Report - 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm

Report Overview

Submitted URL
13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-03 17:22:14
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
kimberlite.io	166512	2017-09-14T07:18:59Z	2023-03-12T20:22:58Z	905 B	983 B	80.78.249.201
dmg.digitaltarget.ru	21471	2015-04-23T16:50:51Z	2023-03-13T06:26:03Z	912 B	1.4 kB	185.15.175.131
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	5.1 kB	13 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
sartojelius.com	unknown	2021-12-24T08:04:06Z	2023-03-13T07:10:38Z	2.1 kB	5.8 kB	88.208.46.22
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.167.56.184
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.21.226
acint.net	22962	2014-02-14T22:23:16Z	2023-03-13T08:33:52Z	625 B	549 B	185.12.125.26
d.uuidksinc.net	807677	2015-07-21T09:00:45Z	2023-03-02T15:04:54Z	1.4 kB	548 B	31.220.27.134
solta-sync.rutarget.ru	unknown	2022-12-12T12:00:58Z	2023-03-10T10:58:21Z	348 B	411 B	178.170.196.247
13.biqund.com	unknown	2022-07-01T06:28:30Z	2023-02-03T15:58:21Z	4.5 kB	53 kB	188.114.96.1
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
hdtcode.com	unknown	2019-05-01T19:48:45Z	2023-03-13T07:10:36Z	382 B	272 B	185.98.54.153
dmpprof.com	19328	2020-05-10T17:06:33Z	2023-03-13T05:57:42Z	425 B	942 B	85.192.12.174
ssp-rtb.sape.ru	31166	2016-02-02T18:01:03Z	2023-03-13T08:33:52Z	554 B	853 B	193.3.184.216
kadam-sync.rutarget.ru	unknown	2017-02-01T20:16:37Z	2023-03-02T15:04:53Z	381 B	415 B	87.242.93.112
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76
s.uuidksinc.net	3423	2015-07-20T14:00:35Z	2023-03-13T05:57:41Z	631 B	358 B	31.220.27.134
dm-eu.hybrid.ai	28847	2021-01-25T12:48:59Z	2023-03-13T06:16:11Z	407 B	528 B	37.18.103.21
rtb.com.ru	26476	2015-11-23T16:25:15Z	2023-03-13T06:07:27Z	400 B	238 B	83.222.114.186
ocsp.usertrust.com	899	2012-05-21T17:43:18Z	2023-03-13T08:38:38Z	684 B	2.0 kB	172.64.155.188
fcgi4.gnezdo.ru	69027	2020-06-11T14:55:54Z	2023-03-13T05:57:42Z	831 B	1.1 kB	93.95.102.105
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
uuidksinc.net	3420	2015-05-31T10:43:35Z	2023-03-13T05:57:41Z	517 B	1.4 kB	31.220.27.134
www.acint.net	29072	2014-02-14T22:23:16Z	2023-03-13T08:33:52Z	1.0 kB	1.6 kB	185.12.125.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 17:22:35	low	188.114.96.1	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	4.4 kB	2023-03-13	2023-03-13
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:58:31 Last Seen2023-03-13 15:58:31 Times Seen1 Hash 9df0339cb898c5004c66c351fdeca506 84260f9c35b601a19263f3203324f003453228d5 d8fc297b6a7b99c9f5da656bb3a37b6580e272e113c5ea9215677e895f3da2c9 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	132 B	2023-03-07	2023-12-09
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2023-12-09 20:19:24 Times Seen56 Hash 5f0a969877e776e2133031b26ba565fa 9a3c6b5419da44c247d177fea41386386835b5b6 61bfcec4592ebf8f9d08f23ce6c245d20586312db6c53cde6377e5888ef05971 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	695 B	2023-03-07	2024-03-29
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2024-03-29 16:46:43 Times Seen193 Hash 9e8d92218ee3ebc50c02807f95053e1d 471165c67069eb5e4a1a96bf3de5f2da1c8a1dff a7f50ca9fb45ef36eadc0461fd33f27d2f3032fcec793bcc869c43dba2b5bb73 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	52 B	2023-03-07	2023-04-05
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2023-04-05 01:43:15 Times Seen25 Hash 9cba636a4a337015d3e0e9c13c57f772 41c46366494629b41d3850a0c412b036db9ff4ad 4023b783f9a4bb43f16c1f1bffa94466c37983c1aec1a38beb034f366df704ea Loading...

