Overview

URLtrackmwsg.digital/?data1=track1&data2=track2&eyeg=1&sl=5497933-f304f&tag=635664c18a419f71ee12dfe4&website=888b
IP 51.68.81.31 (France)
ASN#16276 OVH SAS
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access lock_open
Report completed2022-10-25 17:14:17 UTC
StatusLoading report..
IDS alerts0
Blocklist alert8
urlquery alerts No alerts detected
Tags None

Domain Summary (23)

Fully Qualifying Domain Name Rank First Seen Last Seen Sent bytes Received bytes IP Comment
surf.ueive.com (1) 199304 2022-06-04T00:26:39Z 2023-03-10T13:25:40Z 482 1049 104.21.92.26
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03T13:26:46Z 2023-03-10T05:12:35Z 401 5844 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24T10:27:06Z 2023-03-10T05:10:02Z 594 127 35.160.97.225
t2.lowtid.com (1) 0 2022-08-03T15:42:14Z 2023-03-09T11:02:33Z 490 322 51.161.115.163
www.trackmwsg.digital (3) 0 2022-04-05T01:34:56Z 2023-03-08T06:48:11Z 1756 5180 51.68.85.158
ad.marootrack.co (4) 0 2022-03-13T13:22:16Z 2023-01-16T14:04:10Z 2452 8613 65.60.58.179
cdn.addlnk.com (2) 246074 2017-05-11T04:05:17Z 2023-03-09T17:43:15Z 727 747721 104.21.20.70
48.us.tealwinds.xyz (1) 0 2022-04-07T10:10:50Z 2023-01-18T13:14:18Z 505 243 23.235.251.114
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-22T01:36:00Z 2023-03-10T05:10:04Z 3174 49795 34.120.237.76
cola.trffclb.com (1) 0 2022-09-30T13:19:40Z 2023-03-10T12:12:56Z 540 324 51.83.143.92
139.59.49.76 (1) 0 2019-08-01T19:32:12Z 2023-02-27T01:04:38Z 394 626 139.59.49.76
aditmedia.g2afse.com (1) 61605 2019-08-01T05:38:15Z 2023-03-10T07:57:08Z 547 505 34.91.234.242
myofferplus.com (1) 0 2016-05-09T00:20:02Z 2023-03-08T02:23:05Z 476 1546 104.21.24.76
redir.tealwinds.xyz (1) 0 2022-07-28T07:22:11Z 2022-12-09T12:09:16Z 471 646 198.211.113.186
trackmwsg.digital (1) 0 2022-04-05T01:34:56Z 2023-03-08T06:48:11Z 429 374 51.68.82.147
ocsp.digicert.com (9) 86 2012-05-21T09:02:23Z 2023-03-10T13:49:44Z 2961 5988 93.184.220.29
firefox.settings.services.mozilla.com (1) 867 2020-06-04T22:08:41Z 2023-03-10T05:10:00Z 352 1472 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27T20:32:35Z 2023-03-10T05:10:00Z 321 229 34.117.237.239
admoustache.go2affise.com (2) 84756 2017-05-04T22:13:42Z 2023-02-19T23:48:35Z 1337 718 34.91.27.112
t2.blowingwnd.com (1) 0 2022-08-03T15:42:13Z 2023-03-10T07:19:51Z 524 294 51.161.115.163
r3.o.lencr.org (13) 344 2020-12-02T09:52:13Z 2023-03-10T05:09:10Z 4238 11521 23.36.77.32
ocsp.godaddy.com (1) 698 2012-05-20T21:28:57Z 2023-03-10T05:13:22Z 328 2285 192.124.249.22
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun (1) 0 2022-08-21T10:58:43Z 2023-03-10T12:03:35Z 533 615 5.161.78.177

