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&cv2=0c1c5c30286e1db21a741e4b62c8b6e4&cv3=desktop&cv4=623c966461d6e2757e4d7921&cv5=623c962a61d6e2790d5b93d2&cv6=en&cv7=300X250+Next+to+Video+C&cv8=Firefox&cv9=5cebd9b761d6e237774d8107&cv10=exim_adxad_stub2_300x250_ HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 771
Connection: close
Set-Cookie: uid=U9-cGuSap; Path=/; Domain=trackwilltrk.com; Expires=Thu, 24 Nov 2022 10:37:33 GMT; HttpOnly
X-Request-Id: 141566b1-afbd-40e4-9ee3-ee4aea030ce5
static.adxadserv.com/css/wm.css
185.76.9.21200 OK 24 kB URL HTTP/2 static.adxadserv.com/css/wm.css
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type ASCII text, with CRLF line terminators
Hash 897f78ffddea865eee36ad3fa9a9180b
ffdd22ccd360d3bc8e17752e0cadf517ebf6c5dd
5317242029314df74c2494b36b0f61ddfb854862c986ebfb567304674b49dd79
GET /css/wm.css HTTP/1.1
Host: static.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/css
last-modified: Mon, 03 Aug 2020 09:41:06 GMT
etag: W/"5f27dbb2-711"
x-accel-expires: @1669892870
server: CDN77-Turbo
x-77-nzt: AblMCRSuGkj/5z4FAA
x-77-nzt-ray: af5856306cb0b5eaedf77d63e79b7925
x-cache: HIT
x-age: 343783
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
adxadserv.com/ascripts/pxl.js
185.98.53.29200 OK 23 kB URL HTTP/1.1 adxadserv.com/ascripts/pxl.js
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (36114)
Hash 72d1139e9f2e6ebe3f51c9193edb4439
cd356eb9eaab433ac792406ba36d4304b6450571
74553d0effe74cd6a4f1424940f7fd133c5457ff1d5c53030e651ec6612bec88
GET /ascripts/pxl.js HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Sep 2020 09:55:41 GMT
ETag: W/"5f6dbe9d-12fee"
Expires: Wed, 23 Nov 2022 08:32:59 GMT
Cache-Control: max-age=86400, public
X-77-NZT: AblMCgEj0U7/MR0AAA
X-77-NZT-Ray: 382b0f1942de0fa6edf77d6338fe4131
X-Cache: HIT
X-Age: 7473
X-77-POP: amsterdamNL
X-77-Cache: HIT
Content-Encoding: br
parkingridiculous.com/b5/5c/2b/b55c2b98fc19fa6550a3224114874bf8.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 parkingridiculous.com/b5/5c/2b/b55c2b98fc19fa6550a3224114874bf8.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37157), with no line terminators
Hash 5e23b73ca1ac7371a67cc799f9cd7e70
d9c39d4399f9f891af7fef743bec0690ef8296d9
9a9af3a03942a6f524d4cd2bdcf87e0f71f2a80b6c725972d19373d5846b8448
Analyzer Verdict Alert quad9 Sinkholed
GET /b5/5c/2b/b55c2b98fc19fa6550a3224114874bf8.js HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d8f4ff974ed93c80c51f580580426229
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5cebd9b761d6e237774d8107%2526type%253D300x250%2526output%253Diframe&ref=https%253A%252F%252Favgle.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669199853070&t_i=1669199853212&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&spid=5cebd9b761d6e237774d8107&fpid_sa=1669199853212&fpid=&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.359
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5cebd9b761d6e237774d8107%2526type%253D300x250%2526output%253Diframe&ref=https%253A%252F%252Favgle.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669199853070&t_i=1669199853212&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&spid=5cebd9b761d6e237774d8107&fpid_sa=1669199853212&fpid=&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.359
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/event/v1?e_t=pageview&url=https%253A%252F%252Fads.adxadserv.com%252Fad%253Fspotid%253D5cebd9b761d6e237774d8107%2526type%253D300x250%2526output%253Diframe&ref=https%253A%252F%252Favgle.com%252F&d_r=1&d_s=1280x1024&d_w=300x250&t_s=1669199853070&t_i=1669199853212&u_tz=0&u_l=en-US&u_l2=&u_l3=&pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&nav_rc=0&nav_nt=NAVIGATE&p_nn=adxad-rtb&p_pt=IFRAME&imid=d6c45d4e-6b1a-11ed-a3c4-e25a5bb9767f&spid=5cebd9b761d6e237774d8107&fpid_sa=1669199853212&fpid=&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=1&e_d=%7B%22isResetRequired%22%3Atrue%7D&t_op=0.359 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Length: 0
Connection: keep-alive
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 5b0ddacb6e172a7e1ee64301b3a81929
88ad9e896c10d420a8a3fdde620e59f54e400597
7055bd5a3294223b9e3226e8a4e8a76db5fd92644c71fdb7a46f6489b1db716b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Cookie: uid_id2=c486212e-870f-4581-bbc9-27f144f88ba6:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://avgle.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 607232423af0b8b170455e11c4b2326f
d4ece5924755b6bb2b5b9003ca016fe6976108de
22d9df5c536dcac72101a81dcfef75af8b69f3f7fead38f8ae75efdbbf5b15fb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22D9DF5C536DCAC72101A81DCFEF75AF8B69F3F7FEAD38F8AE75EFDBBF5B15FB"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9241
Expires: Wed, 23 Nov 2022 13:11:35 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5f66a8802b119284e5d3da1f65cfc122
6798c260fbdfacb24916b82d5ddbd5bbdee6c34f
1cb4f72624d3ed4031c612190b6450912fec94e35656740e00de7ac0ff13f7f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CB4F72624D3ED4031C612190B6450912FEC94E35656740E00DE7AC0FF13F7F4"
Last-Modified: Mon, 21 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17947
Expires: Wed, 23 Nov 2022 15:36:41 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ec1e3b609a748da63f0017a93d80a533
b3cd97bb07c4a9fbcd06f07ea24727858dd6807f
ed91750c0aefa43a3751c0603e5d8702f5792afabe8f26032930296b81d8c0c7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3485
Cache-Control: max-age=116103
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Etag: "637d0cd8-117"
Expires: Thu, 24 Nov 2022 18:52:37 GMT
Last-Modified: Tue, 22 Nov 2022 17:54:32 GMT
Server: ECS (amb/6BB3)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ec1e3b609a748da63f0017a93d80a533
b3cd97bb07c4a9fbcd06f07ea24727858dd6807f
ed91750c0aefa43a3751c0603e5d8702f5792afabe8f26032930296b81d8c0c7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3485
Cache-Control: max-age=116103
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Etag: "637d0cd8-117"
Expires: Thu, 24 Nov 2022 18:52:37 GMT
Last-Modified: Tue, 22 Nov 2022 17:54:32 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
creative.xlrdr.com/widgets/v4/Universal?tag=girls/chinese&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=asedvse300x250&creativeId=asedvse300x250&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
104.18.59.150200 OK 79 kB URL HTTP/2 creative.xlrdr.com/widgets/v4/Universal?tag=girls/chinese&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=asedvse300x250&creativeId=asedvse300x250&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid}
IP 104.18.59.150:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 48208a3fd0c456555b89203d22ed8380
6dea889524e96ff58be4f937b91596e4f5b4136f
c93cf68ba672503f4fae07518904f4ec2d9cbe97a135f9eae5bba2e9259eaeab
GET /widgets/v4/Universal?tag=girls/chinese&thumbsMargin=0&gridRows=1&gridColumns=1&sourceId=asedvse300x250&creativeId=asedvse300x250&responsive=0&hideButton=1&hideTitle=1&userId=2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d&autoplay=all&autoplayForce=1&showModal=signup&memberId={clickid} HTTP/1.1
Host: creative.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
content-type: text/html
last-modified: Wed, 16 Nov 2022 07:56:27 GMT
expires: Wed, 23 Nov 2022 10:37:31 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 10
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e945306a940af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=731571
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=731571
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (400), with CRLF, LF line terminators
Hash ee85578f254080e7773b425d5fdfa953
ce28a5381800c11d237f5f829041bdf97ad20dfb
7e46223e23c8be29b128f317406ee27ead4d102d61705aaa1a78e4a3139dc325
GET /adshow.php?adzone=731571 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps53761=1; expires=Thu, 24-Nov-2022 10:37:33 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE1MDg2ODk7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c716dff796b8c8f12f7d0a04ac83e0f0
3ced70165752971ebef762dfeee83006b9adac81
f4b974782a15c189ad4e3d401d2ecbfb42e22dfbc3b20322b8ad90e2fe3c0a6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 708
Cache-Control: max-age=144685
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Etag: "637d8757-117"
Expires: Fri, 25 Nov 2022 02:48:59 GMT
Last-Modified: Wed, 23 Nov 2022 02:37:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ads.adxadserv.com/ad?spotid=5cebd9b761d6e237774d8107&type=300x250&output=iframe
185.98.53.2200 OK 5.3 kB URL HTTP/2 ads.adxadserv.com/ad?spotid=5cebd9b761d6e237774d8107&type=300x250&output=iframe
IP 185.98.53.2:0
ASN #39572 DataWeb Global Group B.V.