	13.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=29857	43 kB	2023-03-12	2023-03-14
Pretty URL 13.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=29857 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:21:56 Last Seen2023-03-14 13:41:08 Times Seen1 Hash 3f3c44b4999fc05fd33780711f7c6842 f2c559e2403d0f4fe3948f3a45df5ee950a801e1 a24f46d0467ad0952d3cdf750b194341fa03d469620a090aa54f0c678367ceb7 Loading...

	uuidksinc.net/matchx	2.1 kB	2023-03-13	2023-03-13
Pretty URL uuidksinc.net/matchx IP 31.220.27.134 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:09:14 Last Seen2023-03-13 18:18:53 Times Seen1 Hash 32c94d577a5090c79f3a80eb4a02ddee f1ee0ac32182bfe3134a2dde6431dd07df30962c 2eaf80a51d7bfcdaffc5051b95196cd96a4b29b69a23b2451ab714525aead87b Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	30 kB	2023-03-08	2023-04-05
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:34:27 Last Seen2023-04-05 01:43:15 Times Seen50 Hash bf5dc2d632990314fa3957bdb7947884 6a3b42f424a7303c46eeedd22ec858d9790db2f4 8c1d60c3544f3a192dd78007c6b2a1f44fe9c576491f2ca85389d4e02cc94cb3 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	2.2 kB	2023-03-07	2024-03-29
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2024-03-29 16:46:43 Times Seen189 Hash a40976860ec9865090d3e26ffc73cc94 40f16d9869020c5752974e91bd792ba0d1f015e8 65ba0a06506d4e77ec12f1f4f2a2b0709d8a90c5fbf1a56605433347a396f630 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	900 B	2023-03-07	2023-12-09
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2023-12-09 20:19:24 Times Seen53 Hash be6cbe38dacf9ef74e663c17f4c233ca 7bf7c0a293d29f75fa3bf3a45119676c8fc1cfd9 1bc0c2eba9cb2c3728ddabdffd42e1b9c53b1cb150f02eb59d53418eecd20e96 Loading...

	13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2	1.0 kB	2023-03-13	2023-03-13
Pretty URL 13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:58:31 Last Seen2023-03-13 23:17:35 Times Seen1 Hash 8225ab8a28175ddc59cf2b42fabf81a2 d3e608836cc36919aae305cce082cfa7bbf6ceb7 fcb46607fc8a5de27e255eb9f1005547e0f8ae98e8340cc11717231bb4dc6d4b Loading...

HTTP Transactions (61)

URL IP Response Size

13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2

188.114.96.1

200 OK

22 kB

URL HTTP/1.1
13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12693), with CRLF, LF line terminators
Size
22 kB (22127 bytes)
Hash
4773084a8340ef3411fc4876ead190ed
c886b063b3dcddc26c043a9a8acbeed01e173941
72984a822d4a7b21d1a1286c3a65a707d3492fb99dbf3fdd9724b142c0f7a320

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

HTTP Headers

GET /index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2 HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ibLAqW2SGwqKNqyLwXvIvujLPaH23nKcrVVUr8CCerHAeInUL5EwrX459JtuAJ0jPCsMa1VU6XYmnr4SI%2FcNVGv5oM14jGaFspJCJmlZbDUcJuZeFGnfAojC3FjjCK0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793cd8b1aaa3b512-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20166
Expires: Fri, 03 Feb 2023 22:58:09 GMT
Date: Fri, 03 Feb 2023 17:22:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6487
Expires: Fri, 03 Feb 2023 19:10:10 GMT
Date: Fri, 03 Feb 2023 17:22:03 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 16:36:11 GMT
content-type: application/json
age: 2752
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11580
Expires: Fri, 03 Feb 2023 20:35:03 GMT
Date: Fri, 03 Feb 2023 17:22:03 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: GmuPO1ex+eNa6aZlRukaMNslQQ56+vylnTqm3bdtLpFiM1kolvq5Tr5fd+o44QaITU8qDUc/3K0=
x-amz-request-id: RQQQX93AW0TDA65A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 16:23:36 GMT
age: 3507
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

13.biqund.com/assets/styles/arrow.css?v1

188.114.96.1

200 OK

2.1 kB

URL HTTP/1.1
13.biqund.com/assets/styles/arrow.css?v1
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.1 kB (2149 bytes)
Hash
42f2eac8fc2d717d43b63c19404d009d
f160ecec8abed0763a70ab4c412697cb661bb9a7
2c64ecb52bdbe782356e6b4c2763127a375d1114c858011f73455cfd27232efc

HTTP Headers

GET /assets/styles/arrow.css?v1 HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: W/"636262bc-1a14"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyXUd1TOdRMsNmLhLtWc3Qp2Ign2zIUKr9hMpVRE7FCTRvGZC4iCLcT2FHg4EuwuNAte%2F2OaG9QJNq5yMO8uZlRdxbtU9cKTzxeuzK7YFWCfiNrX0%2Fwp4MMA9vE7RS%2Bf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8b36ce5b512-OSL
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 17:22:03 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