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-25 medium ad.marootrack.co/sw.js?v=1666718051305 Malware
2022-10-25 medium ad.marootrack.co/sw.js?v=1666718051305 Malware
2022-10-25 medium ad.marootrack.co/proc.php?2b432db8611e0460199bc3eac1cbd76966083102 Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-25 medium trackmwsg.digital Sinkholed
2022-10-25 medium trffclb.com Sinkholed
2022-10-25 medium trackmwsg.digital Sinkholed
2022-10-25 medium trackmwsg.digital Sinkholed
2022-10-25 medium trackmwsg.digital Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 51.68.81.31
Date UQ / IDS / BL URL IP
2023-06-04 14:08:45 UTC 0 - 1 - 0 www.bublemore.xyz/?sl=5633238-d759b&data1=Tra (...) 51.68.81.31
2023-05-29 21:19:44 UTC 0 - 1 - 7 www.bublemore.xyz/?sl=5621056-7402e&data1=Tra (...) 51.68.81.31
2023-05-25 15:20:05 UTC 0 - 1 - 0 www.bublemore.xyz/?sl=5621056-7402e&data1=Tra (...) 51.68.81.31
2023-05-22 06:11:19 UTC 0 - 5 - 0 www.brickljm.biz/ 51.68.81.31
2023-05-21 06:06:51 UTC 0 - 1 - 0 bublemore.xyz/ 51.68.81.31


Last 5 reports on ASN: OVH SAS
Date UQ / IDS / BL URL IP
2023-06-09 04:20:59 UTC 0 - 2 - 0 tm-offers.gamingadult.com/?offer=123&uid=ce7c (...) 5.196.166.128
2023-06-09 04:16:02 UTC 0 - 3 - 0 www.45577171291085405.updates-for-pc.top/ 162.19.18.138
2023-06-09 04:10:21 UTC 0 - 1 - 0 erichware.info/prog/geo2utm.exe 145.239.67.6
2023-06-09 04:09:44 UTC 4 - 9 - 0 teractifevhkes.work.gd/ 139.99.66.103
2023-06-09 04:00:18 UTC 0 - 1 - 0 files.winupdate.ru/multimedia/players/nero-so (...) 5.39.63.19


Last 5 reports on domain: trackmwsg.digital
Date UQ / IDS / BL URL IP
2022-09-16 08:44:34 UTC 0 - 0 - 10 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.81.31
2022-09-10 07:05:11 UTC 0 - 0 - 1 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.82.147
2022-09-10 00:37:56 UTC 0 - 0 - 1 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.85.158
2022-09-09 23:34:39 UTC 0 - 0 - 3 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.81.31
2023-01-29 15:29:55 UTC 0 - 1 - 3 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.82.147


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-09-09 23:34:39 UTC 0 - 0 - 3 www.trackmwsg.digital/?sl=5497933-f304f&data1 (...) 51.68.81.31
2022-09-04 17:59:38 UTC 0 - 0 - 4 awakeningsco.com/f9ce4969-ca72-4745-a21a-2e33 (...) 104.18.2.198
2022-09-04 17:13:02 UTC 0 - 0 - 1 shipit.reddragon.bond/?utm_medium=46976c9417d (...) 184.154.10.250
2022-09-04 17:05:29 UTC 0 - 0 - 4 phythmspeters.com/ca8b89b2-dd64-445d-9968-da3 (...) 18.156.16.63
2022-09-04 15:33:03 UTC 0 - 0 - 1 550.novitrk4.com/smartlink?mongo_id=6314c513b (...) 188.240.52.20

JavaScript

Executed Scripts (11)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (55)


Request Response
                                        
                                            GET /?data1=track1&data2=track2&eyeg=1&sl=5497933-f304f&tag=635664c18a419f71ee12dfe4&website=888b HTTP/1.1 
Host: trackmwsg.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        
                                             51.68.82.147
HTTP/1.1 302 Found
                                            
Date: Tue, 25 Oct 2022 17:14:07 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3100087f5230d22939eeba15eee95cd19a65f1025-202210-flb*5497933-f304f*635664c18a419f71ee12dfe4*sl_5497933-f304f*2bd23482b69424bbc07839247538a920e80e83fc*888b*