Hash e9c1e7487e77c53c3d1f2ce9b483a4e7
9891436f2cbae2ff2a2e3768f3af748c000e722a
e5d502b6fca4c4c09fe6c87cd32b19ca76a54a3dc43f418f61466c78dfc556da
GET /ad?spotid=5cebd9b761d6e237774d8107&type=300x250&output=iframe HTTP/1.1
Host: ads.adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.109.35200 OK 31 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.109.35:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 07d4df1affcabe3c0dda80e67afbf6d7
b86f80d627d271de4a562dbcbe10bd8d4d8f8df0
33ff078e0038e578a87c94b1a5cc5688116644f07e518abaf8498a390b097365
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 07395271c5223b6980b9d380fa472989
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 23 Nov 2022 10:37:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hp7NM6l5H%2FtYXjxgBcxY51jS4IcGLk7fT%2B52wIbbWHg%2BCQB37p0vLKY0Lm25nolr0qJ3lRp6bH5TiEwVW7cqp86sYG2g6BOJ4dTKZ0HfM2l8rwo%2FtFXBfgS7ugIE21CWa7eSXFg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e9452a6db8067a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.51.106200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.51.106:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Origin: https://creative.xlrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: JkCGjUrgnBgB5Ldx8o/A8ASqNLV5nPIAdv57lupABlhL2wyLLTncvB9KXBxRs01tDEzM0AFmFH4=
x-amz-request-id: 3YWDZBTT5KXYP4SY
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6233
expires: Wed, 23 Nov 2022 14:37:34 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e94531dfb0b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fed7f1170d3aa08054938e690011d46
ed4ed49acb7327af2b4c0688045c6a7806cfbfdb
7892a48c8db54ece1b4a82ee4b1d4e24e90ccd9c6a71a68e2c8c9f2c602839b9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7892A48C8DB54ECE1B4A82EE4B1D4E24E90CCD9C6A71A68E2C8C9F2C602839B9"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8107
Expires: Wed, 23 Nov 2022 12:52:41 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
poweredby.jads.co/adshow.php?adzone=623122
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=623122
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 3a1ba927db2f68a7f7908bfe31916bb9
9517ef475f3180afb8bffb2a4f70da00555830d4
3d5e3380536f943a9543b09b7f54c0fb17c9ea77e3cc52f230cfd04a8997b3f3
GET /adshow.php?adzone=623122 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps53761=1; expires=Thu, 24-Nov-2022 10:37:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE1MDg2Nzc7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c716dff796b8c8f12f7d0a04ac83e0f0
3ced70165752971ebef762dfeee83006b9adac81
f4b974782a15c189ad4e3d401d2ecbfb42e22dfbc3b20322b8ad90e2fe3c0a6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 708
Cache-Control: max-age=144685
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Etag: "637d8757-117"
Expires: Fri, 25 Nov 2022 02:48:59 GMT
Last-Modified: Wed, 23 Nov 2022 02:37:11 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
analitits.com/t/xfeid?cb=gl.cb.xf
31.220.24.19200 OK 65 B URL HTTP/1.1 analitits.com/t/xfeid?cb=gl.cb.xf
IP 31.220.24.19:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash e14b0ebea322259b6bea4af561f7c332
66352ce804240b9d638c7bb25f7dfb2531ea4fc2
010fec23e9e67ff57410ceb00f2e77d81c85f383798bef7b1ab924014730af64
GET /t/xfeid?cb=gl.cb.xf HTTP/1.1
Host: analitits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: application/octet-stream
Content-Length: 65
Connection: keep-alive
Set-Cookie: xfeid=5ae274fe73b1134094e8e81b5c16e13b; expires=Tue, 01 Jan 2030 00:00:00 GMT; path=/; domain=.analitits.com
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 864000
poweredby.jads.co/adshow.php?adzone=830370
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830370
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash a8e0fa428a7abe4eee3c03832bbfc821
1b6243bf9834738cdac40720c96f4a22e687a544
60f928a6ceceb50e43a7d993d1ad15c47723b8f99f10b7a6c5400e083e4b0e99
GET /adshow.php?adzone=830370 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps50289=1; expires=Thu, 24-Nov-2022 10:37:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEzODkyMTE7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user179029/53761-1668593605-0495303001668593605.gif
69.16.175.10200 OK 139 kB URL HTTP/2 i.jads.co/network/user179029/53761-1668593605-0495303001668593605.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 139 kB (138950 bytes)
Hash f2a0bb300689cf647dfee3b64ef33aac
9d8ca6abcbf06f0719d2c3a33b66ce3fd6e32d5d
36e2da122eace6dba22fae0b0c5b2b87f658a0129f3653d4af1b60141d51df7a
GET /network/user179029/53761-1668593605-0495303001668593605.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjE1MDg2ODk7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1668593605"
cache-control: max-age=30990341
content-length: 138950
content-type: image/gif
last-modified: Wed, 16 Nov 2022 10:13:25 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds258.sk1.c
X-Firefox-Spdy: h2
go.xlrdr.com/config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fchinese%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3Dasedvse300x250%26creativeId%3Dasedvse300x250%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
104.18.59.150200 OK 6.0 kB URL HTTP/2 go.xlrdr.com/config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fchinese%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3Dasedvse300x250%26creativeId%3Dasedvse300x250%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D
IP 104.18.59.150:0
File type ASCII text, with very long lines (13315), with no line terminators
Hash 22fe2a5820b27d522df87af920822397
c28075a6c8c9322900d75b80bd8d427e5dc18798
e5352f6f1ca6ac2a270e3f01a7936e6361af8da6af2f4f3785710531a6dea42a
GET /config?url=https%3A%2F%2Fcreative.xlrdr.com%2Fwidgets%2Fv4%2FUniversal%3Ftag%3Dgirls%2Fchinese%26thumbsMargin%3D0%26gridRows%3D1%26gridColumns%3D1%26sourceId%3Dasedvse300x250%26creativeId%3Dasedvse300x250%26responsive%3D0%26hideButton%3D1%26hideTitle%3D1%26userId%3D2ff61e17e3557af46fe2d3810f37b5c411b3fbc3852006cff0fa2d8d6e4a6f7d%26autoplay%3Dall%26autoplayForce%3D1%26showModal%3Dsignup%26memberId%3D%7Bclickid%7D HTTP/1.1
Host: go.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Origin: https://creative.xlrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
content-type: application/json
access-control-allow-origin: *
last-modified: Wed, 23 Nov 2022 10:12:41 GMT
cf-cache-status: EXPIRED
set-cookie: __cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLENSNeL4AyaZXr; SameSite=None; Secure; path=/; expires=Thu, 24-Nov-22 09:37:34 GMT; HttpOnly
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e94531bd351c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/network/user179029/53761-1668593369-0335749001668593369.gif
69.16.175.10200 OK 139 kB URL HTTP/2 i.jads.co/network/user179029/53761-1668593369-0335749001668593369.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 139 kB (138886 bytes)
Hash 0fe278046b527153d74b2f153d9ed5db
2358d1a81409da6120cd00dec0194aaa2ddd53ed
6e525a91d55f51637ca56229b56b169e79fdb47d7439cdd8e7f0893ceb4e3b20
GET /network/user179029/53761-1668593369-0335749001668593369.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjE1MDg2Nzc7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1668593369"
cache-control: max-age=30990341
content-length: 138886
content-type: image/gif
last-modified: Wed, 16 Nov 2022 10:09:29 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds230.sk1.c
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
69.16.175.10200 OK 43 B IP 69.16.175.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjE1MDg2Nzc7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1457030838"
cache-control: max-age=18025412
content-length: 43
content-type: image/gif
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds217.sk1.c
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=11288
date: Wed, 23 Nov 2022 10:37:34 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
parkingridiculous.com/pixel/pure
173.233.137.36204 No Content 0 B URL HTTP/1.1 parkingridiculous.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://avgle.com/
Origin: https://avgle.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
v1.addthisedge.com/live/boost/ra-58a2e9d645e86f23/_ate.track.config_resp
23.38.200.123200 OK 34 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-58a2e9d645e86f23/_ate.track.config_resp
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 3a9241a346d3b446f471156301fabaa4
4a108436729c1373ca5a639e2eccd1c758862aac
2cfc87cde7d1d87e0e1cb7cae35006a9a842d436e348d4b223b87efc484b5b5d
GET /live/boost/ra-58a2e9d645e86f23/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 34
date: Wed, 23 Nov 2022 10:37:34 GMT
content-type: application/json
cache-control: no-transform, s-maxage=0, max-age=0
X-Firefox-Spdy: h2
i.jads.co/network/user81419/50289-1654836986-0641598001654836986.gif
69.16.175.10200 OK 306 kB URL HTTP/2 i.jads.co/network/user81419/50289-1654836986-0641598001654836986.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 306 kB (306020 bytes)
Hash 5ab204c2c312d2f05dd313c303043780
0cdc037b59fee7621b909725f36c4ddf24df9f31
bb7cc60a8630ca8b32df8fd903f52143e54f99d94ceb62da8c9fbec5aa64ede3
GET /network/user81419/50289-1654836986-0641598001654836986.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjEzODkyMTE7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1654836986"
cache-control: max-age=17233760
content-length: 306020