13.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=29857

188.114.96.1

200 OK

17 kB

URL HTTP/1.1
13.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=29857
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (42846), with no line terminators
Size
17 kB (17297 bytes)
Hash
671e8353a6488581dd408c2954905b90
113e8c5db5ff113d4eb0c4b7b1f8e516dd5997d0
13125afb040d05352412b5ca59e0da474941a6c5c8616c02301fb1fb5e90eb0b

HTTP Headers

GET /199f8c6.php?utm_source=ogdd&utm_campaign=29857 HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7v0JKzlj5pQ6ca5tk36H6K%2BThfXxm8byKo%2FgwdBwNpaoWE%2FoePs6luWlkvUkbhL8PGV%2BuLqy%2F3TLWtUq15I1usYlzf6hIEmO6vD0i9jrGbDqlKHkfCe638yfEUrYhK%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793cd8b36db8b521-OSL
alt-svc: h2=":443"; ma=60

13.biqund.com/download2/img/download-arrow.gif

188.114.96.1

404 Not Found

35 B

URL HTTP/1.1
13.biqund.com/download2/img/download-arrow.gif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
35 B (35 bytes)
Hash
196f73187bcbee4f9b8de0873cba3718
ae42246bd5bfd6ab7c0c92311f83adcdf66e8542
9527e03d7a1877187c413ed66b6a82c27751bd15cb04bc1665c260320f2d9f1e

HTTP Headers

GET /download2/img/download-arrow.gif HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r5a%2BWoBNxXhMIR5QsAq3vtVxt%2FoxN6SA7BQNSZYjSrpnnnJZ6dhBlxkYCP%2BqZ9doSomkmHfgYcL2vKtxbRpsFVBa%2FNt7NPRWZWa4K3dVU0zgjRZLfuOWKZNAHB24qizR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8b47f3bb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
006cd25e67a27c9ad672801b937ba574
5e9c0412d457aa4b0491808f9ede7648d3852857
919081b86718b69dd35da51477f494aceb66c60d45884e2afa6d17c5ac877258

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "919081B86718B69DD35DA51477F494ACEB66C60D45884E2AFA6D17C5AC877258"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14085
Expires: Fri, 03 Feb 2023 21:16:48 GMT
Date: Fri, 03 Feb 2023 17:22:03 GMT
Connection: keep-alive

sartojelius.com/44462

88.208.46.22

200 OK

3.2 kB

URL HTTP/1.1
sartojelius.com/44462
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (3243), with no line terminators
Size
3.2 kB (3243 bytes)
Hash
5cfb52fba0b9d17ad58a221942a94b4a
9d63facd4fe122e8f71cce7f2f41078c58e3e1f7
e6f0d522d12b60a4990470758a125019375b80ca0596aed88f5c5ad56563dbcb

HTTP Headers

POST /44462 HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://13.biqund.com/
Content-Type: text/plain;charset=UTF-8
Origin: http://13.biqund.com
Content-Length: 246
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://13.biqund.com
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Set-Cookie: userid=3ee3ab12-6bbe-4868-a99e-0728b8b46875; expires=Thu, 03-Feb-2028 17:22:03 GMT; Path=/; SameSite=None; Secure
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

13.biqund.com/favicon.ico

188.114.96.1

200 OK

4.0 kB

URL HTTP/1.1
13.biqund.com/favicon.ico
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.0 kB (4016 bytes)
Hash
a51793fe0317686ba089709c57a35b1a
61575816c708298644a9c26859edc3a17ae91ebd
b81a8f8301df8f22e0ca12689afd9855d710026631f486c9538fdb08b129b084

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: W/"636262bc-1007"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egtnmfSavz%2Ba%2FIiPupDAR3br9vm7JTH%2BOKKxB0JRlEMhE7u4%2FEDKcB76OTDqVE7Pq0SexAqKfv25Fkz5zHesNDXgEekifuPQMNaQ70RXcQ9AGxENU%2BaK%2B2ju8L%2BvGnSB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8b5b906b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sartojelius.com/event/set

88.208.46.22

200 OK

20 B

URL HTTP/1.1
sartojelius.com/event/set
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

POST /event/set HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://13.biqund.com/
Content-Type: text/plain;charset=UTF-8
Origin: http://13.biqund.com
Content-Length: 116
Connection: keep-alive
Cookie: userid=3ee3ab12-6bbe-4868-a99e-0728b8b46875
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://13.biqund.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Encoding: gzip