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Blocklists:
  - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3144
Expires: Tue, 25 Oct 2022 18:06:31 GMT
Date: Tue, 25 Oct 2022 17:14:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 3880
Cache-Control: max-age=148904
Date: Tue, 25 Oct 2022 17:14:07 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:35:51 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 4079
Cache-Control: max-age=149103
Date: Tue, 25 Oct 2022 17:14:07 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:39:10 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0

                                        
                                             34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                            
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 25 Oct 2022 16:41:30 GMT
cache-control: public,max-age=3600
age: 1957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4736bac84ca28f2b1e961159fb4ea098
Sha1:   1319612979f53896fcfeacd4215c2715d4951e4c
Sha256: 5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6274
Expires: Tue, 25 Oct 2022 18:58:41 GMT
Date: Tue, 25 Oct 2022 17:14:07 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                            
x-amz-id-2: 7DLijZjY3aQ8ZtAYhJaqWRfjGoSPtkHCJFUOKfKmWxjsyy4MWm6al0qoFlp6Z0pms1pQgLdwCLc=
x-amz-request-id: RC472SNJA6FASK49
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 16:38:52 GMT
age: 2115
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:07 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             192.124.249.22
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: Sucuri/Cloudproxy
Date: Tue, 25 Oct 2022 17:14:07 GMT
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 25 Oct 2022 00:17:22 GMT
Expires: Wed, 26 Oct 2022 00:17:22 GMT
ETag: "7ba6a9257f8691aa9696371d904a5b2c90dbb2f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1777
Md5:    68b0c7c03a472e89bdf8e42b936cea22
Sha1:   7ba6a9257f8691aa9696371d904a5b2c90dbb2f3
Sha256: aafbf5bf2025670c7a109fabb7a177d73b2d6943135400956ad59289af909d39
                                        
                                            GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3100087f5230d22939eeba15eee95cd19a65f1025-202210-flb*5497933-f304f*635664c18a419f71ee12dfe4*sl_5497933-f304f*2bd23482b69424bbc07839247538a920e80e83fc*888b* HTTP/1.1 
Host: admoustache.go2affise.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             34.91.27.112
HTTP/2 302 Found
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:07 GMT
content-length: 0
location: https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6358195f1c3a1300015b02b9&s=503
set-cookie: afclick=6358195f1c3a1300015b02b9; expires=Wed, 25 Oct 2023 17:14:07 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "6500B0ACF30F6F9CAE55C8271765918E269E83606EA03825EC0636281B08E482"
Last-Modified: Mon, 24 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18382
Expires: Tue, 25 Oct 2022 22:20:29 GMT
Date: Tue, 25 Oct 2022 17:14:07 GMT
Connection: keep-alive

                                        
                                            GET /l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=6358195f1c3a1300015b02b9&s=503 HTTP/1.1 
Host: t2.blowingwnd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             51.161.115.163
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                            
Server: nginx
Date: Tue, 25 Oct 2022 17:14:07 GMT
Content-Length: 0
Connection: keep-alive
Round: 12bbr5cth7
Raund: 19q
Location: https://48.us.tealwinds.xyz/feed/?link=true&tid=48&subid=48.503&ref=&s1=6358195f42ac2e4e4e182733

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 5893
Cache-Control: max-age=145853
Date: Tue, 25 Oct 2022 17:14:08 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:45:01 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "0C34E07ED63A77CD64CF42F3C20ECA21E03BF6DFAB2C3A9D8C20332D7E6CD77E"
Last-Modified: Sun, 23 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2709
Expires: Tue, 25 Oct 2022 17:59:17 GMT
Date: Tue, 25 Oct 2022 17:14:08 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S22CFykeg+2T/7HEo0Wj1Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        
                                             35.160.97.225
HTTP/1.1 101 Switching Protocols
                                            
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KYPBlRW94H7UVrEvnH19Fb4TOlo=

                                        
                                            GET /feed/?link=true&tid=48&subid=48.503&ref=&s1=6358195f42ac2e4e4e182733 HTTP/1.1 
Host: 48.us.tealwinds.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             23.235.251.114
HTTP/1.1 301 Moved Permanently
                                            