content-type: image/gif
last-modified: Fri, 10 Jun 2022 04:56:26 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds228.sk1.c
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1a4066125f5a3736590e0368be10b81b
c69ed251555f18cc7a12e19a105589631452e2bf
3d34d749784cb3160181ded32069cffb0d897b55ec8bf7e7da35b729437078a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D34D749784CB3160181DED32069CFFB0D897B55EC8BF7E7DA35B729437078A8"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4333
Expires: Wed, 23 Nov 2022 11:49:47 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 23 Nov 2022 08:41:08 GMT
expires: Wed, 23 Nov 2022 10:41:08 GMT
cache-control: public, max-age=7200
age: 6986
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7970
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7970
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7970
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7970
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7970
Expires: Wed, 23 Nov 2022 12:50:24 GMT
Date: Wed, 23 Nov 2022 10:37:34 GMT
Connection: keep-alive
poweredby.jads.co/adshow.php?adzone=675182
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=675182
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 725681e7ff6caa3d4766d6bab74efe37
529f8b3974b64eb3f660646cb2ca48ffe8154f2c
143fc7a2904a5680f312ab4d7a7786719a9cbfc9aba68d68d0c2d009da21e26b
GET /adshow.php?adzone=675182 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps53583=1; expires=Thu, 24-Nov-2022 10:37:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjE1MDQ3MTM7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:32:26 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 154435687
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=732564
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=732564
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (398), with CRLF, LF line terminators
Hash 7f962f1a9f165fb7fa6dce13d9681340
6869639a001adcdac97e12d8148ebf0e6657ea2f
9abf2e2b507e1a9b022d8101d6db53cdbe99516f3dd7ae481be63541bed7199e
GET /adshow.php?adzone=732564 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps50289=1; expires=Thu, 24-Nov-2022 10:37:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEzODkyMTY7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cdc70ea570bedb3a19294a2e3cfcb1b
c3abc52da2458971b00416c5513894a8b60389f0
71f4c91b66b84d7bff6416d8efd1b95ca3aa3543a25489553d1acb6cd9b77308
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd46b36d-1888-40f4-b55e-f6905fed9018.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 7bb62ac1-5774-4e82-8438-9eded7ea71a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-JKMGFMIAMFovg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bef0d-06bd21480b42efd67f62c690;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:35:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FjB6qa579_iDdG_QfQwnlYUEnwv0vZHG0JetZw_gtSVuet7BROTwDw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:49:34 GMT
age: 46080
etag: "c3abc52da2458971b00416c5513894a8b60389f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
parkingridiculous.com/pixel/pure
173.233.137.36200 OK 0 B URL HTTP/1.1 parkingridiculous.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6380f73d47906bd63b9c48137e4df61
94e053461d2db89e9d08321f26a2555ebcd7e0b9
84144e3c3e7acc7339fd1da9b373f18582734b6f4d235b2aef8c90616ed1c8a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5914
x-amzn-requestid: 175363fa-bb7a-4c95-8aa4-ebb3f16f3745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1lI3HaqIAMFmTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63788238-1bb736b52bbae37c5e19486f;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 39Lmple6qq9vrKeKJ4lcditVdK5XfRFtv3Cs0_R8B7pVDYPiRAGFtg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:13:08 GMT
age: 44666
etag: "94e053461d2db89e9d08321f26a2555ebcd7e0b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1016500529&t=pageview&_s=1&dl=https%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&ul=en-us&de=UTF-8&dt=HNDS-039%20-%201%20-%20Avgle&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1475791691&gjid=860264231&cid=1248206368.1669199854&tid=UA-88439523-3&_gid=396800195.1669199854&_r=1&_slc=1&z=1441850535
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1016500529&t=pageview&_s=1&dl=https%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&ul=en-us&de=UTF-8&dt=HNDS-039%20-%201%20-%20Avgle&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1475791691&gjid=860264231&cid=1248206368.1669199854&tid=UA-88439523-3&_gid=396800195.1669199854&_r=1&_slc=1&z=1441850535
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j98&a=1016500529&t=pageview&_s=1&dl=https%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&ul=en-us&de=UTF-8&dt=HNDS-039%20-%201%20-%20Avgle&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1475791691&gjid=860264231&cid=1248206368.1669199854&tid=UA-88439523-3&_gid=396800195.1669199854&_r=1&_slc=1&z=1441850535 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://avgle.com
date: Wed, 23 Nov 2022 10:37:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ezHvyK3va4SioabOjSittTiLQRs_Q8k4TPxkiGp_svtZ8omDPTUN-A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 05:01:14 GMT
age: 20180
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.jads.co/network/user22489/53583-1667380105-0087119001667380105.jpg
69.16.175.10200 OK 44 kB URL HTTP/2 i.jads.co/network/user22489/53583-1667380105-0087119001667380105.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=8, height=250, xresolution=218, yresolution=226, resolutionunit=2, software=PaintShop Pro 17.00, width=300], baseline, precision 8, 300x250, components 3\012- data
Hash d76e134d81530475a320bfbf1112174a
9e044e56abfc6d07465d7251260e124d39e5544e
175ad7f43a9310209bc6d76c5d7850072f5bd84f93513d0f93df1a811fc94db4
GET /network/user22489/53583-1667380105-0087119001667380105.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjEzODkyMTY7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1; imps53583=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1667380105"
cache-control: max-age=29835315
content-length: 43796
content-type: image/jpeg
last-modified: Wed, 02 Nov 2022 09:08:25 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds252.sk1.c
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0cc111ba6ae699fca7fbff3490640960
18084197b48ea3b4a143636250396e8791d0285f
34fbba92e665ad371ea2bd1a871251cf0c5b7832d6f4661b21b2cfbd7f786923
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4977
x-amzn-requestid: 3e56de91-7ed1-4b1e-b230-5f19b2cc6601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bxQKBHzdIAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376c70c-41c572d27999534d3c198372;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 23:43:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Or1B6k7o4cYqVXfndjJsKLOV-aYKX8bfHCQIUqNzvofjQSnIf8f04A==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 07:46:44 GMT
age: 10250
etag: "18084197b48ea3b4a143636250396e8791d0285f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e8d7af3a5d030774447a0f71c7824f0
663cace8681891ad55943dd0273493aa9474d102
22068df04672281e392caa485259df103d591ab247c3eb5e0ccba10ffd8a9ef0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: ca8b7a9f-3c1a-419d-953e-2944bf820e5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBcR_Hd4IAMFWUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d40d9-4ca5e9b2476a47cd199b9cba;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gtzOoH3--VR9BQTHvU5vInc6yhBcK0-O1oBbVJpAhpRRqqKY8vAf_g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:45:48 GMT
age: 46306
etag: "663cace8681891ad55943dd0273493aa9474d102"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe1bda54-5235-4786-bafa-a111a9acd500.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe1bda54-5235-4786-bafa-a111a9acd500.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 448adf31ef3a09f7d8a45e1c038fe1d8
88e9613f90c14dca0b2c0b60103d0c8e4d859cc8
cedf0f3bd94dfde56b90f130fc960fe73d0131594b9b4ff0e8dbbe27d76b0926
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe1bda54-5235-4786-bafa-a111a9acd500.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8000
x-amzn-requestid: 9761ee4c-6da2-4b57-8fab-4d94ec810717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn1pXGrCIAMFe3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63730308-7628d58a621de956205e1f9c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:10:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pRbkuC0HMmZTAId5hWCbgs763wEzKLsxSo7iVWlSla5RYqhGxnzMrQ==
via: 1.1 100e7eca600d702a8613a94cb0899fe8.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 21:46:20 GMT
age: 46274
etag: "88e9613f90c14dca0b2c0b60103d0c8e4d859cc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
i.jads.co/network/user81419/50289-1654836998-0778443001654836998.gif
69.16.175.10200 OK 229 kB URL HTTP/2 i.jads.co/network/user81419/50289-1654836998-0778443001654836998.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 229 kB (229229 bytes)
Hash b1b23489779892122b80a6ea091e563f
4ab59c39bb0f60df70dae786da3c917d18e8c961
ced43e83d53927e0d7c40c382cc5bfd1f3849929c6077dc81a28a1ea7ee5b16a
GET /network/user81419/50289-1654836998-0778443001654836998.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjEzODkyMTY7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1; imps53583=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:34 GMT