13.biqund.com/assets/images/arrow.png

188.114.96.1

200 OK

1.5 kB

URL HTTP/1.1
13.biqund.com/assets/images/arrow.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 114 x 135, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1477 bytes)
Hash
5205d8e424b5516e3965645163a80dcd
ea5b7794eaecf76c02c55879ad03b98e1f06068b
3795d041425e25372f0d6fcb7a66494c0224d844dd3038458549d05889052f96

HTTP Headers

GET /assets/images/arrow.png HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2
Cookie: pmvid=3ee3ab12-6bbe-4868-a99e-0728b8b46875

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: image/png
Content-Length: 1477
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: "636262bc-5c5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXelAeKz%2Bm5moSaLMkSv4keEsQVCk4cDCef%2BXz644JWLerLC%2B1NRE%2FyRVj37w5DAs0DorwkpCeAFVZy4pr1RWq7v%2BVuwPp%2FNZpvaIctjtrMFSn5xNlbYS6v1IgcQ4pmK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8b6299eb521-OSL
alt-svc: h2=":443"; ma=60

13.biqund.com/download2/img/arrow.png

188.114.96.1

200 OK

1.5 kB

URL HTTP/1.1
13.biqund.com/download2/img/arrow.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 114 x 135, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1477 bytes)
Hash
5205d8e424b5516e3965645163a80dcd
ea5b7794eaecf76c02c55879ad03b98e1f06068b
3795d041425e25372f0d6fcb7a66494c0224d844dd3038458549d05889052f96

HTTP Headers

GET /download2/img/arrow.png HTTP/1.1
Host: 13.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://13.biqund.com/index/d2?diff=0&utm_source=ogdd&utm_campaign=29857&utm_content=1087&utm_clickid=44k0coo0csgsk8og&aurl=https://jifikev.com/7-186pej-e1i-hn1d-bnn?deeplink=https://dagamah.com/9-1iora2-b8r-jn1d-f173?deeplink=https://t.me/+jQgq9BQb3jdjNGEy&subid_1=1087&subid_2=6953&subid_1=1087&subid_2=6953&an=&utm_term=6953&site=&isubs=2
Cookie: pmvid=3ee3ab12-6bbe-4868-a99e-0728b8b46875

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: image/png
Content-Length: 1477
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: "636262bc-5c5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1s%2B1hT38ksq9%2FRFEZ6U5LIA85U11GGgavZWstKODDGCPSsXQSk%2F0T2lwkybCvuSATzJLiGf%2FT2%2FPbQaSjRrRJI69Kg7m5dtx0jryQ8owaAYnlSkHF6MBKxtJOkVrD%2Fpj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8b6486db512-OSL
alt-svc: h2=":443"; ma=60

sartojelius.com/js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875

88.208.46.22

302 Found

0 B

URL HTTP/1.1
sartojelius.com/js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875 HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://13.biqund.com/
Cookie: userid=3ee3ab12-6bbe-4868-a99e-0728b8b46875
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 03 Feb 2023 17:22:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875; expires=Sun, 05-Mar-2023 17:22:03 GMT; Path=/; domain=.sartojelius.com; SameSite=None; Secure
Location: https://s.uuidksinc.net/match/1165/?remote_uid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3D3ee3ab12-6bbe-4868-a99e-0728b8b46875%26oid%3D%5BUID%5D
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 16:49:06 GMT
age: 1978
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6649cec5c801aa3fff97290003016d2d
35a6f109a0765391fe849c12e424314f2f4b306b
313c0dce32172895d1f476b34f2a0b23de7078c36ca5b8189803f109d25589dc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "313C0DCE32172895D1F476B34F2A0B23DE7078C36CA5B8189803F109D25589DC"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6453
Expires: Fri, 03 Feb 2023 19:09:37 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5aa03d944374e364d4fdbb8f9cbf95e
43e3c5a8a5ff027de3c9ad9a41b572e4f33e72f9
483314668ec3c34108277a26d39a4282ce255e416cb5cec43e3d30d5340b8138

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "483314668EC3C34108277A26D39A4282CE255E416CB5CEC43E3D30D5340B8138"
Last-Modified: Wed, 01 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5493
Expires: Fri, 03 Feb 2023 18:53:37 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

hdtcode.com/event?data=&id=30

185.98.54.153

200 OK

0 B

URL HTTP/2
hdtcode.com/event?data=&id=30
IP
185.98.54.153:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?data=&id=30 HTTP/1.1
Host: hdtcode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://13.biqund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:04 GMT
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

s.uuidksinc.net/match/1165/?remote_uid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3D3ee3ab12-6bbe-4868-a99e-0728b8b46875%26oid%3D%5BUID%5D