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/click/invalid/?tid=48&subid=48.503
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Tue, 25 Oct 2022 19:26:00 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Tue, 25 Oct 2022 19:26:00 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Tue, 25 Oct 2022 19:26:00 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Tue, 25 Oct 2022 19:26:00 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7911
Expires: Tue, 25 Oct 2022 19:26:00 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 9209
x-amzn-requestid: 94dad7b4-9c12-4bda-9202-3b7427185182
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aLiElGzEIAMFnOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e16e9-3c79cd392d5bc4312a730cda;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 03:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c5_B2RXKJx7FHrQvHdCG50zcDFWUqaaZu0GYuCxEI8fpK019dSlD3Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 13:16:32 GMT
age: 14257
etag: "5080ba75c230fd2b303f29a9b64868c6e8771df8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9209
Md5:    89448f1a52030b28e9ecfcdc190787d4
Sha1:   5080ba75c230fd2b303f29a9b64868c6e8771df8
Sha256: 10a736997d441e274a54e9689c349d407087fef7aa7c0f4d0a7a603e446fdabd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fee370a-a947-4a08-9ba6-18c6c792f716.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 5662
x-amzn-requestid: cb169868-462c-4083-af25-ca65cb2df563
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3EhH7SoAMFdeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054f-1635cae5575eed4a43607a11;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dpxbLV6cVUBnRvlwqBccWltel3NQThen1b9daizhF4JF426bL1d12w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:56:50 GMT
age: 69439
etag: "d2e9a4cba5fc07d90f30a5bfc7efa91eea784f94"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5662
Md5:    d0215d09b407ecfd690d63aee6a30add
Sha1:   d2e9a4cba5fc07d90f30a5bfc7efa91eea784f94
Sha256: 6147a16325e6c63e7e3acfde58a4cfcd04564ddd6df61835e6e563ec6e67aa3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d122f5c-ef0b-49a6-a68c-137a02ef7894.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 8239
x-amzn-requestid: c37a1abe-9823-4181-a64f-5cc074cfdf2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3OeGxOoAMFtJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357058f-10c7cfed331c043e00a600e0;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:37:19 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ltiKOh8lG4pGE5tYpouvCu-KMHifbcFs9LgYLbEfYTD36Aw9xYEsKw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:49:13 GMT
age: 69896
etag: "5a8579a70d8791a19e0192995c46594e242e864d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8239
Md5:    b3e41dda631c7f2ee5e664d43e48af31
Sha1:   5a8579a70d8791a19e0192995c46594e242e864d
Sha256: c26bec6c4527220272777fe7b3209d8726c94105955ef15f05a584bae50ae719
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5799e548-737d-43a5-ae0b-3ccb8e2f1daf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 8031
x-amzn-requestid: 39e6cba4-dc3b-4fe8-9f00-f9042b3dfb3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3D7E2SoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054c-541d3ed176c9176913844804;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KfIXjRxRZXL0gD2Etdn5kfEjPkqA-faF2KHqrWikR0etkh6oGU4ifw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:09 GMT
age: 69840
etag: "0c4bc06cb32bae6cdcbd61fde8b6289fa901a0c2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8031
Md5:    6977b5f01197ed4e914157b59ce56c2a
Sha1:   0c4bc06cb32bae6cdcbd61fde8b6289fa901a0c2
Sha256: 98ed9be1f79f4d1ff9acd3dc22aa64f7e0218d7c4854fc7cb71e70dd341dd7ed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jiu-Z6DMgXxXdZ5BDwjNoq5Y15kBgM894k4EY2qSRZKdvk0bfkn89A==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:16 GMT
age: 69833
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4206
Md5:    3cf322f19151bcfa374c2e32b9ac986f
Sha1:   e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
Sha256: 54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUBXr7SKYdvhryoB8p9to-Eo8twjspRYnHO2xf9TtvLJIIyOwe3W1w==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:43:49 GMT
age: 34220
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8090
Md5:    531f350512ac7712d932234803aa4602
Sha1:   2fb4599ad3d513a160c1f29fefda27b45852c381
Sha256: 7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "C753E6D5F95F6AA9ECA822E2A450E867D80C6818AAE70132B1A550182A9AE4D3"
Last-Modified: Tue, 25 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8653
Expires: Tue, 25 Oct 2022 19:38:22 GMT
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive

                                        
                                            GET /click/invalid/?tid=48&subid=48.503 HTTP/1.1 
Host: redir.tealwinds.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                            
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=48
Vary: Accept
Content-Length: 222
Date: Tue, 25 Oct 2022 17:14:09 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   222
Md5:    0c9e1d82d734ec8b4e2a0699a0c4777f
Sha1:   0cab14788eb4d5007b405b43d07a8817637d658d
Sha256: 3b80b645103faf7175803daa42d76ada01525d7d275b13e8b04ebea29e57b41a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "6500B0ACF30F6F9CAE55C8271765918E269E83606EA03825EC0636281B08E482"
Last-Modified: Mon, 24 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18379
Expires: Tue, 25 Oct 2022 22:20:29 GMT
Date: Tue, 25 Oct 2022 17:14:10 GMT
Connection: keep-alive

                                        
                                            GET /l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=48 HTTP/1.1 
Host: t2.lowtid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             51.161.115.163
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                            
Server: nginx
Date: Tue, 25 Oct 2022 17:14:10 GMT
Content-Length: 0
Connection: keep-alive
Round: 12mpjzhhaf
Raund: 1z5
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=635819624cfbb67d0e1b3c1e&fid=888

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "AC74C17270C1394F5CD23F894F801D230A285C0CEE353D8A515963CDC99A82AD"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2710
Expires: Tue, 25 Oct 2022 17:59:20 GMT
Date: Tue, 25 Oct 2022 17:14:10 GMT
Connection: keep-alive

                                        
                                            GET /emw/v1/dt?sid=888.no.firefox.&k=bfb&url=&xrw=&lid=635819624cfbb67d0e1b3c1e&fid=888 HTTP/1.1 
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             5.161.78.177
HTTP/2 307 Temporary Redirect
content-type: text/html
                                            
date: Tue, 25 Oct 2022 17:14:10 GMT
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=635819624cfbb67d0e1b3c1e&source=888.no.firefox.
set-cookie: emwxcid_4_1=7i3LWdMEWrWXVMUKrKkOqNhvl3vBP0IagYueDidLQJMK3Lwr5C; expires=Wed, Oct 25 2023 17:14:10 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   164
Md5:    813f9846b49c0ada805648edf1b2fdbd
Sha1:   caa24890460f73e6a72bb49426351e67e83b053d
Sha256: 8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "5B57F84A06CEDDB7A31F948A3C7B7B881541E52D85BDCB5DA8E60BFEC1DBD0E8"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10054
Expires: Tue, 25 Oct 2022 20:01:44 GMT
Date: Tue, 25 Oct 2022 17:14:10 GMT
Connection: keep-alive

                                        
                                            GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=635819624cfbb67d0e1b3c1e&source=888.no.firefox. HTTP/1.1 
Host: cola.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                            
Server: nginx
Date: Tue, 25 Oct 2022 17:14:10 GMT
Content-Length: 0
Connection: keep-alive
Round: 10utd7p54d
Raund: 2h2
Location: https://www.trackmwsg.digital/?sl=5497933-f304f&data1=Track1&data2=Track2&tag=635819622a6d9570bb4f1a1c&website=888.no.firefox.


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Blocklists:
  - quad9: Sinkholed
                                        
                                            GET /?sl=5497933-f304f&data1=Track1&data2=Track2&tag=635819622a6d9570bb4f1a1c&website=888.no.firefox. HTTP/1.1 
Host: www.trackmwsg.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             51.68.85.158
HTTP/1.1 200 OK
Content-Type: text/html
                                            
Date: Tue, 25 Oct 2022 17:14:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3448)
Size:   4295
Md5:    079c8e6029b1063df86fa7e748e98c50
Sha1:   2df44413c601ebae91dfda296fe577354258e76f
Sha256: ff743c4002ad3d4f577849f507c5b8f2d81a6c404939981eb28af226c8993af0

Blocklists:
  - quad9: Sinkholed
                                        
                                            GET /?sl=5497933-f304f&data1=Track1&data2=Track2&tag=635819622a6d9570bb4f1a1c&website=888.no.firefox.&eyeg=8b7869d8a2e3c46cd59ad080f31fc2f8&eyer=0.9571834563925559&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef= HTTP/1.1 
Host: www.trackmwsg.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                        
                                             51.68.85.158
HTTP/1.1 302 Found
                                            
Date: Tue, 25 Oct 2022 17:14:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.trackmwsg.digital/?sl=5497933-f304f&data1=Track1&data2=Track2&tag=635819622a6d9570bb4f1a1c&website=888.no.firefox.&eyeg=3&eyer=0.9571834563925559&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Blocklists:
  - quad9: Sinkholed
                                        
                                            GET /?sl=5497933-f304f&data1=Track1&data2=Track2&tag=635819622a6d9570bb4f1a1c&website=888.no.firefox.&eyeg=3&eyer=0.9571834563925559&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef= HTTP/1.1 
Host: www.trackmwsg.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                        
                                             51.68.85.158
HTTP/1.1 302 Found
                                            
Date: Tue, 25 Oct 2022 17:14:11 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300067d00db82d5a6f3589309518c2bf83781025-202210-flb*5497933-f304f*635819622a6d9570bb4f1a1c*sl_5497933-f304f*1e5235aa2bc1ccf0c54f94dd996e9b194cfd5e89*888.no.firefox.*


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Blocklists:
  - quad9: Sinkholed
                                        
                                            GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300067d00db82d5a6f3589309518c2bf83781025-202210-flb*5497933-f304f*635819622a6d9570bb4f1a1c*sl_5497933-f304f*1e5235aa2bc1ccf0c54f94dd996e9b194cfd5e89*888.no.firefox.* HTTP/1.1 
Host: admoustache.go2affise.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6358195f1c3a1300015b02b9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             34.91.27.112
HTTP/2 302 Found
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:11 GMT
content-length: 0
location: https://myofferplus.com/rc/a91581ead4?affclick=635819635e3556000151a78f&pubid=503
set-cookie: afclick=635819635e3556000151a78f; expires=Wed, 25 Oct 2023 17:14:11 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 6295
Cache-Control: max-age=134747
Date: Tue, 25 Oct 2022 17:14:11 GMT
Etag: "63576c28-117"
Expires: Thu, 27 Oct 2022 06:39:58 GMT
Last-Modified: Tue, 25 Oct 2022 04:55:04 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 5402
Cache-Control: max-age=133855
Date: Tue, 25 Oct 2022 17:14:11 GMT
Etag: "63576c28-117"
Expires: Thu, 27 Oct 2022 06:25:06 GMT
Last-Modified: Tue, 25 Oct 2022 04:55:04 GMT
Server: ECS (amb/6BC5)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /34363?click=pubb4e5dbeea6dd49e98f21807aedebe78b&pubid=898005da HTTP/1.1 
Host: 139.59.49.76
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        
                                             139.59.49.76
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                            
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22J25224411A034363012829mo8zA&pubid=34363
vary: Accept, Accept-Encoding
content-length: 226
date: Tue, 25 Oct 2022 17:14:11 GMT


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   226
Md5:    ab7af7c7d70b6d84b5922f65ab0080a7
Sha1:   219226457c7ac705a357b88402249789dfdc376c
Sha256: 6d47d285e571245bc84d745537bc82da95731a84fd540f18725abb69462251b6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Cache-Control: max-age=152941
Date: Tue, 25 Oct 2022 17:14:12 GMT
Etag: "6357cbd1-118"
Expires: Thu, 27 Oct 2022 11:43:13 GMT
Last-Modified: Tue, 25 Oct 2022 11:43:13 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 6296
Cache-Control: max-age=134747
Date: Tue, 25 Oct 2022 17:14:12 GMT
Etag: "63576c28-117"
Expires: Thu, 27 Oct 2022 06:39:59 GMT
Last-Modified: Tue, 25 Oct 2022 04:55:04 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Cache-Control: max-age=152941
Date: Tue, 25 Oct 2022 17:14:12 GMT
Etag: "6357cbd1-118"
Expires: Thu, 27 Oct 2022 11:43:13 GMT
Last-Modified: Tue, 25 Oct 2022 11:43:13 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 5646
Cache-Control: max-age=112158
Date: Tue, 25 Oct 2022 17:14:12 GMT
Etag: "63571674-138"
Expires: Thu, 27 Oct 2022 00:23:30 GMT
Last-Modified: Mon, 24 Oct 2022 22:49:24 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 312

                                        
                                            GET /click?pid=930&offer_id=18720&sub1=puba513478bbce542d7857094b95342362a&sub2=11213b3c_34363 HTTP/1.1 
Host: aditmedia.g2afse.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        
                                             34.91.234.242
HTTP/2 302 Found
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:12 GMT
content-length: 0
location: https://ad.marootrack.co/?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=635819647c23bd0001adea59
set-cookie: afclick=635819647c23bd0001adea59; expires=Wed, 25 Oct 2023 17:14:12 GMT; secure; SameSite=None afoffers={"18720":1666718052}; expires=Wed, 25 Oct 2023 17:14:12 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /?utm_medium=56350e907b27b4e99d4ce73cf6c4424f6399e01a&utm_campaign=NewMainLink&1=930_11213b3c_34363&cid=635819647c23bd0001adea59 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surf.ueive.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        
                                             65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:13 GMT
location: https://ad.marootrack.co/?utm_term=7158499529304571943&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=9a1420c3bfbc0fd8d92ab44a9f1c1e51; expires=Wed, 25-Oct-2023 17:14:13 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5787
Md5:    cf944be2714da19299b4a1e716141a79
Sha1:   431ff0101ad54d821c6d0470a79fe70c93c1c5ca
Sha256: 2db60b2f92877a1edcb0553211fc382267199067d406a6adebb93b9e11febf14
                                        
                                            GET /sw.js?v=1666718051305 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=9a1420c3bfbc0fd8d92ab44a9f1c1e51
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        
                                             65.60.58.179
HTTP/2 200 OK
content-type: application/javascript
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:13 GMT
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   776
Md5:    f72a11763f13b05c1f2379d13387dd05
Sha1:   002fbf7672d3f4655b89b6413d160e4185ce9900
Sha256: 70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11

Blocklists:
  - fortinet: Malware
                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             104.21.20.70
HTTP/2 200 OK
content-type: text/css
                                            
date: Tue, 25 Oct 2022 17:14:11 GMT
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 809
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bbPljAoKdZ4AYgsDdq8vq8BwjdIVZf%2F4rPySbBx6GyEgiuuaYM3hJTZxqZIyClBJMEqF1g0g4VRizhO%2BMywvIlnrMbx8N09Iw4SmNKsi%2BlrGqqEWFkH4zkq8KYI3kN7s6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75fc964c9ec4b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1242), with no line terminators
Size:   745985
Md5:    31114a0aa778e8d990de2d3fad1b64b1
Sha1:   a3d8b077d3abec5ce24accb19741e3613e771c61
Sha256: cbd8250959e2b0f4a43a9e49d89bb7f9f1b8d0285c64289b1d5b4165ad5d483f
                                        
                                            GET /rc/a91581ead4?affclick=635819635e3556000151a78f&pubid=503 HTTP/1.1 
Host: myofferplus.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        
                                             104.21.24.76
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                            
date: Tue, 25 Oct 2022 17:14:11 GMT
set-cookie: AWSALB=DLw+O4jxyuDbtNxAchY+M41zZ09PK9CUfe5iZ8mclrVlQUf5vRw6jOni5VavkKCAzhSKxCyb5loybcRtD4dnPdFVY+F3TmS3TgWXwN41qV8dndB0mm7TJKHOo0CW; Expires=Tue, 01 Nov 2022 17:14:11 GMT; Path=/ AWSALBCORS=DLw+O4jxyuDbtNxAchY+M41zZ09PK9CUfe5iZ8mclrVlQUf5vRw6jOni5VavkKCAzhSKxCyb5loybcRtD4dnPdFVY+F3TmS3TgWXwN41qV8dndB0mm7TJKHOo0CW; Expires=Tue, 01 Nov 2022 17:14:11 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VtiwpQI3n%2FMJzcbV9tv%2BCt1GfFuwX5dI8AwQE%2BMTqHoDK5EAvtTZCCD3tldT9WkHpmTuaiMDzOAum1y7ofR%2BOiHFq27P5TINNx%2BLN4kTh6t5PPZH4j8REmnJYLJdgelpsF8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75fc964b7b3eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   493
Md5:    7e92851d59664c93899f7209989d0bfe
Sha1:   b5d0d2310bd6193723b21d1ba399ea7c144093a7
Sha256: 3f8b6f04ff83ae20e601d8ac8d1c749e449bbe5c5d842714fa6cde1f845469cb
                                        
                                            GET /sw.js?v=1666718051305 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=9a1420c3bfbc0fd8d92ab44a9f1c1e51
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 03 Oct 2022 07:40:54 GMT
If-None-Match: "633a9206-308"
Cache-Control: max-age=0
TE: trailers

                                        
                                             65.60.58.179
HTTP/2 304 Not Modified
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:15 GMT
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Blocklists:
  - fortinet: Malware
                                        
                                            GET /rc/736006a179?affclick=22J25224411A034363012829mo8zA&pubid=34363 HTTP/1.1 
Host: surf.ueive.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        
                                             104.21.92.26
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                            
date: Tue, 25 Oct 2022 17:14:12 GMT
set-cookie: AWSALB=QkAHjkOaj+zOirejmhbMdkYHnKopcAg/KSNF8PFJAXJ9n+LqOjTkOYEQxutygojpaK/uYQEjMbmvgtPmaqO6vNpXiCqps25Lkzcdymt/4izciQ45h2lZUbOEysk/; Expires=Tue, 01 Nov 2022 17:14:12 GMT; Path=/ AWSALBCORS=QkAHjkOaj+zOirejmhbMdkYHnKopcAg/KSNF8PFJAXJ9n+LqOjTkOYEQxutygojpaK/uYQEjMbmvgtPmaqO6vNpXiCqps25Lkzcdymt/4izciQ45h2lZUbOEysk/; Expires=Tue, 01 Nov 2022 17:14:12 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYrzXvJuWPynKjJsqExvzWQULPR2cloSICmXzefqa5ElniMiOW0Ek22rGWb7ZQtNOEUuhN3HwvUThM2o8mFKCD6WjPak2WRhyULJiw9ajX%2ButVrHb7%2Bz20udjvLTxCzLhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75fc9653ebadb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /redirect.css HTTP/1.1 
Host: cdn.addlnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://surf.ueive.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             104.21.20.70
HTTP/2 200 OK
content-type: text/css
                                            
date: Tue, 25 Oct 2022 17:14:12 GMT
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxbLEnCTILojVeMCDbp%2F2PpsD6R9aTDQvXlzCh5F0McFdcY21VrPhXhadsyXuA4%2ByrPfe%2FpJhy%2BC5jUJHIxvawmrBKAhjrkjJO%2B%2FkzI72KDyFz60O%2FesWEwB3Ykrwr331Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75fc96551d68b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /proc.php?2b432db8611e0460199bc3eac1cbd76966083102 HTTP/1.1 
Host: ad.marootrack.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.marootrack.co/?utm_term=7158499529304571943&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=9a1420c3bfbc0fd8d92ab44a9f1c1e51
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                        
                                             65.60.58.179
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                            
server: nginx
date: Tue, 25 Oct 2022 17:14:14 GMT
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7158499529304571943&pub=21899&pid=21899-6505e866&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 

Blocklists:
  - fortinet: Malware