etag: "1654836998"
cache-control: max-age=17233838
content-length: 229229
content-type: image/gif
last-modified: Fri, 10 Jun 2022 04:56:38 GMT
accept-ranges: bytes
x-hw: 1669199854.dop016.sk1.t,1669199854.cds202.sk1.hn,1669199854.cds228.sk1.c
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=731561
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=731561
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (359), with CRLF, LF line terminators
Hash 2943a260248be8f37589ebdda4ab883a
87178880a975d49bad86ae670c17e3a1f7e48963
05e59dcaefc957104a2508c90437d020ff44a17c547a21faf9ed8c5fec36da3e
GET /adshow.php?adzone=731561 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; expires=Thu, 23-Nov-2023 10:37:34 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r.trackwilltrk.com/s1/6ecefbc8-1e39-4005-889e-391ba9600f54?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731561&cv6=
185.98.53.17200 OK 761 B URL HTTP/1.1 r.trackwilltrk.com/s1/6ecefbc8-1e39-4005-889e-391ba9600f54?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731561&cv6=
IP 185.98.53.17:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (565)
Hash cfc2963e36a4850eab499dcd72a2d5c3
d15d390f184931c6a71371d669f8551b720b05f2
9d08e93c71b44661ea93179e5c3d99a9a823331ae3983f70f69b27220dfad38a
GET /s1/6ecefbc8-1e39-4005-889e-391ba9600f54?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731561&cv6= HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 761
Connection: close
Set-Cookie: uid=is9cGqZtp; Path=/; Domain=trackwilltrk.com; Expires=Thu, 24 Nov 2022 10:37:35 GMT; HttpOnly
X-Request-Id: e09821f5-9dfc-42d2-af84-b9ae6f809dca
poweredby.jads.co/adshow.php?adzone=731563
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=731563
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (359), with CRLF, LF line terminators
Hash f4c8cccf1aee1d5ce2db60e5c89183e0
f82188690a656e2b2586a3a4d3af7d612227b70d
a3880f79af814818a05b3ecf6f2a62c5ba34f96504e655b30c77caf5f65ee83c
GET /adshow.php?adzone=731563 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; expires=Thu, 23-Nov-2023 10:37:34 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=830369
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=830369
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (398), with CRLF, LF line terminators
Hash 350f8c713bca4bf4ea4a34ae8ddbc9e0
13f18dfaa539601f2254efda0c26656116942c35
630fbae7e90bf2c9a0554c555b1636f8cd4cf8d46da51b61ece4e148508c13f1
GET /adshow.php?adzone=830369 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; expires=Thu, 23-Nov-2023 10:37:33 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps50289=1; expires=Thu, 24-Nov-2022 10:37:34 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEzODkyMTQ7aToxNjY5NDU5MDUzO30%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:33 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
s4.histats.com/stats/3858761.php?3858761&@f16&@g1&@h1&@i1&@j1669199854251&@k0&@l1&@mHNDS-039%20-%201%20-%20Avgle&@n0&@o1000&@q0&@r0&@s1032&@ten-US&@u1280&@b1:55506879&@b3:1669199854&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&@w
192.99.13.63200 OK 124 B URL HTTP/1.1 s4.histats.com/stats/3858761.php?3858761&@f16&@g1&@h1&@i1&@j1669199854251&@k0&@l1&@mHNDS-039%20-%201%20-%20Avgle&@n0&@o1000&@q0&@r0&@s1032&@ten-US&@u1280&@b1:55506879&@b3:1669199854&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&@w
IP 192.99.13.63:0
File type ASCII text, with no line terminators
Hash ca56fa857aceef8249655d7cedbc7434
3951f9bd0f122cf0841e087ef29760620ba85261
a1631728d772005bb1c31cd99e7586b97dbdd9a0f2a3682a73f8d106d6f9a868
GET /stats/3858761.php?3858761&@f16&@g1&@h1&@i1&@j1669199854251&@k0&@l1&@mHNDS-039%20-%201%20-%20Avgle&@n0&@o1000&@q0&@r0&@s1032&@ten-US&@u1280&@b1:55506879&@b3:1669199854&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Favgle.com%2Fvideo%2FQuuHGHRGtHl%2Fhnds-039-1&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 124
Connection: close
i.jads.co/network/user81419/50289-1654836994-0157689001654836994.gif
69.16.175.10200 OK 229 kB URL HTTP/2 i.jads.co/network/user81419/50289-1654836994-0157689001654836994.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 229 kB (228567 bytes)
Hash 17b8a901ec7eb6043a2139a1c3cbb8bb
178a3092957b55b102ce5588acd7d27eb22949d7
2f03f841b35ee66bda5459e4a34d1b0362dbaa0daa69462684bd1fe8b13b8309
GET /network/user81419/50289-1654836994-0157689001654836994.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=0464a314b2ed86dc79109c2d6746280c; imps53761=1; juicy_data_1=YToxOntpOjEzODkyMTQ7aToxNjY5NDU5MDUzO30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1; imps53583=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
etag: "1654836994"
cache-control: max-age=17233532
content-length: 228567
content-type: image/gif
last-modified: Fri, 10 Jun 2022 04:56:34 GMT
accept-ranges: bytes
x-hw: 1669199855.dop016.sk1.t,1669199855.cds202.sk1.hn,1669199855.cds209.sk1.c
X-Firefox-Spdy: h2
s10.histats.com/counters/cc_1032.js
46.105.201.240200 OK 5.6 kB URL HTTP/2 s10.histats.com/counters/cc_1032.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (15441), with no line terminators
Hash 0ec7f2a21cef271e478d52652b3ce8f0
7644885c01d5197c2d8b26cfcdcbeb6d60b3f792
ce0aaf0880f892c04c6e8070b036cbf3822255136e47052eca1f9b712d56e84b
GET /counters/cc_1032.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:29:41 GMT
etag: "-33105628"
last-modified: Thu, 16 Apr 2020 10:44:41 GMT
x-request-id: 957318419
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 5573
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/16578/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2F7dc7db36-5f8b-4371-be88-d8342e8059a5%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731561%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzg2MDIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIyNDA3fQ
185.76.9.25200 OK 2.5 kB URL HTTP/2 static.javhdhello.com/h5/files/16578/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2F7dc7db36-5f8b-4371-be88-d8342e8059a5%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731561%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzg2MDIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIyNDA3fQ
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash fbe93b88815b7b7081a52406cb4fcce9
cbf525890e21f270bf50422369864f53acefac87
7167ede5d0d970c72371b01fbeb1efd7e99edb5877c37e7429a6281c1cbe463c
GET /h5/files/16578/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2F7dc7db36-5f8b-4371-be88-d8342e8059a5%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731561%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzg2MDIsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjEsInAiOjEsInMiOjIyNDA3fQ HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: text/html
last-modified: Wed, 19 Oct 2022 09:58:34 GMT
etag: W/"634fca4a-c82"
expires: Thu, 22 Dec 2022 18:52:04 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-accel-expires: @1671735124
server: CDN77-Turbo
x-77-nzt: AblMCRRhBrL/m90AAA
x-77-nzt-ray: af58563093aa1b01eff77d63eec3a80e
x-cache: HIT
x-age: 56731
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r.trackwilltrk.com/s1/2b160ca1-6619-4386-bf00-0df6fb4f0170?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731563&cv6=
185.98.53.17200 OK 761 B URL HTTP/1.1 r.trackwilltrk.com/s1/2b160ca1-6619-4386-bf00-0df6fb4f0170?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731563&cv6=
IP 185.98.53.17:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (565)
Hash bbc447fc4637956863037fa2e194ea0e
5e556eea20e9ebc47bd5c247ca77860c26d083e8
dbe3e80d5e0ae4ece939af21d00579ed6dc2419a4e8ff3d0f0569b06eeceb595
GET /s1/2b160ca1-6619-4386-bf00-0df6fb4f0170?externalId={extPlaceholder}&cost={costPlaceholder}&cv1={dynamicCON}&cv2=NO&cv3=105385&cv4=200571&cv5=731563&cv6= HTTP/1.1
Host: r.trackwilltrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 761
Connection: close
Set-Cookie: uid=RX9cGqZtM; Path=/; Domain=trackwilltrk.com; Expires=Thu, 24 Nov 2022 10:37:35 GMT; HttpOnly
X-Request-Id: b0519bc7-2571-4558-a17d-cdab6ebf2b18
static.javhd.com/h5/files/overlay/1602-overlay.png
185.76.9.25200 OK 1.8 kB URL HTTP/2 static.javhd.com/h5/files/overlay/1602-overlay.png
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash f4403fc07b7c414db6ec613317885035
457d3e8f9e9fb0456292efdbd5f18b318e804ea7
00ffbfa9483f4a6e8b85b6ab368a9547cf29e54c1aeb2bfcf81f34ec2bf50ee7
GET /h5/files/overlay/1602-overlay.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: image/png
content-length: 1839
last-modified: Wed, 20 Apr 2022 13:56:47 GMT
etag: "6260111f-72f"
expires: Tue, 23 May 2023 11:04:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839889
server: CDN77-Turbo
x-77-nzt: AblMCRQSwEX/no3yAA
x-77-nzt-ray: af58563093aa1b01eff77d636ec6f411
x-cache: HIT
x-age: 15895966
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhd.com/h5/files/button/29-button.png
185.76.9.25200 OK 733 B URL HTTP/2 static.javhd.com/h5/files/button/29-button.png
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 82a66a2d222379716ca9a03ff50d8f42
ae43d917ff791f9172edc527baa6266416182aaa
cc5da7b40e498d30bf5eaae43e59cae32202737076422676489dd8d3030803de
GET /h5/files/button/29-button.png HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: image/png
content-length: 733
last-modified: Tue, 22 Dec 2015 18:41:22 GMT
etag: "56799952-2dd"
expires: Tue, 23 May 2023 11:04:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839889