31.220.27.134

302 Found

0 B

URL HTTP/2
s.uuidksinc.net/match/1165/?remote_uid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3D3ee3ab12-6bbe-4868-a99e-0728b8b46875%26oid%3D%5BUID%5D
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match/1165/?remote_uid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3D3ee3ab12-6bbe-4868-a99e-0728b8b46875%26oid%3D%5BUID%5D HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://13.biqund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:04 GMT
content-length: 0
location: https://sartojelius.com/js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&oid=WDmnTxuPAgg5YH9TrAgp
set-cookie: jcsuuid=WDmnTxuPAgg5YH9TrAgp; expires=Sat, 03 Feb 2024 17:22:04 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

sartojelius.com/js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&oid=WDmnTxuPAgg5YH9TrAgp

88.208.46.22

200 OK

43 B

URL HTTP/1.1
sartojelius.com/js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&oid=WDmnTxuPAgg5YH9TrAgp
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /js/cs?uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875&oid=WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://13.biqund.com/
Connection: keep-alive
Cookie: userid=3ee3ab12-6bbe-4868-a99e-0728b8b46875; uuid=3ee3ab12-6bbe-4868-a99e-0728b8b46875
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 17:22:04 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: oid=WDmnTxuPAgg5YH9TrAgp; expires=Sun, 05-Mar-2023 17:22:04 GMT; Path=/; domain=.sartojelius.com; SameSite=None; Secure
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18650
Expires: Fri, 03 Feb 2023 22:32:54 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

push.services.mozilla.com/

35.167.56.184

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.167.56.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fmQUoJEqB7stgAR2QJPE/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lLdgs5J7EB6+xiH0plkUC7f4Kz4=

uuidksinc.net/matchx

31.220.27.134

200 OK

1.2 kB

URL HTTP/2
uuidksinc.net/matchx
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2136)
Size
1.2 kB (1227 bytes)
Hash
d811e6066bdd0e4ba0ee86ccd6bf8ab6
dfd20327fff83ef3d28d1062caa21fcd255595e8
963a44f479769a665f8a1bf131cd7d4819b8ad10775e144ac5c55ea155e8b7ce

HTTP Headers

GET /matchx HTTP/1.1
Host: uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://13.biqund.com/
Cookie: jcsuuid=WDmnTxuPAgg5YH9TrAgp
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:04 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

dm-eu.hybrid.ai/match?id=158&vid=WDmnTxuPAgg5YH9TrAgp

37.18.103.21

204 No Content

0 B

URL HTTP/2
dm-eu.hybrid.ai/match?id=158&vid=WDmnTxuPAgg5YH9TrAgp
IP
37.18.103.21:0
ASN
#205675 Hybrid LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match?id=158&vid=WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 03 Feb 2023 17:22:04 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=c426e6e24397e347744e; Expires=Sat, 03 Feb 2024 17:22:03 GMT; Domain=.hybrid.ai; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 520
x-xss-protection: 1; mode=block
access-control-allow-origin: https://uuidksinc.net
access-control-allow-credentials: true
server: Hybrid Web Server
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d82139609e323e908fac5d93cc352a0
16464d86dbab5ffda5e66d870c5d139ee69f9422
dafce9d952b644da844563623a477eec073d696e74275b56b8329ed44b64aa57

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAFCE9D952B644DA844563623A477EEC073D696E74275B56B8329ED44B64AA57"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13140
Expires: Fri, 03 Feb 2023 21:01:04 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

www.acint.net/rmatch?dp=191&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D%24%7BUSER_ID%7D

185.12.125.26

302 Found

154 B

URL HTTP/2
www.acint.net/rmatch?dp=191&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D%24%7BUSER_ID%7D
IP
185.12.125.26:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?dp=191&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: openresty
date: Fri, 03 Feb 2023 17:22:04 GMT
content-type: text/html
content-length: 154
location: /rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D&dp=191&tc=1
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Fri, 03-Feb-23 17:32:04 GMT
aid=CkIDE2PdQrwcKgpqTn5HAqikUdlXXijeOjvCncjnDEDWZrI8; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
8e4ae26c99f9dac8a0c6d89bc00f7a22
6f556dd3e32ce6c67c719818279c3992de588ed1
4ccdf74c2abae1717f145f99f63fa7ad92ccdcff362084712514b51f8949d3d9

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Tue, 07 Feb 2023 15:20:45 GMT
ETag: "6f556dd3e32ce6c67c719818279c3992de588ed1"
Last-Modified: Fri, 03 Feb 2023 15:20:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 838
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8bbf9e50b02-OSL