server: CDN77-Turbo
x-77-nzt: AblMCRR6yL3/no3yAA
x-77-nzt-ray: af58563093aa1b01eff77d630937fc11
x-cache: HIT
x-age: 15895966
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=943507
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=943507
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (404), with CRLF, LF line terminators
Hash 747403da207cdc2c1043a578a4c129e5
0e6f297589945a1909055e6cd9b998ed4d9e8ea6
0c8701462f2cb5b34f8f08e46f1d90f7258e03f8d7c6bc82bb1ff311dc37c749
GET /adshow.php?adzone=943507 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; expires=Thu, 23-Nov-2023 10:37:34 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
static.javhd.com/h5/files/css/style.css
185.76.9.25200 OK 37 kB URL HTTP/2 static.javhd.com/h5/files/css/style.css
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
Hash 6a45ddffe8f86d7804a704d1cc2e2353
949bfd4ab705628ba365a05c3e42c984a4e7c198
5166840ecf5972f6d1bf6dc7976a16ad29381c2adb60c823123b2b74e844ae67
GET /h5/files/css/style.css HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.javhdhello.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: text/css
last-modified: Wed, 25 May 2016 08:29:12 GMT
etag: W/"57456258-7bd"
expires: Tue, 23 May 2023 11:04:49 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-accel-expires: @1684839889
server: CDN77-Turbo
x-77-nzt: AblMCRQneRT/no3yAA
x-77-nzt-ray: af58563093aa1b01eff77d63a9cadc11
x-cache: HIT
x-age: 15895966
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=731566
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=731566
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (399), with CRLF, LF line terminators
Hash 8ddf0f1379d4f7aad735e1f81b8eaa98
a83612ef2bed422c0eccc02b44cc2cead96d1fe3
cfcec874b127c1c68232b517fc7b50108b2dd516c67081fadb7a4db1af9a8cc2
GET /adshow.php?adzone=731566 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; expires=Thu, 23-Nov-2023 10:37:34 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
imps47386=1; expires=Thu, 24-Nov-2022 10:37:35 GMT; Max-Age=86400; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YToxOntpOjEzMTk2ODE7aToxNjY5NDU5MDU0O30%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user81419/47386-1642692298-0664298001642692298.gif
69.16.175.10200 OK 182 kB URL HTTP/2 i.jads.co/network/user81419/47386-1642692298-0664298001642692298.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 182 kB (181682 bytes)
Hash 187ee8df9c8da5f9a3883ce16a6fcb63
b1630df50d50217fe759edcce56d48b7830e8684
b68f71323af5e52f3e32c43780eec70ba6fdf9aa643d19b976d13bb91475997a
GET /network/user81419/47386-1642692298-0664298001642692298.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; imps53761=1; juicy_data_1=YToxOntpOjEzMTk2ODE7aToxNjY5NDU5MDU0O30%3D; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1; imps53583=1; imps47386=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
etag: "1642692298"
cache-control: max-age=5081305
content-length: 181682
content-type: image/gif
last-modified: Thu, 20 Jan 2022 15:24:58 GMT
accept-ranges: bytes
x-hw: 1669199855.dop016.sk1.t,1669199855.cds202.sk1.hn,1669199855.cds071.sk1.c
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=625950
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=625950
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (403), with CRLF, LF line terminators
Hash a4267204c5bc6959213a976907b576cc
ca4651fd65559e67f14558b67ba81228ae12df42
55f788603370cc9e0b44002b4af905cd9593b6aed5558c35a583e5daf67748e2
GET /adshow.php?adzone=625950 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=1b22b4765da33c15c9e6283d86f5a4c8; expires=Thu, 23-Nov-2023 10:37:35 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 26-Nov-2022 10:37:35 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:35 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
i.jads.co/network/user1037/78-1639151697-0937530001639151697.jpg
69.16.175.10200 OK 31 kB URL HTTP/2 i.jads.co/network/user1037/78-1639151697-0937530001639151697.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 885ebdc0a662fb4c15f294107ccde331
98258c96e108913585d18746922f72b16c17302a
3f602eaa74eec424f031db6f221f2d8af1b31e81c510d5a63669269c28b68791
GET /network/user1037/78-1639151697-0937530001639151697.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=1b22b4765da33c15c9e6283d86f5a4c8; imps53761=1; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; imps50289=1; imps53583=1; imps47386=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
etag: "1639151697"
cache-control: max-age=4449542
content-length: 31311
content-type: image/jpeg
last-modified: Fri, 10 Dec 2021 15:54:57 GMT
accept-ranges: bytes
x-hw: 1669199855.dop016.sk1.t,1669199855.cds202.sk1.hn,1669199855.cds249.sk1.c
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=943508
185.94.236.244200 OK 1.5 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=943508
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (404), with CRLF, LF line terminators
Hash 5d81b4439428c13e998d8fda08dcec48
8087f2aafc8b8e30b395165f6ec5628eaa9fbfc6
a0561856be98e46e17e439646fe8a5b4af34b98c4c2544d069825caabc33ab83
GET /adshow.php?adzone=943508 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 10:37:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=9eceafe188dd677fcf065032a6c2437f; expires=Thu, 23-Nov-2023 10:37:34 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 26-Nov-2022 10:37:34 GMT; Max-Age=259199; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 5b0ddacb6e172a7e1ee64301b3a81929
88ad9e896c10d420a8a3fdde620e59f54e400597
7055bd5a3294223b9e3226e8a4e8a76db5fd92644c71fdb7a46f6489b1db716b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Cookie: uid_id2=c486212e-870f-4581-bbc9-27f144f88ba6:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://avgle.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 5b0ddacb6e172a7e1ee64301b3a81929
88ad9e896c10d420a8a3fdde620e59f54e400597
7055bd5a3294223b9e3226e8a4e8a76db5fd92644c71fdb7a46f6489b1db716b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Cookie: uid_id2=c486212e-870f-4581-bbc9-27f144f88ba6:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://avgle.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/459976/19.jpg
45.133.44.9200 OK 19 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/459976/19.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash 178867767bb1fd556f13d3de6bc72d11
286096f02425a34c254ab94d2d6108a3a6701a91
94714ee198ec2a59abaf5eed9bc7e620ae704f482d704369f7e6b61f9cd5388d
GET /videos/tmb14/459976/19.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 19100
server: nginx/1.16.1
last-modified: Sun, 29 Nov 2020 05:26:46 GMT
etag: 178867767bb1fd556f13d3de6bc72d11
x-timestamp: 1606627605.20361
x-object-meta-mtime: 1606627606.557721168
x-trans-id: tx937d108416774acb898a2-0062a9e56e
x-openstack-request-id: tx937d108416774acb898a2-0062a9e56e
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/452819/20.jpg
45.133.44.9200 OK 18 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/452819/20.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash fee5be93c36804dbfa6584dc6a52ae9e
01beafd42e65017c966209bc50e479791001d208
e73f2671c30c51f2c471f8589432880f633218e0c25eac4ab3442209ffae92df
GET /videos/tmb14/452819/20.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 18414
server: nginx/1.16.1
x-object-meta-mtime: 1604914117.265736081
last-modified: Mon, 09 Nov 2020 09:28:38 GMT
etag: fee5be93c36804dbfa6584dc6a52ae9e
x-timestamp: 1604914117.28211
x-trans-id: txc7084488adc34079b0cce-0062a9e572
x-openstack-request-id: txc7084488adc34079b0cce-0062a9e572
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/461383/1.jpg
45.133.44.9200 OK 18 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/461383/1.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash 39c097793e04a72270ae29e79a5d3eb3
435d6daa5aae7d5dcc75fe60c461b9cd3bc7081d
aaf83bcceaa190fbef4702e7f489362ecb7b7c7848c64923592d358c752490a8
GET /videos/tmb14/461383/1.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 17632
server: nginx/1.16.1
last-modified: Thu, 03 Dec 2020 04:09:29 GMT
etag: 39c097793e04a72270ae29e79a5d3eb3
x-timestamp: 1606968568.93092
x-object-meta-mtime: 1606968569.867017986
x-trans-id: txf04524b91d874b2788643-0062a9e591
x-openstack-request-id: txf04524b91d874b2788643-0062a9e591
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static.javhd.com/h5/files/video/36-17551-300x250.medium.mp4
185.76.9.25206 Partial Content 52 kB URL HTTP/2 static.javhd.com/h5/files/video/36-17551-300x250.medium.mp4
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash c112004e5476b198f7754d5647512417
3e9768b61625285326eaae6e7414c16bb94bd687
c128a60b2cf35848c08073c7da96d3f61cf49bdc0173af01e27575e3f7f6fe2a
GET /h5/files/video/36-17551-300x250.medium.mp4 HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://static.javhdhello.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: video/mp4
content-length: 772102
last-modified: Wed, 19 Oct 2022 09:58:33 GMT
etag: "634fca49-bc806"
expires: Sat, 22 Oct 2022 12:04:28 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-accel-expires: @1669207901
server: CDN77-Turbo
x-77-nzt: AblMCRQRwhT/EjIBAA
x-77-nzt-ray: af58563093aa1b01eff77d636c374414
x-cache: HIT
x-age: 78354
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-772101/772102
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/461374/8.jpg
45.133.44.9200 OK 18 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/461374/8.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash eb7accaa614e93689a7fc0e5eab720a9
8442736fb54a9f90d1219dab14c5fc242893927d
82d9c18b761c6d3f83ae5e39ae7b37c854f3ff223c144889345e5d4d059f0241
GET /videos/tmb14/461374/8.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 17504
server: nginx/1.16.1
last-modified: Thu, 03 Dec 2020 03:26:40 GMT
etag: eb7accaa614e93689a7fc0e5eab720a9
x-timestamp: 1606965999.35480
x-object-meta-mtime: 1606966000.090925495
x-trans-id: tx742754b986504f40ae650-0062a8c156
x-openstack-request-id: tx742754b986504f40ae650-0062a8c156
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb13/429897/1.jpg
45.133.44.9200 OK 18 kB URL HTTP/2 static-clst.avgle.com/videos/tmb13/429897/1.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash ab3e29371c44de1443ab41adb4d4b68a
e76d742cb3202dd79d9d6cf41943a640b7e0a4a1
f82aa108d77c457fcb7777db61641ab3adfd329038bec295aea7090ab2438ed0
GET /videos/tmb13/429897/1.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 18144
server: nginx/1.16.1
last-modified: Thu, 03 Sep 2020 05:06:15 GMT
etag: ab3e29371c44de1443ab41adb4d4b68a
x-timestamp: 1599109574.25917
x-object-meta-mtime: 1599109575.5034666
x-trans-id: tx222a9951c60d4db0ab056-0062a8e1cd
x-openstack-request-id: tx222a9951c60d4db0ab056-0062a8e1cd
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/461088/1.jpg
45.133.44.9200 OK 16 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/461088/1.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash d22f1e96c9ac9cbb4039c4023ee8108e
56c552e293e854eb26d9fff313011d48f4e3893b
e14ba1fe442e2df451f0b8d82f6e577e13fe8ce2bd4e6ae5cb3c29c3ccbdeaf2
GET /videos/tmb14/461088/1.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 16089
server: nginx/1.16.1
last-modified: Wed, 02 Dec 2020 08:45:28 GMT
etag: d22f1e96c9ac9cbb4039c4023ee8108e
x-timestamp: 1606898727.73176
x-object-meta-mtime: 1606898727.709916247
x-trans-id: tx7c717a2cc4024d76957e4-0062a9e572
x-openstack-request-id: tx7c717a2cc4024d76957e4-0062a9e572
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
static-clst.avgle.com/videos/tmb14/460663/1.jpg
45.133.44.9200 OK 14 kB URL HTTP/2 static-clst.avgle.com/videos/tmb14/460663/1.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 320x180, components 3\012- data
Hash 91469dec94348e41e3e69fedd1cc4ca3
ca30492e5e46f2eb1feef20addfb73e37f584e96
9f154255dd1d68913b384f07a7e2570cd8bd584c80c1fae21e1cec31ccdd1d17
GET /videos/tmb14/460663/1.jpg HTTP/1.1
Host: static-clst.avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: _ga=GA1.2.1248206368.1669199854; _gid=GA1.2.396800195.1669199854; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 13753
server: nginx/1.16.1
last-modified: Tue, 01 Dec 2020 04:12:20 GMT
etag: 91469dec94348e41e3e69fedd1cc4ca3
x-timestamp: 1606795939.89656
x-object-meta-mtime: 1606795940.866155818
x-trans-id: tx575b52aa1ed645cf8b760-0062a9e572
x-openstack-request-id: tx575b52aa1ed645cf8b760-0062a9e572
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Wed, 04 Jan 2023 01:37:36 GMT
cache-control: max-age=3596400
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLrMSRRkUj0%2Fkhn3sLi7RoIxifuDXK1fPSlT3dVUdU9PAkJwIezN2ZvHzjfJhtUg7h8gKxMvEhB2FCSIOXjzIoKwngSZycDgg6r3vvfV4fveq739%2FJxQ5Oxs%2FUO7o41h880qrby5oRNpC19ZvV0JaZVeqWzoZKFxpdIbX677TkibVfpW5X0ltux8jYaUhjSsLGmnItubn7DQ6XE7rLZptVGrhs0Geu7%2F2OcBPAsgu%2BfkZWg5enbzh0fQYogk%2FuaG8luZTd9%2BL84Ny6xDVx7dSbYSWySIZ2XkAkTJ0fQ1rB8R8sUl2ORo6gC2ezB2AK5HJPglBE%2BOpjLBu4cXSrmBSsDlCyi6QygzhGZDCHsXWj4hgJBYXUMSP1i1rmDbFywbsyMy9%2FRv6GJE5n57BUn89TWje5Vb1uSZtolHLyqhe0PozhBpfoJsJ4AuTiCyz6Dlj2T%2B6QqS%2BGDNGwsty4l7rYfQ0RBG9cF8gHx8dIA8CpCnAWJ5VmHNdkTpYsSjer3VEELU60I0WwuyKeuNVkSRi7G8PrK0D2H6EG4XqdvFlr4%2FIuTzdbj8O%2FjNEl4G8NmIBB%2FtoitLFIqg8AQFIyg0QZERFN3yUBpf8%2BUDaXzOw2muTXO9HNiss88ObdZRCdlPz8lLk%2BH8e%2F0yttRZhfKo2Q5rkWjQsCVaIZNhLVwQrLlAFxuyyeF1Ce0vTfzujDdVvYN0nOcIODuBNycQ%2BkWw%2FHWwYrBYo2Cbg0aLYid5yLodo6rCxpC2RJrNIdsO9s05eXUiov2zgxKnZBoQrkTqSnyivyfomHuDm7YgBzdt4cmjtTTTsd5h4%2B3dylimgi8%2FUNuFdXL5hu8%2FfFeMiXF5fFv5bIUlUicdT766pqVUbsk6oci3y35D8fXcb17LXZKnK%2BvXl5bj1CnvtU2GYPrJx48h9Ig8H%2B9N%2FuXlX%2Feg3RAuLxHnM6XankCku%2FDprOctgTMzzNMARV4OXI3PmkYTGDXDjJfw6vTq768dPxe%2B8Qe4On381wW37%2B%2Bh4wKw7C6SuETXleiaEsz04fNnBlnqTq%2F%2BVJ8EuAkG3LjggBtn7l%2BM1uuzimpGNFK0pnjU5tEio7IdNdqctUO1yJssROZH4tN%2F%2FvwPAAD%2F%2FwEAAP%2F%2FqcLMjm8EAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLrMSRRkUj0%2Fkhn3sLi7RoIxifuDXK1fPSlT3dVUdU9PAkJwIezN2ZvHzjfJhtUg7h8gKxMvEhB2FCSIOXjzIoKwngSZycDgg6r3vvfV4fveq739%2FJxQ5Oxs%2FUO7o41h880qrby5oRNpC19ZvV0JaZVeqWzoZKFxpdIbX677TkibVfpW5X0ltux8jYaUhjSsLGmnItubn7DQ6XE7rLZptVGrhs0Geu7%2F2OcBPAsgu%2BfkZWg5enbzh0fQYogk%2FuaG8luZTd9%2BL84Ny6xDVx7dSbYSWySIZ2XkAkTJ0fQ1rB8R8sUl2ORo6gC2ezB2AK5HJPglBE%2BOpjLBu4cXSrmBSsDlCyi6QygzhGZDCHsXWj4hgJBYXUMSP1i1rmDbFywbsyMy9%2FRv6GJE5n57BUn89TWje5Vb1uSZtolHLyqhe0PozhBpfoJsJ4AuTiCyz6Dlj2T%2B6QqS%2BGDNGwsty4l7rYfQ0RBG9cF8gHx8dIA8CpCnAWJ5VmHNdkTpYsSjer3VEELU60I0WwuyKeuNVkSRi7G8PrK0D2H6EG4XqdvFlr4%2FIuTzdbj8O%2FjNEl4G8NmIBB%2FtoitLFIqg8AQFIyg0QZERFN3yUBpf8%2BUDaXzOw2muTXO9HNiss88ObdZRCdlPz8lLk%2BH8e%2F0yttRZhfKo2Q5rkWjQsCVaIZNhLVwQrLlAFxuyyeF1Ce0vTfzujDdVvYN0nOcIODuBNycQ%2BkWw%2FHWwYrBYo2Cbg0aLYid5yLodo6rCxpC2RJrNIdsO9s05eXUiov2zgxKnZBoQrkTqSnyivyfomHuDm7YgBzdt4cmjtTTTsd5h4%2B3dylimgi8%2FUNuFdXL5hu8%2FfFeMiXF5fFv5bIUlUicdT766pqVUbsk6oci3y35D8fXcb17LXZKnK%2BvXl5bj1CnvtU2GYPrJx48h9Ig8H%2B9N%2FuXlX%2Feg3RAuLxHnM6XankCku%2FDprOctgTMzzNMARV4OXI3PmkYTGDXDjJfw6vTq768dPxe%2B8Qe4On381wW37%2B%2Bh4wKw7C6SuETXleiaEsz04fNnBlnqTq%2F%2BVJ8EuAkG3LjggBtn7l%2BM1uuzimpGNFK0pnjU5tEio7IdNdqctUO1yJssROZH4tN%2F%2FvwPAAD%2F%2FwEAAP%2F%2FqcLMjm8EAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLrMSRRkUj0%2Fkhn3sLi7RoIxifuDXK1fPSlT3dVUdU9PAkJwIezN2ZvHzjfJhtUg7h8gKxMvEhB2FCSIOXjzIoKwngSZycDgg6r3vvfV4fveq739%2FJxQ5Oxs%2FUO7o41h880qrby5oRNpC19ZvV0JaZVeqWzoZKFxpdIbX677TkibVfpW5X0ltux8jYaUhjSsLGmnItubn7DQ6XE7rLZptVGrhs0Geu7%2F2OcBPAsgu%2BfkZWg5enbzh0fQYogk%2FuaG8luZTd9%2BL84Ny6xDVx7dSbYSWySIZ2XkAkTJ0fQ1rB8R8sUl2ORo6gC2ezB2AK5HJPglBE%2BOpjLBu4cXSrmBSsDlCyi6QygzhGZDCHsXWj4hgJBYXUMSP1i1rmDbFywbsyMy9%2FRv6GJE5n57BUn89TWje5Vb1uSZtolHLyqhe0PozhBpfoJsJ4AuTiCyz6Dlj2T%2B6QqS%2BGDNGwsty4l7rYfQ0RBG9cF8gHx8dIA8CpCnAWJ5VmHNdkTpYsSjer3VEELU60I0WwuyKeuNVkSRi7G8PrK0D2H6EG4XqdvFlr4%2FIuTzdbj8O%2FjNEl4G8NmIBB%2FtoitLFIqg8AQFIyg0QZERFN3yUBpf8%2BUDaXzOw2muTXO9HNiss88ObdZRCdlPz8lLk%2BH8e%2F0yttRZhfKo2Q5rkWjQsCVaIZNhLVwQrLlAFxuyyeF1Ce0vTfzujDdVvYN0nOcIODuBNycQ%2BkWw%2FHWwYrBYo2Cbg0aLYid5yLodo6rCxpC2RJrNIdsO9s05eXUiov2zgxKnZBoQrkTqSnyivyfomHuDm7YgBzdt4cmjtTTTsd5h4%2B3dylimgi8%2FUNuFdXL5hu8%2FfFeMiXF5fFv5bIUlUicdT766pqVUbsk6oci3y35D8fXcb17LXZKnK%2BvXl5bj1CnvtU2GYPrJx48h9Ig8H%2B9N%2FuXlX%2Feg3RAuLxHnM6XankCku%2FDprOctgTMzzNMARV4OXI3PmkYTGDXDjJfw6vTq768dPxe%2B8Qe4On381wW37%2B%2Bh4wKw7C6SuETXleiaEsz04fNnBlnqTq%2F%2BVJ8EuAkG3LjggBtn7l%2BM1uuzimpGNFK0pnjU5tEio7IdNdqctUO1yJssROZH4tN%2F%2FvwPAAD%2F%2FwEAAP%2F%2FqcLMjm8EAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: u_pl=16597790; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0bf5912fc4018c81ad1216ca56074d5b=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab7dd02795ff05456b4393ef1024a841
Strict-Transport-Security: max-age=0; includeSubdomains
parkingridiculous.com/pixel/pure
173.233.137.36200 OK 0 B URL HTTP/1.1 parkingridiculous.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 1.5 kB IP 93.184.220.29:0
Hash 9b6d7fd8341a06cee413a3e98b66ebc4
747032f1eea248a23f0def8b87faa8adba9d1dcb
9e7262d68e5756c47f2ebc78b1dd6cace8bf90e4a7c1103a4fb4743963adfb65
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5116
Cache-Control: max-age=161337
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:36 GMT
Etag: "637db72d-118"
Expires: Fri, 25 Nov 2022 07:26:33 GMT
Last-Modified: Wed, 23 Nov 2022 06:01:17 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
img.strpst.com/thumbs/1669199401/83306615
104.18.63.124200 OK 58 kB URL HTTP/2 img.strpst.com/thumbs/1669199401/83306615
IP 104.18.63.124:0
Hash a74f64cb8527b36722d59e679ee7c36d
efff8a3844af62f23df634eed254abf671b0d78b
e85c676bff4e315383a5183b52a978ae418b152bd1e980c81f905cfa5427ef09
GET /thumbs/1669199401/83306615 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/jpeg
content-length: 57687
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, POST, GET, DELETE, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=59634, status=webp_bigger
etag: "6bbc0fb7df317324634046d34e7eeaea"
last-modified: Wed, 23 Nov 2022 10:29:33 GMT
cf-cache-status: HIT
age: 241
expires: Wed, 23 Nov 2022 10:38:36 GMT
cache-control: public, max-age=60
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e9453db833b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 27e3c005b50d071c91eb9a73948bfbc9
5edb39d243f6f526c31a65a205e3646a88bdba6d
6afbf2820210bb08dcb4473b2602911d74887f316d6fe6a51ad63ae2ed18420f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5116
Cache-Control: max-age=161337
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 10:37:36 GMT
Etag: "637db72d-118"
Expires: Fri, 25 Nov 2022 07:26:33 GMT
Last-Modified: Wed, 23 Nov 2022 06:01:17 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ee351efa307041ba0081a0dcb5c04b60
ce855fa3b56ee6b55438cbe3bd44f52753dc90f2
1e909796a7ff60ebf333f3c36e7e80a09cbcc88292b397754484a0af3676651a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E909796A7FF60EBF333F3C36E7E80A09CBCC88292B397754484A0AF3676651A"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6652
Expires: Wed, 23 Nov 2022 12:28:28 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
go.xlrdr.com/thumbs/view
104.18.59.150200 OK 421 B IP 104.18.59.150:0
File type JSON data\012- , ASCII text
Hash cd63a447cc96a7f66a2f0ad26f299e97
b17cbb8f3c5626bd6ba8833bfc270c63b3570e0a
a146aaa6413b5d72b7cdaa002bba2bae49f934f607551244ab22ed0438145db1
POST /thumbs/view HTTP/1.1
Host: go.xlrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlrdr.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://creative.xlrdr.com
Content-Length: 81
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: application/json
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeScBLPeXxw9eeb9ui1vADWnxRor; SameSite=None; Secure; path=/; expires=Thu, 24-Nov-22 09:37:36 GMT; HttpOnly
server: cloudflare
cf-ray: 76e9453ef9341c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69036b01998fdb61310f2a30f4dfd2c3
af2ad3a4adc09b6f39e50337ec056bad1bc5d420
8d5426591968503b695aba5b1505000b83b96a12e781dc6bb445b240e9b51f5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8D5426591968503B695ABA5B1505000B83B96A12E781DC6BB445B240E9B51F5B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7967
Expires: Wed, 23 Nov 2022 12:50:23 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e5bf97b0f8f82cd1712b34a118315c7e
8ebf659b5a09b932ed6ee219fd28803238f2816a
e64ddbc741840c4a933626710273fc41231d91a6a69b981ede401a4d6f59f7c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64DDBC741840C4A933626710273FC41231D91A6A69B981EDE401A4D6F59F7C5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16896
Expires: Wed, 23 Nov 2022 15:19:12 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 1.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2c354a6a2d1eddb08a7590a1c7f9f50
8a9d1345d9c17f31263df4c3969e01e9db547e26
2030aa2dab2d8c0e60108b026b5af53ebdaab5899e75660f03679ae6091f1381
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64DDBC741840C4A933626710273FC41231D91A6A69B981EDE401A4D6F59F7C5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16896
Expires: Wed, 23 Nov 2022 15:19:12 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e5bf97b0f8f82cd1712b34a118315c7e
8ebf659b5a09b932ed6ee219fd28803238f2816a
e64ddbc741840c4a933626710273fc41231d91a6a69b981ede401a4d6f59f7c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64DDBC741840C4A933626710273FC41231D91A6A69B981EDE401A4D6F59F7C5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16896
Expires: Wed, 23 Nov 2022 15:19:12 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69036b01998fdb61310f2a30f4dfd2c3
af2ad3a4adc09b6f39e50337ec056bad1bc5d420
8d5426591968503b695aba5b1505000b83b96a12e781dc6bb445b240e9b51f5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8D5426591968503B695ABA5B1505000B83B96A12E781DC6BB445B240E9B51F5B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7967
Expires: Wed, 23 Nov 2022 12:50:23 GMT
Date: Wed, 23 Nov 2022 10:37:36 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
172.64.108.13200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP 172.64.108.13:0
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 679536
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRbpLZ7CTXwJlPzyUCd%2BxDgEDIytrKlQ3t%2Ft6ph6IP9vHoHnJXGFgf0YZeF5%2FjkY5%2B6So0DsutOH%2B5s3Kw5%2Fv9BUGrhx80ml2YgKlwsGaj%2FVvqU894pHAch%2BBHUmKdEXiVtUU6xiWzWJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e94541196f7726-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b55c2b98fc19fa6550a3224114874bf8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b55c2b98fc19fa6550a3224114874bf8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b55c2b98fc19fa6550a3224114874bf8&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 23 Nov 2022 10:37:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a16feb0e30fddfea8449ebd80c62a37f
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=0bf5912fc4018c81ad1216ca56074d5b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=0bf5912fc4018c81ad1216ca56074d5b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=0bf5912fc4018c81ad1216ca56074d5b&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 23 Nov 2022 10:37:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b687251f7d8bf3f2390b66764c688ff1
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 24597d0c67d4b461336ffa2408f27547
074dd250a768042c4f860577db5e4bcf5ec06656
bd66882c12b7578f77d58d42028989ee7fcf8da7abd0091a5a9171bd7857ff54
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD66882C12B7578F77D58D42028989EE7FCF8DA7ABD0091A5A9171BD7857FF54"
Last-Modified: Wed, 23 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9444
Expires: Wed, 23 Nov 2022 13:15:01 GMT
Date: Wed, 23 Nov 2022 10:37:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 24597d0c67d4b461336ffa2408f27547
074dd250a768042c4f860577db5e4bcf5ec06656
bd66882c12b7578f77d58d42028989ee7fcf8da7abd0091a5a9171bd7857ff54
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD66882C12B7578F77D58D42028989EE7FCF8DA7ABD0091A5A9171BD7857FF54"
Last-Modified: Wed, 23 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9444
Expires: Wed, 23 Nov 2022 13:15:01 GMT
Date: Wed, 23 Nov 2022 10:37:37 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=befd41ae888030d201577e0b904c54e7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=befd41ae888030d201577e0b904c54e7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c486212e-870f-4581-bbc9-27f144f88ba6&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=befd41ae888030d201577e0b904c54e7&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 23 Nov 2022 10:37:37 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6a37219f4ff1e38a9baea0acc8abb3f
Strict-Transport-Security: max-age=0; includeSubdomains
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLr0SRRk0j0%2FMjPuYXF3XVmMSdwf5Gp1VfWkTHVVU9U%2FJgEhuBD25uzNY%2BebZMNqEPcPkJWJFwkIOwoSxBy8eRFBWE%2BCzGRg8EHVe9%2F76vB979XuXn5GAuT0dO1Dsy2VooutWuC%2FuS41N6XzV277YVALLvnrUi81L%2Fn9yWWLd8KgVQve8t8XbNMs1oMwCMIg9K9LK2LTX5yykOlRN6x1g1qzXgtbTfTt%2F7HLPTjqgRdn5GVIPn5244dHkGwEnXxzTbjNzKRvv5fkimbGouCHd%2FSmNqVGMi9j6yHWh7PXMG5MyBcXYPThzAFMsT9xgEiOifdLiEgfzmQiKg7OlUYKQiPiL6AsRhBqBElHYOYuJH9CAMaxsgqdPFgxtqRb5yydsGOy8PRvyHJMFn57BTr5%2BoqSff%2BWUXkmjXboxxVkfwTZGyHNj5Fte5DlMVj2GST%2FkSw%2BXYZO9ledMpC8mrqXcgQZj6DEANR5yCdHeshjD3nqIeGnPm114yBox1HcaHSajLFGg7FWZ4m3eKPZiQPkbCJvgCwdgKkBmN1BanewKe%2BPCfl8DTb%2FDm6jguMeXDYm3kc7KHiFUhCUjqCkBKUkKDOCsqgOuHJ1Vz3gyuVROMv1WW5UQ5P19uiByXpCk730jLw0Hc6%2FVy9iU5z6QRS3umE9Zs0g7LBOSHlYD5cYbS0F7SZvRXCygnQXpn63J5uq3UE6yQsEET2GU8dg8kXQ%2FHXQctiuB6Abw2YnwLZ%2BSIueEjVmEnBTIc0WkG15e%2BqMvDoV0f3ZQrATMgswWyG1FT6R3xP01L3hTVOS%2FZumdOTRaprJRG7TyfZuZTQT3pcfiK3SWH7jmhs8fJdNiEl5dFu4bJlqLnXPka%2BuSM6FvW4sE%2BTbG25dRGu527iSW52ny2tXr99IUiuck0aPQOWTjx%2BDyTF5Ptmd%2FsuLv%2B5C2hFsXiHJ50qlOQZLd%2BDSec8ZAqvmOEo9lHk1tPVo3lSSQIk5plEFJ04u%2F%2F7a0XPhG38gEieP%2Fzrn9tw99KwHmt2FTioUtkKhKlA1gMufGWapPbn8U2MaiJQ3jJT19iNl1f3z0Tp56rfCpuhEnTbjPBKMh%2B16o9MIgjrnzXZXhF1kbsw%2B%2FefP%2FwAAAP%2F%2FAQAA%2F%2F%2B9ykJobwQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLr0SRRk0j0%2FMjPuYXF3XVmMSdwf5Gp1VfWkTHVVU9U%2FJgEhuBD25uzNY%2BebZMNqEPcPkJWJFwkIOwoSxBy8eRFBWE%2BCzGRg8EHVe9%2F76vB979XuXn5GAuT0dO1Dsy2VooutWuC%2FuS41N6XzV277YVALLvnrUi81L%2Fn9yWWLd8KgVQve8t8XbNMs1oMwCMIg9K9LK2LTX5yykOlRN6x1g1qzXgtbTfTt%2F7HLPTjqgRdn5GVIPn5244dHkGwEnXxzTbjNzKRvv5fkimbGouCHd%2FSmNqVGMi9j6yHWh7PXMG5MyBcXYPThzAFMsT9xgEiOifdLiEgfzmQiKg7OlUYKQiPiL6AsRhBqBElHYOYuJH9CAMaxsgqdPFgxtqRb5yydsGOy8PRvyHJMFn57BTr5%2BoqSff%2BWUXkmjXboxxVkfwTZGyHNj5Fte5DlMVj2GST%2FkSw%2BXYZO9ledMpC8mrqXcgQZj6DEANR5yCdHeshjD3nqIeGnPm114yBox1HcaHSajLFGg7FWZ4m3eKPZiQPkbCJvgCwdgKkBmN1BanewKe%2BPCfl8DTb%2FDm6jguMeXDYm3kc7KHiFUhCUjqCkBKUkKDOCsqgOuHJ1Vz3gyuVROMv1WW5UQ5P19uiByXpCk730jLw0Hc6%2FVy9iU5z6QRS3umE9Zs0g7LBOSHlYD5cYbS0F7SZvRXCygnQXpn63J5uq3UE6yQsEET2GU8dg8kXQ%2FHXQctiuB6Abw2YnwLZ%2BSIueEjVmEnBTIc0WkG15e%2BqMvDoV0f3ZQrATMgswWyG1FT6R3xP01L3hTVOS%2FZumdOTRaprJRG7TyfZuZTQT3pcfiK3SWH7jmhs8fJdNiEl5dFu4bJlqLnXPka%2BuSM6FvW4sE%2BTbG25dRGu527iSW52ny2tXr99IUiuck0aPQOWTjx%2BDyTF5Ptmd%2FsuLv%2B5C2hFsXiHJ50qlOQZLd%2BDSec8ZAqvmOEo9lHk1tPVo3lSSQIk5plEFJ04u%2F%2F7a0XPhG38gEieP%2Fzrn9tw99KwHmt2FTioUtkKhKlA1gMufGWapPbn8U2MaiJQ3jJT19iNl1f3z0Tp56rfCpuhEnTbjPBKMh%2B16o9MIgjrnzXZXhF1kbsw%2B%2FefP%2FwAAAP%2F%2FAQAA%2F%2F%2B9ykJobwQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXiOIXlS8CLr0SRRk0j0%2FMjPuYXF3XVmMSdwf5Gp1VfWkTHVVU9U%2FJgEhuBD25uzNY%2BebZMNqEPcPkJWJFwkIOwoSxBy8eRFBWE%2BCzGRg8EHVe9%2F76vB979XuXn5GAuT0dO1Dsy2VooutWuC%2FuS41N6XzV277YVALLvnrUi81L%2Fn9yWWLd8KgVQve8t8XbNMs1oMwCMIg9K9LK2LTX5yykOlRN6x1g1qzXgtbTfTt%2F7HLPTjqgRdn5GVIPn5244dHkGwEnXxzTbjNzKRvv5fkimbGouCHd%2FSmNqVGMi9j6yHWh7PXMG5MyBcXYPThzAFMsT9xgEiOifdLiEgfzmQiKg7OlUYKQiPiL6AsRhBqBElHYOYuJH9CAMaxsgqdPFgxtqRb5yydsGOy8PRvyHJMFn57BTr5%2BoqSff%2BWUXkmjXboxxVkfwTZGyHNj5Fte5DlMVj2GST%2FkSw%2BXYZO9ledMpC8mrqXcgQZj6DEANR5yCdHeshjD3nqIeGnPm114yBox1HcaHSajLFGg7FWZ4m3eKPZiQPkbCJvgCwdgKkBmN1BanewKe%2BPCfl8DTb%2FDm6jguMeXDYm3kc7KHiFUhCUjqCkBKUkKDOCsqgOuHJ1Vz3gyuVROMv1WW5UQ5P19uiByXpCk730jLw0Hc6%2FVy9iU5z6QRS3umE9Zs0g7LBOSHlYD5cYbS0F7SZvRXCygnQXpn63J5uq3UE6yQsEET2GU8dg8kXQ%2FHXQctiuB6Abw2YnwLZ%2BSIueEjVmEnBTIc0WkG15e%2BqMvDoV0f3ZQrATMgswWyG1FT6R3xP01L3hTVOS%2FZumdOTRaprJRG7TyfZuZTQT3pcfiK3SWH7jmhs8fJdNiEl5dFu4bJlqLnXPka%2BuSM6FvW4sE%2BTbG25dRGu527iSW52ny2tXr99IUiuck0aPQOWTjx%2BDyTF5Ptmd%2FsuLv%2B5C2hFsXiHJ50qlOQZLd%2BDSec8ZAqvmOEo9lHk1tPVo3lSSQIk5plEFJ04u%2F%2F7a0XPhG38gEieP%2Fzrn9tw99KwHmt2FTioUtkKhKlA1gMufGWapPbn8U2MaiJQ3jJT19iNl1f3z0Tp56rfCpuhEnTbjPBKMh%2B16o9MIgjrnzXZXhF1kbsw%2B%2FefP%2FwAAAP%2F%2FAQAA%2F%2F%2B9ykJobwQAAA%3D%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: u_pl=16597790; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0bf5912fc4018c81ad1216ca56074d5b=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:37 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f491ae30407533a45bf25ff8b676fe3