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
39c234f2571e2fecde624b68d5ca451c
3368d6757dd537f7d64e997a06fe6b09db578a70
194f977a6fe1d539db43fc43164039d28334c06609305b64dffdd14d42ea7b0e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "194F977A6FE1D539DB43FC43164039D28334C06609305B64DFFDD14D42EA7B0E"
Last-Modified: Fri, 03 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10497
Expires: Fri, 03 Feb 2023 20:17:01 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

www.acint.net/rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D&dp=191&tc=1

185.12.125.26

302 Found

154 B

URL HTTP/2
www.acint.net/rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D&dp=191&tc=1
IP
185.12.125.26:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D&dp=191&tc=1 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission; aid=CkIDE2PdQrwcKgpqTn5HAqikUdlXXijeOjvCncjnDEDWZrI8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: openresty
date: Fri, 03 Feb 2023 17:22:04 GMT
content-type: text/html
content-length: 154
location: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253D$%257BUSER_ID%257D&dp=14
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
set-cookie: cSyncDp14v3=1675444924; expires=Sun, 05-Mar-23 17:22:04 GMT; path=/; Secure; SameSite=None; domain=.acint.net
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2

dmpprof.com/matching/external/pixel.gif?sid=14&uid=WDmnTxuPAgg5YH9TrAgp

85.192.12.174

200 OK

43 B

URL HTTP/2
dmpprof.com/matching/external/pixel.gif?sid=14&uid=WDmnTxuPAgg5YH9TrAgp
IP
85.192.12.174:0
ASN
#12695 LLC Digital Network

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /matching/external/pixel.gif?sid=14&uid=WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: dmpprof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 17:22:04 GMT
content-type: image/gif
content-length: 43
last-modified: Fri, 03 Feb 2023 17:22:04 GMT
expires: Wed, 11 Nov 1998 11:11:11 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: nmatch=14_WDmnTxuPAgg5YH9TrAgp; expires=Sat, 04 Feb 2023 05:22:04 GMT; path=/; secure; SameSite=None
uid=temp-91.90.42.154-; expires=Fri, 03 Feb 2023 19:22:04 GMT; path=/; secure; SameSite=None
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH, GET, POST, OPTIONS
access-control-allow-headers: Origin,Content-Type,Accept,Authorization,X-Requested-With, DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f3f15ff2714ae5a6a878f5f0e8dae5f2
1cce0f8fef7c589ee1193e42e7e82bb704d9e190
14fe174a664d908c6a4dd0da7280c64641bfb2618ec75106874e9fa397938fd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14FE174A664D908C6A4DD0DA7280C64641BFB2618EC75106874E9FA397938FD8"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=664
Expires: Fri, 03 Feb 2023 17:33:08 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

kimberlite.io/rtb/sync/kadam?u=WDmnTxuPAgg5YH9TrAgp

80.78.249.201

307 Temporary Redirect

0 B

URL HTTP/1.1
kimberlite.io/rtb/sync/kadam?u=WDmnTxuPAgg5YH9TrAgp
IP
80.78.249.201:0
ASN
#197695 Domain names registrar REG.RU, Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rtb/sync/kadam?u=WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: kimberlite.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Fri, 03 Feb 2023 17:22:04 GMT
Content-Length: 0
Connection: keep-alive
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: u=Y91CvHbrWfw~XmccifqhpYeifowO_beeiY4p52g; path=/; max-age=7776000; samesite=none; httponly; secure
f=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F499%2F%3Fremote_uid%3DY91CvHbrWfw; max-age=30; samesite=none; httponly; secure
n=1; max-age=30; samesite=none; httponly; secure
location: https://solta-sync.rutarget.ru/sync
referrer-policy: no-referrer
server-timing: app;srv=2;dur=0.0002

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
625db98ded64d33f3649378918788897
e48be419f8559bf38d62d48bb391251f40553fcf
934f40c7f5a20e2d2f241da3087d4166bcb2481a6ee6e3970c93b8ccfeddf543

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "934F40C7F5A20E2D2F241DA3087D4166BCB2481A6EE6E3970C93B8CCFEDDF543"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10662
Expires: Fri, 03 Feb 2023 20:19:46 GMT
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive

rtb.com.ru/kadam-sync?uid=WDmnTxuPAgg5YH9TrAgp

83.222.114.186

204 No Content

0 B

URL HTTP/1.1
rtb.com.ru/kadam-sync?uid=WDmnTxuPAgg5YH9TrAgp
IP
83.222.114.186:0
ASN
#42632 MnogoByte LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /kadam-sync?uid=WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: rtb.com.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx/1.18.0
Date: Fri, 03 Feb 2023 17:22:04 GMT
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
P3p: CP="rtb.com.ru does not have a P3P policy"

ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253D$%257BUSER_ID%257D&dp=14

193.3.184.216

302 Moved Temporarily

142 B

URL HTTP/1.1
ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253D$%257BUSER_ID%257D&dp=14
IP
193.3.184.216:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
142 B (142 bytes)
Hash
82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c

HTTP Headers

GET /rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253D$%257BUSER_ID%257D&dp=14 HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/rmatch?dp=14&euid=4002420ABD42DD63AB006597029818A5&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=CkICQGPdQr2XZQCrpRiYAvsdYtvhot4vqiD3g0VwKqhXdnr7; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None

acint.net/rmatch?dp=14&euid=4002420ABD42DD63AB006597029818A5&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D

185.12.125.26

302 Found

154 B

URL HTTP/2
acint.net/rmatch?dp=14&euid=4002420ABD42DD63AB006597029818A5&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D
IP
185.12.125.26:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?dp=14&euid=4002420ABD42DD63AB006597029818A5&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3D$%7BUSER_ID%7D HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission; aid=CkIDE2PdQrwcKgpqTn5HAqikUdlXXijeOjvCncjnDEDWZrI8; cSyncDp14v3=1675444924
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: openresty
date: Fri, 03 Feb 2023 17:22:05 GMT
content-type: text/html
content-length: 154
location: https://d.uuidksinc.net/match/383/?remote_uid=1303420ABC42DD636A0A2A1C02477E4E
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2

d.uuidksinc.net/match/383/?remote_uid=1303420ABC42DD636A0A2A1C02477E4E

31.220.27.134

200 OK

74 B

URL HTTP/2
d.uuidksinc.net/match/383/?remote_uid=1303420ABC42DD636A0A2A1C02477E4E
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
74 B (74 bytes)
Hash
9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

HTTP Headers

GET /match/383/?remote_uid=1303420ABC42DD636A0A2A1C02477E4E HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=WDmnTxuPAgg5YH9TrAgp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:05 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fda91fa23cb10f30886b8eeb9f707e2
6f7a61ea7e4c4529997bd00f12e97930a632f8c5
b3540cb1284fe60c7bc16e069e88439b8bfe80058aeb10131e6199cfd97ac3c7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3540CB1284FE60C7BC16E069E88439B8BFE80058AEB10131E6199CFD97AC3C7"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7036
Expires: Fri, 03 Feb 2023 19:19:21 GMT
Date: Fri, 03 Feb 2023 17:22:05 GMT
Connection: keep-alive

ocsp.usertrust.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
51ab5a8626b70c7594e57366f659f93d
b306da2759928ddd7895083be1196fae9f634197
2eb603282049d073ffcd2928301736eb6d72e02c0ea9e4a884e103c73debd5de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 16:18:21 GMT
Expires: Thu, 09 Feb 2023 16:18:20 GMT
Etag: "b306da2759928ddd7895083be1196fae9f634197"
Cache-Control: max-age=604041,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 492
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8beca680b65-OSL

ocsp.usertrust.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
51ab5a8626b70c7594e57366f659f93d
b306da2759928ddd7895083be1196fae9f634197
2eb603282049d073ffcd2928301736eb6d72e02c0ea9e4a884e103c73debd5de

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 16:18:21 GMT
Expires: Thu, 09 Feb 2023 16:18:20 GMT
Etag: "b306da2759928ddd7895083be1196fae9f634197"
Cache-Control: max-age=604041,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 492
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793cd8beea830b65-OSL

dmg.digitaltarget.ru/1/6573/i/i?a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342

185.15.175.131

307 Temporary Redirect

0 B

URL HTTP/1.1
dmg.digitaltarget.ru/1/6573/i/i?a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342
IP
185.15.175.131:0
ASN
#43226 SafeData LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/6573/i/i?a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675444925270&a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342
Set-Cookie: viuserid=qLxRPX9bUhYaS1b7zzvM; Max-Age=93312000; Expires=Sun, 18 Jan 2026 17:22:05 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 1
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only

fcgi4.gnezdo.ru/cookie_matching/kadam_resell/WDmnTxuPAgg5YH9TrAgp

93.95.102.105

302 Found

0 B

URL HTTP/2
fcgi4.gnezdo.ru/cookie_matching/kadam_resell/WDmnTxuPAgg5YH9TrAgp
IP
93.95.102.105:0
ASN
#48347 JSC Mediasoft ekspert