Strict-Transport-Security: max-age=0; includeSubdomains
tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=147
173.233.139.164200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=147
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=147 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=460
173.233.139.164200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=460
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=460 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
172.64.108.13200 OK 4.6 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP 172.64.108.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash c28e9fdf41524904fae8b197371a487f
dd6b0e53f76e6b75c403288b33074c3887498054
345e234c0724bfe0109d8428b9a018ae34d3967211c3a64a3fafa704a99f6eb3
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 679536
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXIML3KhGfM%2B7RwbjyB%2BopN%2BBf7I6xNgrpoE3vJw%2B1yYAu9heTMN2pQO3dqXrhOeukXoalVhktcNKYq5c9X2TyLLgX0KtO5K4ofYgzwZ3s5u0Q5sbOd8lRY8LAM3bmS5vzDRB8x69GCl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e9454109607726-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
olmsoneenh.info/
3.64.163.50200 OK 11 kB IP 3.64.163.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8978)
Hash 210cc3072e58c9a9acbee3a09626e69e
fed44aede5e55e60445b162bc505ad7bc3080c6d
a18272a1231d4caa247da628dc1a8dad3ade74ce5074890b8378e9cfe6f74511
GET / HTTP/1.1
Host: olmsoneenh.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: W/"c43e42a500a5dd37b83d6c6c948b192a"
cache-control: max-age=0, private, must-revalidate
set-cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=4Hv1szo%2BGtWAhxMEK5pgmmDVSXMtcuwhK9KZVqkPX%2BFp59iSCZdqWwUA%2BaXoYjJNS%2FXYVZAu%2BWpvFAom4zRcaJAdeCOo4asK4NMvjlCSpQPpPGwV05grSiDHyv%2B1PKEq6DkN3995k6qomtA8O5kz0M8PaCQjns0YRxbjvIkBYF2X6OneMj0UvyXoWbl5mSV39qpFMXMwZbJ7d37WlpKt0c8UctFSPQQWA3nGADREliAz1Grt2M6zsbVHLBFKJoPbYc6z%2BmpD9hHSDltPuCrFAsv6zbn%2FJONqIsjAe4AR0kUGdjMG2DbGnRVZE1XGQcQZgZhb75ClA4zkqAP9zry3yBxj9CjEi0sQ6kt88jqQuBCwVQWFBMiZLwmGkt9EWF8622N7%2BJrislUWSrjvDRTeNFMxhz1FJqAv1aNIGv5WtRLqVd3636eACtit61pxUhKeGxPEsICsA2i3athJ8v6t5w%3D%3D--t4fhQJpCHDtBxpT1--5aj5XxDNTfOHJ17PgscTCA%3D%3D; path=/; secure; HttpOnly
x-request-id: f66efcf3-c8f8-4b98-8d8d-5cce13b6983a
x-runtime: 0.072959
content-encoding: gzip
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Cookie: u_pl=16597790; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0bf5912fc4018c81ad1216ca56074d5b=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 23 Nov 2022 10:37:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adxadserv.com/px/heartbeat/v1?pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&t_op=5.359&p_nn=adxad-rtb&fpid_sa=1669199853212&fpid=bc43f01a151639d4c69739dcaca30e3b&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=0&sr=5497558139882&fb=10384
185.98.53.29200 OK 0 B URL HTTP/1.1 adxadserv.com/px/heartbeat/v1?pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&t_op=5.359&p_nn=adxad-rtb&fpid_sa=1669199853212&fpid=bc43f01a151639d4c69739dcaca30e3b&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=0&sr=5497558139882&fb=10384
IP 185.98.53.29:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /px/heartbeat/v1?pv_uid=8d29a850-767d-4323-b7a1-39d9178904fa&t_op=5.359&p_nn=adxad-rtb&fpid_sa=1669199853212&fpid=bc43f01a151639d4c69739dcaca30e3b&feid_sa=1669199853212&sid_sa=1669199853212&feid=2ab8028e317d27500dd2bb993145222d&sid=927aaf4516571f8fd7b18de236a0e472&u_adb=0&vn=T-0.1.1&utm_typ=referral&utm_src=avgle.com&s_rst=0&ts=%5B0%2Cfalse%2Cfalse%5D&pl=Linux%20x86_64&cc=NA&ss=1&ls=1&idb=1&ab=0&od=0&ll=0&lr=0&lo=1&lb=0&cd=24&hc=16&dm=-1&dt=2&ed=0&sr=5497558139882&fb=10384 HTTP/1.1
Host: adxadserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1
Origin: https://ads.adxadserv.com
Connection: keep-alive
Referer: https://ads.adxadserv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Nov 2022 10:37:39 GMT
Content-Length: 0
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 668318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jpB%2FKmlymjHGkFbEi%2B2DAGHOXRvgezkwPIoTb6uuiQoq4amardRnC0q%2FWkDo8N%2Bjci%2B5BNl%2FmE8ksgWPZY2EL7l%2B%2FvKTwpUHOaghX84R0PYFvtcXcT9ugqnXrN6%2FnVl%2BPJnyrH4BGlF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e945405ad488b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.javhdhello.com/h5/files/15970/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ff8c93fc0-f5ce-4731-95f3-223d0b0ca3a4%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731563%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzc0NTEsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjIsInAiOjEsInMiOjIxNjY3fQ
185.76.9.25200 OK 0 B URL HTTP/2 static.javhdhello.com/h5/files/15970/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ff8c93fc0-f5ce-4731-95f3-223d0b0ca3a4%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731563%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzc0NTEsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjIsInAiOjEsInMiOjIxNjY3fQ
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
GET /h5/files/15970/300x250.html?targetUrl=http%3A%2F%2Fr.trackwilltrk.com%2Fc1%2Ff8c93fc0-f5ce-4731-95f3-223d0b0ca3a4%3Fcost%3D%257BcostPlaceholder%257D%26cv1%3D%257BdynamicCON%257D%26cv2%3DNO%26cv3%3D105385%26cv4%3D200571%26cv5%3D731563%26cv6%3D%26externalId%3D%257BextPlaceholder%257D%26p%3DeyJiIjoyNzc0NTEsImJoIjoyNTAsImJ3IjozMDAsImYiOjEsIm8iOjIsInAiOjEsInMiOjIxNjY3fQ HTTP/1.1
Host: static.javhdhello.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://r.trackwilltrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: text/html
last-modified: Wed, 20 Apr 2022 13:56:46 GMT
etag: W/"6260111e-c86"
expires: Thu, 22 Dec 2022 15:26:10 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-accel-expires: @1671722770
server: CDN77-Turbo
x-77-nzt: AblMCRRJpoPv3Q0BAA
x-77-nzt-ray: af58563093aa1b01eff77d634f4c8115
x-cache: HIT
x-age: 69085
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 23 Nov 2022 11:37:36 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 679536
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VEdG%2FUQOi7kMSvcakIBECxst5KXITyW2aFxFAPCy4h18xeNLxwF66jXfc27QzBn0fFyqyciw7aD5%2FOXbwrA9e8vjT4ufCzWPxV13KOprzM3%2FMSw33V67P1Ce%2FagQypslMDPVOAtBc0U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e94540e9107726-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
avgle.com/video/QuuHGHRGtHl/hnds-039-1
172.67.219.47200 OK 0 B URL HTTP/2 avgle.com/video/QuuHGHRGtHl/hnds-039-1
IP 172.67.219.47:0
GET /video/QuuHGHRGtHl/hnds-039-1 HTTP/1.1
Host: avgle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.14
set-cookie: AVS=0ef1db418b8e2221855b2cfa2673f667; path=/
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
cache-control: public, s-maxage=1800
servedby: n2
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnypdVSfubzPuo3FNn%2Bun3qu%2B%2ByhHVp8QeGA4eWonxgeymIrFysnxdcH0x9eHN3YkItcTgUiTmPiddSPKjCS%2BGhDHSpCNFRkPN7PqQNX%2FjsVIp8zyEz6woK07yw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e94520cea9b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
olmsoneenh.info/ajWpZ.y/PD3VptvQb/msV/J/Z-Da0Kz/N/zpUA4_OYTqMaxT
3.64.163.50410 Gone 0 B URL HTTP/2 olmsoneenh.info/ajWpZ.y/PD3VptvQb/msV/J/Z-Da0Kz/N/zpUA4_OYTqMaxT
IP 3.64.163.50:0
GET /ajWpZ.y/PD3VptvQb/msV/J/Z-Da0Kz/N/zpUA4_OYTqMaxT HTTP/1.1
Host: olmsoneenh.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avgle.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
server: openresty
date: Wed, 23 Nov 2022 10:37:33 GMT
content-type: text/html
X-Firefox-Spdy: h2
static.javhd.com/h5/files/video/3849-30453-300x250.medium.mp4
185.76.9.25206 Partial Content 0 B URL HTTP/2 static.javhd.com/h5/files/video/3849-30453-300x250.medium.mp4
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
GET /h5/files/video/3849-30453-300x250.medium.mp4 HTTP/1.1
Host: static.javhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://static.javhdhello.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Wed, 23 Nov 2022 10:37:35 GMT
content-type: video/mp4
content-length: 431883
last-modified: Mon, 07 Feb 2022 07:42:29 GMT
etag: "6200cd65-6970b"
expires: Tue, 24 May 2022 11:04:49 GMT
cache-control: max-age=86400
access-control-allow-origin: *
x-accel-expires: @1669204629
server: CDN77-Turbo
x-77-nzt: AblMCRSuv/f/2j4BAA
x-77-nzt-ray: af58563093aa1b01eff77d63d3c85118
x-cache: HIT
x-age: 81626
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-431882/431883
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://avgle.com
Connection: keep-alive
Referer: https://avgle.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 10:37:36 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 668318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeiBlIcKWwDdQwL6GEI1%2B%2BjvvMSd8WQlJ3hnLbAk8NEwJQllXzz6rQld9rjfI0qfGLjP3ltjAuVzK4i5yh6mZ4aDIXfQ89rXV3hOE7u%2B%2FUkeZ8f37o6KkQd8l%2B2Lt3pHmQ9%2Fq47hgaGU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e945407b2688b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2