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie_matching/kadam_resell/WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Fri, 03 Feb 2023 17:22:05 GMT
location: https://fcgi4.gnezdo.ru/cookie_matching/kadam_resell/WDmnTxuPAgg5YH9TrAgp/?redirect=1
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With
access-control-allow-credentials: true
set-cookie: uid=XV9maWPdQr3Ah4N0vtl6Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2

fcgi4.gnezdo.ru/cookie_matching/kadam/WDmnTxuPAgg5YH9TrAgp

93.95.102.105

302 Found

0 B

URL HTTP/2
fcgi4.gnezdo.ru/cookie_matching/kadam/WDmnTxuPAgg5YH9TrAgp
IP
93.95.102.105:0
ASN
#48347 JSC Mediasoft ekspert

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie_matching/kadam/WDmnTxuPAgg5YH9TrAgp HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Fri, 03 Feb 2023 17:22:05 GMT
location: https://fcgi4.gnezdo.ru/cookie_matching/kadam/WDmnTxuPAgg5YH9TrAgp/?redirect=1
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With
access-control-allow-credentials: true
set-cookie: uid=XV9maWPdQr3Ah4N0vtl0Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2

kadam-sync.rutarget.ru/sync

87.242.93.112

302 Moved Temporarily

0 B

URL HTTP/1.1
kadam-sync.rutarget.ru/sync
IP
87.242.93.112:0
ASN
#25532 LLC masterhost

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sync HTTP/1.1
Host: kadam-sync.rutarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Length: 0
Connection: close
Location: https://d.uuidksinc.net/match/386/?remote_uid=1rNojemNDveo
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=1rNojemNDveo; Path=/; Domain=.rutarget.ru; Expires=Wed, 02 Aug 2023 17:22:05 GMT; SameSite=None; Secure

solta-sync.rutarget.ru/sync

178.170.196.247

302 Moved Temporarily

0 B

URL HTTP/1.1
solta-sync.rutarget.ru/sync
IP
178.170.196.247:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sync HTTP/1.1
Host: solta-sync.rutarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Length: 0
Connection: close
Location: https://kimberlite.io/rtb/sync/segmento?u=00whj6TE-Rwi
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=00whj6TE-Rwi; Path=/; Domain=.rutarget.ru; Expires=Wed, 02 Aug 2023 17:22:05 GMT; SameSite=None; Secure

d.uuidksinc.net/match/386/?remote_uid=1rNojemNDveo

31.220.27.134

200 OK

74 B

URL HTTP/2
d.uuidksinc.net/match/386/?remote_uid=1rNojemNDveo
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
74 B (74 bytes)
Hash
9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

HTTP Headers

GET /match/386/?remote_uid=1rNojemNDveo HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=WDmnTxuPAgg5YH9TrAgp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:05 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2

dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675444925270&a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342

185.15.175.131

200 OK

64 B

URL HTTP/1.1
dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675444925270&a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342
IP
185.15.175.131:0
ASN
#43226 SafeData LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8

HTTP Headers

GET /awg/custom/6573/i/i?call_source=awg&ts=1675444925270&a=662&e=WDmnTxuPAgg5YH9TrAgp&i=0.6238063325045342 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 1
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only

kimberlite.io/rtb/sync/segmento?u=00whj6TE-Rwi

80.78.249.201

307 Temporary Redirect

0 B

URL HTTP/1.1
kimberlite.io/rtb/sync/segmento?u=00whj6TE-Rwi
IP
80.78.249.201:0
ASN
#197695 Domain names registrar REG.RU, Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rtb/sync/segmento?u=00whj6TE-Rwi HTTP/1.1
Host: kimberlite.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: f=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F499%2F%3Fremote_uid%3DY91CvHbrWfw; n=1; u=Y91CvHbrWfw~XmccifqhpYeifowO_beeiY4p52g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Fri, 03 Feb 2023 17:22:05 GMT
Content-Length: 0
Connection: keep-alive
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-origin: *
location: https://d.uuidksinc.net/match/499/?remote_uid=Y91CvHbrWfw
referrer-policy: no-referrer
server-timing: app;srv=2;dur=0.0002

d.uuidksinc.net/match/499/?remote_uid=Y91CvHbrWfw

31.220.27.134

400 Bad Request

0 B

URL HTTP/2
d.uuidksinc.net/match/499/?remote_uid=Y91CvHbrWfw
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match/499/?remote_uid=Y91CvHbrWfw HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: jcsuuid=WDmnTxuPAgg5YH9TrAgp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 400 Bad Request
server: nginx/1.19.0
date: Fri, 03 Feb 2023 17:22:05 GMT
content-length: 0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16288
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 17:22:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16288
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 17:22:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16288
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 17:22:05 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5641 bytes)
Hash
d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 69856
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10166 bytes)
Hash
2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 69731
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6791 bytes)
Hash
e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 68882
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 70444
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14071 bytes)
Hash
9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 70444
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10796 bytes)
Hash
3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML