Report - bstnwswrldg.com/bot/1606/fd4390b6639c81ba7259b6d9fd4cbb89/?click_id=wcoh285ukepa694pipn4upfs&sub1=&fullscreen=1

Report Overview

Submitted URL
bstnwswrldg.com/bot/1606/fd4390b6639c81ba7259b6d9fd4cbb89/?click_id=wcoh285ukepa694pipn4upfs&sub1=&fullscreen=1
IP
192.133.142.177
ASN
#15317 SERVEREL-AS
Submitted
2023-06-01 01:11:05
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
news-dudafa.com	unknown	2023-04-19	2023-04-21	2023-05-31	1.1 kB	44 kB	193.108.118.59
dpj4c.gtuvyu.com	unknown	unknown	No data	No data	636 B	72 kB	185.56.234.205
tzegilo.com	unknown	2022-01-14	2022-01-14	2023-06-01	398 B	7.7 kB	104.21.0.191
retryngs.com	unknown	2022-11-17	2022-11-17	2023-05-30	547 B	28 kB	139.45.197.249
system-notify.app	137941	2020-06-03	2020-11-12	2023-05-31	871 B	16 kB	157.90.33.68
p.rapolok.com	unknown	2022-04-14	2022-04-14	2023-05-31	592 B	245 B	54.236.145.30
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-31	866 B	146 kB	142.250.74.168
rewardarium.com	unknown	2023-04-05	2023-04-06	2023-05-31	2.4 kB	44 kB	188.114.97.1
datatechonert.com	46154	2021-12-24	2021-12-24	2023-06-01	534 B	483 B	139.45.195.253
azkcqs.com	22208	2021-08-04	2021-08-04	2023-05-31	1.1 kB	368 B	185.162.85.14
cdntechone.com	64371	2021-12-24	2021-12-24	2023-05-31	401 B	8.5 kB	172.67.149.153
psaudous.com	unknown	2021-04-01	2021-04-30	2023-05-31	1.3 kB	14 kB	139.45.197.239
cdn-adef.akamaized.net	125719	2014-03-18	2018-02-06	2023-06-01	3.3 kB	1.3 MB	23.36.76.96
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-05-31	427 B	746 B	139.45.195.8
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2023-05-31	1.0 kB	1.0 kB	139.45.197.250
www.mysexymatches.com	unknown	2022-02-14	2022-04-23	2023-05-31	1.7 kB	29 kB	52.17.88.125
niwooghu.com	unknown	2022-04-01	2022-04-01	2023-05-31	6.4 kB	37 kB	139.45.197.237
stootsou.net	145219	2021-04-03	2021-04-05	2023-05-31	3.0 kB	52 kB	139.45.197.250
smrtlnktp.com	unknown	2022-07-14	2022-07-14	2023-05-31	516 B	4.4 kB	173.214.244.181
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2023-05-31	338 B	806 B	104.18.15.101
gpshtb.com	unknown	2022-11-21	2022-11-21	2023-05-31	520 B	200 B	173.214.244.181
i.th61.com	unknown	2013-11-07	2023-04-06	2023-05-31	457 B	1.1 kB	104.21.65.151
offerimage.com	304078	2019-06-10	2019-06-10	2023-05-31	1.4 kB	30 kB	172.67.22.216
s.exv6.com	unknown	2021-07-21	2022-03-16	2023-05-31	476 B	433 B	95.211.229.245
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-31	1.7 kB	3.5 kB	142.250.74.131
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-31	330 B	963 B	104.18.15.101
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-31	866 B	20 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 01:10:48	medium	173.214.244.181	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2023-06-01 01:10:52	medium	173.214.244.181	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-31	medium	news-dudafa.com
2023-05-31	medium	news-dudafa.com
2023-05-31	medium	amunfezanttor.com
2023-05-31	medium	amunfezanttor.com
2023-06-01	medium	smrtlnktp.com

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}	16 kB	2023-05-31	2023-06-14
Pretty URL rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-31 18:02:07 Last Seen2023-06-14 02:13:50 Times Seen29 Hash bcb0fd5d4a78b8eb2e9f0861f8ab43c7 70b4271903244e5d2928eecefdcfbb7b7f853547 cf3abfdcc23daf604eab7ed4b127311c54482c76e888a5850f0b433ddbf0c3d2 Loading...

	cdn-adef.akamaized.net/landings/277423/1669996037/js/secondofferv2.js?1669996037	1.2 kB	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277423/1669996037/js/secondofferv2.js?1669996037 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-21 23:30:57 Times Seen3751 Hash 9bbe216b8e526fd98d219f2b91ccaa57 3f5d1be91ba58b6501c022155fe6778ce82b1663 1c83d2863f746a234e46c5578826ceeb8cbe126bc4c274ca679295441c44b948 Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-app.js	25 kB	2023-03-07	2024-05-09
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-app.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-05-09 01:59:44 Times Seen11030 Hash 9164d0e8a317eceb870cca88c9683127 4617c910005f7100b4ff26a458a8b4463e33cdc6 15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931 Loading...

	cdn-adef.akamaized.net/landings/277423/1669996037/js/backoffer.js?1669996037	430 B	2023-03-07	2024-05-08
Pretty URL cdn-adef.akamaized.net/landings/277423/1669996037/js/backoffer.js?1669996037 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-08 23:12:51 Times Seen5858 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

	www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js	9.4 kB	2023-05-23	2023-07-25
Pretty URL www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 13:07:49 Last Seen2023-07-25 20:18:06 Times Seen1187 Hash 9a76092417bab7e2f25aac9bb01c6a91 07158fa1c2bd1f320b4401b1a535430afe66655a 788a5bacebaac190a447e071de8c171e7f8baa55be95df07621b24ea4fb667a2 Loading...

	rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}	844 B	2023-05-10	2024-05-06
Pretty URL rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-05-06 22:12:24 Times Seen185 Hash da83f3f67e1427b1b2912ec051d442ac 19b98e18b4d7551cb78786195b0ac3f13d44655f d8fefe93838b19fd7c382e7e94adfc981e4176ae5ea94ee2a0a90cfc3ac58d1a Loading...

	rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}	190 B	2023-05-10	2024-05-06
Pretty URL rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-05-06 22:12:24 Times Seen185 Hash da008c9bc760ff0122c71b55fc16c512 a07ba07634f6a8f6a937e90b34d8440876396832 30a4bff1b5332bdf1f3c643ba78d60626589944b9f94a6a444ddce76b37cc176 Loading...

	cdntechone.com/stattag.js	18 kB	2023-05-22	2023-09-07
Pretty URL cdntechone.com/stattag.js IP 172.67.149.153 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:28:01 Last Seen2023-09-07 08:45:40 Times Seen4488 Hash 0fdff67feab23cc69ecfb6800fc54cb7 eb84c650e6d27e290795207b1f37dd7b67f2aa06 456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378 Loading...

	rewardarium.com/sandbox%20eval%20code	123 B	2023-05-05	2024-05-09
Pretty URL rewardarium.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38:25 Last Seen2024-05-09 01:59:43 Times Seen7448 Hash 239166f4d1bda569909c9af241098419 ad3987a93224de5c735c7c380daf5bfaecf60ac8 255566913e81e0587539abba68839777480779575271b734e817e7093f4dceec Loading...

	rewardarium.com/c6aa8aeb-7072-4389-98a0-ff5a9d2c2f53	21 B	2023-05-02	2024-05-06
Pretty URL rewardarium.com/c6aa8aeb-7072-4389-98a0-ff5a9d2c2f53 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 01:31:34 Last Seen2024-05-06 22:12:24 Times Seen191 Hash b11a16e856ed427b41a1a9b57424ae10 02e2fbdc94b155e6fc7c35f85d2daa6d279dbabe 6aae7759a4341d69e02c86cefdf85f822416a27a9aeb5a758a70a8f8cdea5fba Loading...

	niwooghu.com/400/5904249?ymid=687942579767226394&var=zd_6003257&var3=539748	83 kB	2023-06-01	2023-06-01
Pretty URL niwooghu.com/400/5904249?ymid=687942579767226394&var=zd_6003257&var3=539748 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 03:11:13 Last Seen2023-06-01 03:11:13 Times Seen1 Hash 11f006572da128a23b563194e990dd5c f92adec4853ba6df24bf28d4d552d5734e6dead7 3028beacd84afc17cdaccd6501b95a5b3a54ef433feeb1a7eb973fbb56417dcc Loading...

	unknown	103 kB	2023-05-30	2023-06-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 15:15:49 Last Seen2023-06-02 10:49:34 Times Seen179 Hash 1b123fd41baea32c1eb585b61dfa974a 79e249b08f2d60b923a335f0bd061fd0e4156cf8 738289e65a303f6c32178e4a0783cd1bf807628e20e522e7d84e7e764ea49f67 Loading...

	cdn-adef.akamaized.net/landings/277423/1669996037/js/jquery.min.js?1669996037	86 kB	2023-03-07	2024-05-09
Pretty URL cdn-adef.akamaized.net/landings/277423/1669996037/js/jquery.min.js?1669996037 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-09 02:17:28 Times Seen389824 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ	153 kB	2023-06-01	2023-06-01
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 03:11:13 Last Seen2023-06-01 08:31:06 Times Seen4 Hash 7d596a035b70c8ddec687bfb4d552a5a 5d68b3f5eb56b177ab21e1c31c271f1e13a41d6d e3e4ba56e024d3e21de37396a7d060cf80273052c07248dfa0b9e0352a5ec1b0 Loading...

	unknown	1.8 kB	2023-03-07	2024-01-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-01-22 06:10:19 Times Seen1898 Hash f635f3356b851f81cd3544c628a404d7 1e5b2e303492351cb8e8de3c5569d69d005acce4 2d39b7df8163f76195f1f28e837d34a8de00f146db22be3ea3b91c925ea044fd Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js	36 kB	2023-03-07	2024-05-09
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-05-09 01:59:44 Times Seen11107 Hash 0cb7a0eb328ea70ab360f861314c8820 e3e20eb50dae36f4cbcef1890b1cc7878acb537a 4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9 Loading...

	rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}	390 B	2023-05-10	2024-05-06
Pretty URL rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-05-06 22:12:24 Times Seen185 Hash cbf570f04431e4be78453c93dfc41729 27c7be0bb145ff5f85be32107b1be536983e7356 43649afdd5bdc0df08cdea23986fa0a7b2c1e2da389ec9715fc38b72dc9d1dbf Loading...

	www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237	391 B	2023-04-05	2024-01-22
Pretty URL www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237 IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 09:54:56 Last Seen2024-01-22 06:10:19 Times Seen1908 Hash 5309ed40ce506ad3835aaf9cdb58936e 7f28dc0bbdc514c5facdf048c7675d982d99f8f1 a708a632a45c8428d88229a757ef59a135f2706e6dff043f11a45c4e4dbbd9b6 Loading...

	www.mysexymatches.com/js/pushjs/1.0.0/utils.js	7.1 kB	2023-03-07	2024-05-09
Pretty URL www.mysexymatches.com/js/pushjs/1.0.0/utils.js IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-09 01:59:43 Times Seen4810 Hash 711c7ecda710a342d24faef1dec76ede d1b38489603a2aecc2be5edb4fa4cd8d442fe727 41a5e34d6777a471d63211252ce51555815b728949dc81cec01414f4ffdb98eb Loading...

	rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}	329 B	2023-05-10	2024-05-06
Pretty URL rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-05-06 22:12:24 Times Seen184 Hash 4c9a9cb26ff0be1ae596d884a738ea0a 8c86213c17adb91b4d8b290c5fbf9877e3902ad8 f2a31793286d483a8c1d7d18125cce9604554ecc6f4961fb776749f79f251c81 Loading...

	moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js	2.3 kB	2023-05-05	2024-05-09
Pretty URL moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38:25 Last Seen2024-05-09 01:59:43 Times Seen9740 Hash 32d439c9ec8c789e843ae58b6774681c deb2c661dacf46eb3a1eacbba3e430dcf10cc395 f65e83801e16f98e150ae8843afb4c98c0b3ac0fa7fbe5a5ec687b08119732d6 Loading...

	stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687942579767226394&var=zd_6003257&var3=539748	15 kB	2023-05-30	2023-06-02
Pretty URL stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687942579767226394&var=zd_6003257&var3=539748 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 15:15:49 Last Seen2023-06-02 10:49:34 Times Seen154 Hash dd1bd926c9d267f953b3631fa55c8597 1a37cc25c5dbeb4edd216419587df4c3f270adf0 6e021b2b21122242fa40175b8df6316a9386aa36454efd2c234e891258003d27 Loading...

	tzegilo.com/stattag.js	18 kB	2023-05-22	2023-09-06
Pretty URL tzegilo.com/stattag.js IP 104.21.0.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:37:35 Last Seen2023-09-06 23:37:01 Times Seen3156 Hash dd2f9f2bb1e1c74b905556d0a7bc5545 0c831c8c56da8167b9e2dfd1d3eb3288348da85d 63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663 Loading...

	cdn-adef.akamaized.net/landings/277423/1669996037/js/main.js?1669996037	164 kB	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277423/1669996037/js/main.js?1669996037 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-21 23:30:57 Times Seen3930 Hash a0f4da40bd81c65d824afc106743d47f 55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10 Loading...

	cdn-adef.akamaized.net/landings/277423/1669996037/js/MB_push_NEW.js?1669996037	671 B	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277423/1669996037/js/MB_push_NEW.js?1669996037 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-04-21 23:30:57 Times Seen3708 Hash 533a9cb9c41907529c3d603edb25d5d9 222bee472465971cf71bfa210d04136eb765ccc0 45d257677164ebc2c1fd4ff44b4ee5a1ce9c87682f165836a3e38113d1e09eaf Loading...

	www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237	0 B	2023-03-07	2024-05-09
Pretty URL www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237 IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-09 02:25:51 Times Seen37455536 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ	263 kB	2023-06-01	2023-06-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 03:11:13 Last Seen2023-06-01 04:45:27 Times Seen4 Hash 9837f3b8d2d7760deb9bb7c480cf6f8f 7fb161a398b0128c429ab126653dcc20b2b97873 a7982febac92b050e2fb8703e8da16c1418f55e29833df657c89f1e5707be4ed Loading...

HTTP Transactions (61)

URL IP Response Size

gpshtb.com/go/707?source=1606

173.214.244.181

0 B

URL
gpshtb.com/go/707?source=1606
IP
173.214.244.181:0
ASN
#15317 SERVEREL-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go/707?source=1606 HTTP/1.1
Host: gpshtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bstnwswrldg.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 01 Jun 2023 01:10:49 GMT
content-type: text/html; charset=UTF-8
location: https://new-psh.com/?pl=epbJxbtxQEuIs1LQXyqFHg&sub_id=1606
X-Firefox-Spdy: h2

zerossl.ocsp.sectigo.com/

104.18.15.101

314 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
314 B (314 bytes)
Hash
6a3868ccf24274784492e370774fa7e4
d5d372f58c0671abf2532df80a264fc73088782e
bd6e92aafff8fb7dd38e2380df2e86f0fa9d0cdc88ad9602d028bb2be3c29edd

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 01:10:49 GMT
Content-Type: application/ocsp-response
Content-Length: 314
Connection: keep-alive
Last-Modified: Sun, 28 May 2023 19:08:45 GMT
Expires: Sun, 04 Jun 2023 19:08:44 GMT
Etag: "d5d372f58c0671abf2532df80a264fc73088782e"
Cache-Control: max-age=324240,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d03943f6a50067b-OSL

news-dudafa.com/revopush.js?v=4

193.108.118.59

10 kB

URL
news-dudafa.com/revopush.js?v=4
IP
193.108.118.59:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text, with very long lines (9954), with no line terminators
Size
10 kB (9954 bytes)
Hash
fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /revopush.js?v=4 HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news-dudafa.com/lands/43/?site=8055502&sub1=tk_main&sub2=&sub3=&sub4=
Cookie: clickdata=ODA1NTUwMnw6fDQzfDp8dGtfbWFpbnw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:49 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:10 GMT
etag: "639ae95e-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.1882623110248034&sbid=ph_new_ms&sbid2=

185.162.85.14

0 B

URL
azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.1882623110248034&sbid=ph_new_ms&sbid2=
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=17&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.1882623110248034&sbid=ph_new_ms&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dpj4c.gtuvyu.com
DNT: 1
Connection: keep-alive
Referer: https://dpj4c.gtuvyu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 01 Jun 2023 01:10:51 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.4032218182115327&sbid=ph_new_ms&sbid2=

185.162.85.14

0 B

URL
azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.4032218182115327&sbid=ph_new_ms&sbid2=
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=7&src=2&p=1028487&st=1169113&wd=397114&d=gtuvyu.com&tpl=57&rnd=0.4032218182115327&sbid=ph_new_ms&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dpj4c.gtuvyu.com
DNT: 1
Connection: keep-alive
Referer: https://dpj4c.gtuvyu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 01 Jun 2023 01:10:51 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

dpj4c.gtuvyu.com/bot-captcha-2?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcxMTQsInNyYyI6Mn0=eyJ&si1=ph_new_ms&i=1

185.56.234.205

72 kB

URL
dpj4c.gtuvyu.com/bot-captcha-2?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcxMTQsInNyYyI6Mn0=eyJ&si1=ph_new_ms&i=1
IP
185.56.234.205:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71585 bytes)
Hash
0fe3aabe765b768052712f9114e0801d
e4ee25e9c7b768bde365c8b8ce8471ed8b477be7
116cf332226283996ea97737f5e905d2f389737dafcdb5a807c3d759fa20603b

HTTP Headers

GET /bot-captcha-2?h=waWQiOjEwMjg0ODcsInNpZCI6MTE2OTExMywid2lkIjozOTcxMTQsInNyYyI6Mn0=eyJ&si1=ph_new_ms&i=1 HTTP/1.1
Host: dpj4c.gtuvyu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gtuvyu.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Thu, 01 Jun 2023 01:10:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2

system-notify.app/f/sdk.js?z=785535

157.90.33.68

14 kB

URL
system-notify.app/f/sdk.js?z=785535
IP
157.90.33.68:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (52267), with no line terminators
Size
14 kB (14468 bytes)
Hash
194f05ac33b5593f51fcf460a54ca3ea
c1cf2f102d162226edbc9e37800577d3ec3a4f50
9d7c94e79b7675579e8768948a612a6ae44f5fadf86849fe1b75fbed17ae4446

HTTP Headers

GET /f/sdk.js?z=785535 HTTP/1.1
Host: system-notify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thbstvd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 14468
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

system-notify.app/event?z=785535

157.90.33.68

0 B

URL
system-notify.app/event?z=785535
IP
157.90.33.68:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /event?z=785535 HTTP/1.1
Host: system-notify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 82
Origin: https://thbstvd.com
DNT: 1
Connection: keep-alive
Referer: https://thbstvd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:54 GMT
content-length: 0
access-control-allow-origin: https://thbstvd.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2

p.rapolok.com/ad/ad?p=215473&w=539748&t=cf894b42e2077dfa&r=&vw=1280&vh=0

54.236.145.30

303 See Other

0 B

URL User Request GET HTTP/2
p.rapolok.com/ad/ad?p=215473&w=539748&t=cf894b42e2077dfa&r=&vw=1280&vh=0
IP
54.236.145.30:443
ASN
#14618 AMAZON-AES

Certificate
IssuerLet's Encrypt
Subjectp.rapolok.com
Fingerprint60:05:20:EF:10:3D:67:F9:57:3E:99:63:C0:69:41:E2:BC:85:A6:38
ValidityWed, 10 May 2023 11:07:18 GMT - Tue, 08 Aug 2023 11:07:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ad/ad?p=215473&w=539748&t=cf894b42e2077dfa&r=&vw=1280&vh=0 HTTP/1.1
Host: p.rapolok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://p.rapolok.com/go/215473/539748
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 303 See Other
server: nginx
date: Thu, 01 Jun 2023 01:10:55 GMT
content-length: 0
location: https://retryngs.com/link?z=6003257&var=539748&ymid=125036389790
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

news-dudafa.com/lands/43/?site=8055502&sub1=tk_main&sub2=&sub3=&sub4=

193.108.118.59

34 kB

URL
news-dudafa.com/lands/43/?site=8055502&sub1=tk_main&sub2=&sub3=&sub4=
IP
193.108.118.59:0
ASN
#61003 GlobalTeleHost Corp.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32723)
Size
34 kB (33597 bytes)
Hash
49275dd1813a0a4da0816a20e8dc783d
22b27987a8cc38c255b29aba053e10aed49afe13
28ff889e58562b9419c822748da9fe87aa9f0c835a794def0a0be46cb4580fad

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lands/43/?site=8055502&sub1=tk_main&sub2=&sub3=&sub4= HTTP/1.1
Host: news-dudafa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bstnwswrldg.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:49 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA1NTUwMnw6fDQzfDp8dGtfbWFpbnw6fHw6fHw6fA%3D%3D; expires=Thu, 01-Jun-2023 02:10:49 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b53f2fcda25e30bbbf202b507fac96c
1d1cfb1765f42aba83c3b3e89417b228ed9f0b22
6971f9675ef64b91754cc952302f0a4e9d93b0435625536165dde4c7fe71b235

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:10:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdntechone.com/stattag.js

172.67.149.153

200 OK

7.7 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
172.67.149.153:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17871)
Size
7.7 kB (7718 bytes)
Hash
0fdff67feab23cc69ecfb6800fc54cb7
eb84c650e6d27e290795207b1f37dd7b67f2aa06
456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:53 GMT
etag: W/"646736c9-4859"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4129
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQXQv6tCidNP5RVmAJZ7jc9h6OA1PBoaFGUyUtwF2STD7ponwAROKtx4TskgfkYT6GutDpCf42kNkp%2BhU6MiOJIXGETpYQBv7ntHfQQhmK5kQ0KOCCQl2J6m9ghATYO37g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d039469f859fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ

142.250.74.168

200 OK

89 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (6408)
Size
89 kB (88566 bytes)
Hash
9837f3b8d2d7760deb9bb7c480cf6f8f
7fb161a398b0128c429ab126653dcc20b2b97873
a7982febac92b050e2fb8703e8da16c1418f55e29833df657c89f1e5707be4ed

HTTP Headers

GET /gtag/js?id=G-F0JFDXF7TQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 01:10:56 GMT
expires: Thu, 01 Jun 2023 01:10:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88566
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5b53f2fcda25e30bbbf202b507fac96c
1d1cfb1765f42aba83c3b3e89417b228ed9f0b22
6971f9675ef64b91754cc952302f0a4e9d93b0435625536165dde4c7fe71b235

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:10:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

niwooghu.com/400/5904249?ymid=687942579767226394&var=zd_6003257&var3=539748

139.45.197.237

200 OK

32 kB

URL GET HTTP/2
niwooghu.com/400/5904249?ymid=687942579767226394&var=zd_6003257&var3=539748
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
32 kB (31995 bytes)
Hash
c38114d8190bfe44e7ee5e51e1a384ef
c7c6ed843b46efac62f3e153d4197bc20cf85654
d01187613b2e3e9adde6bfeec3debf08b2836e65da9fc9ebf3d45cde788fedb0

HTTP Headers

GET /400/5904249?ymid=687942579767226394&var=zd_6003257&var3=539748 HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
x-trace-id: 2298102e5460a89ac8b1bc67608485d9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4c030a7c9eec41ebb5db3631a98b203f; expires=Fri, 31 May 2024 01:10:56 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

rewardarium.com/favicon.ico

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
rewardarium.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2309)
Size
11 kB (10885 bytes)
Hash
f6750ddaf1a2233b2348f1b475a09221
154b33cc755e0990f095a01ef04afb09c8a7b832
34e86493f21dbca249a99943f636b471da2333b566630b2ad321a4d05cd51d8a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEgtFMzmOloXx%2FvP7bUlP%2B%2F24i%2B1dQD%2FiWFFjemng4q%2B96QlXLzEUh88mj4HGYUoyzureRuhy99wlmwj16ANzZ28pmjJXICupYby%2F1SBPgFvLJQaP9R54F%2BSI0cmJLvS8Z4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1567
server: cloudflare
cf-ray: 7d03946b2e1fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i.th61.com/watch?zone=5904237&var=zd_6003257&ymid=687942579767226394&s=3

104.21.65.151

200 OK

477 B

URL POST HTTP/2
i.th61.com/watch?zone=5904237&var=zd_6003257&ymid=687942579767226394&s=3
IP
104.21.65.151:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint80:B8:25:47:ED:82:D4:A7:46:25:E7:D0:EF:21:B6:EE:31:E1:D5:63
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
477 B (477 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /watch?zone=5904237&var=zd_6003257&ymid=687942579767226394&s=3 HTTP/1.1
Host: i.th61.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SprsPn1yTKPe2DCn0vFo6khwCBZ8ceQy0TL1LhlncZi7y%2BnLlrxf1aLMZaOouRcqg7QOzwiZSSniNJATp%2FoSW7cAEn0FwrnVTOl%2FNqIUt%2FNjiit6G8wFV2S8nv0f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d03946a2ff2b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

rewardarium.com/sw.js

188.114.97.1

200 OK

2.5 kB

URL GET HTTP/3
rewardarium.com/sw.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type
ASCII text, with very long lines (5235)
Size
2.5 kB (2502 bytes)
Hash
809c8f2863e519babd2dc405af277aa0
7a0f43bd8f81ef944627a6d83ced615d0eda962f
ecbb19ecba66133221ec0f3d6db1932b0507cc76f224b175768134f393e2033d

HTTP Headers

GET /sw.js HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
DNT: 1
Connection: keep-alive
Cookie: _ga_F0JFDXF7TQ=GS1.1.1685581856.1.0.1685581856.0.0.0; _ga=GA1.1.122212287.1685581856
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ca2bad6cb20023661b53ea682a457ede"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siXrp5lmyxMZWi%2BsHvosFprxbQJMRVgKcM2XFSGU1Odi0hIoO8jnaQkKMbZBVFe%2F2SKLahHdWGvqbq45bxmTtCzfYffpLrreChsarwd7k%2BB1YhcDGddabpetOW%2B6kS8Y%2Bq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5438
server: cloudflare
cf-ray: 7d03946d6efeb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

datatechonert.com/log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1413
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 01 Jun 2023 01:10:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://rewardarium.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

tzegilo.com/stattag.js

104.21.0.191

200 OK

6.9 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.0.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerGoogle Trust Services LLC
Subject*.tzegilo.com
FingerprintDF:12:8C:B5:F2:22:D6:BE:72:F3:C6:9A:FA:DD:9E:1F:4E:58:63:1E
ValidityTue, 11 Apr 2023 10:11:54 GMT - Mon, 10 Jul 2023 10:11:53 GMT

File type
ASCII text, with very long lines (17479), with no line terminators
Size
6.9 kB (6895 bytes)
Hash
dd2f9f2bb1e1c74b905556d0a7bc5545
0c831c8c56da8167b9e2dfd1d3eb3288348da85d
63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:59 GMT
etag: W/"646736cf-4447"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3545
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWAkmgfXz%2BHg94pp6mxEEKF9eiOEdt7ocUs9wZccIJoz77xEMBfIhSBCKWIsWm1Lb9kqvOuy89YEMJ5%2FuQt%2Fp0FKOoYw335VbZKmbfrkmw%2BbXLOqu6Wr7QdLi1LYsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d03946c79d1b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 556
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b512395dd011893069d4af24b78bb904
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

stootsou.net/pfe/current/universal.min.js?v=3.1.436

139.45.197.250

200 OK

34 kB

URL GET HTTP/2
stootsou.net/pfe/current/universal.min.js?v=3.1.436
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
34 kB (34226 bytes)
Hash
8d745db748fde938f23822fda02b0846
5b9cf892becb8aa1e2a6eed31184ff98e3b831b4
6076bf0b218bb612720807ff748e6fd14f4598b26a8d1ecdac304a8df10e3cc2

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.436 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 12:46:19 GMT
etag: W/"6475f01b-19367"
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

psaudous.com/4/5904237/?ymid=687942579767226394&var=zd_6003257&var3=539748

139.45.197.239

200 OK

12 kB

URL GET HTTP/2
psaudous.com/4/5904237/?ymid=687942579767226394&var=zd_6003257&var3=539748
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectpsaudous.com
Fingerprint74:1B:0B:1B:1B:A5:B9:16:B3:8D:1B:39:D1:7D:7D:00:8A:53:AB:D0
ValidityThu, 23 Mar 2023 05:13:48 GMT - Wed, 21 Jun 2023 05:13:47 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
12 kB (11485 bytes)
Hash
31b0d15a8cc5cafcecb115f364bfae72
45266b4b702a889d4810a11be4ba4e21be32fa62
03690312470da127659a2ed73ad558b9ecb321a111fe96fd9bddc16b63a6390a

HTTP Headers

GET /4/5904237/?ymid=687942579767226394&var=zd_6003257&var3=539748 HTTP/1.1
Host: psaudous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: text/html; charset=utf8
x-trace-id: 0263d083e5b5095b96224f1544f5a91b
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e7c94e161a7f4dd39ef1c8ffdd3377d2; expires=Fri, 31 May 2024 01:10:56 GMT; path=/; secure; SameSite=None
oaidts=1685581856; expires=Fri, 31 May 2024 01:10:56 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
f8d542d61f005d49742091d534246138
a245ae2a29233f61426c60913757b6d7a33775af
f01df7f6cfd3f71089051761cc48f6dac7f7ae0b02544c8aa795a68844e181fc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 606
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 31070d06cede06ee77ccb0a0870070b9
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
45c44320445221beacf6cb407a7724b0
6123b952d3ee7cd14358b82305e95c73cba0d906
ce74ba8d47e2cf668b51f8394d3a99e83bf7056e819762e55287712b46a1299b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Jun 2023 01:10:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 May 2023 02:07:07 GMT
Expires: Mon, 05 Jun 2023 02:07:06 GMT
Etag: "6123b952d3ee7cd14358b82305e95c73cba0d906"
Cache-Control: max-age=349468,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d03946efad10b02-OSL

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 908
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9da0d1db67b05d2a6bc96518b4c774cd
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

psaudous.com/?z=5904237&syncedCookie=true&rhd=false

139.45.197.239

302 Found

0 B

URL POST HTTP/2
psaudous.com/?z=5904237&syncedCookie=true&rhd=false
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectpsaudous.com
Fingerprint74:1B:0B:1B:1B:A5:B9:16:B3:8D:1B:39:D1:7D:7D:00:8A:53:AB:D0
ValidityThu, 23 Mar 2023 05:13:48 GMT - Wed, 21 Jun 2023 05:13:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?z=5904237&syncedCookie=true&rhd=false HTTP/1.1
Host: psaudous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 538
Origin: https://psaudous.com
DNT: 1
Connection: keep-alive
Referer: https://psaudous.com/afu.php?zoneid=5904237&var=5904237&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false
Cookie: OAID=e7c94e161a7f4dd39ef1c8ffdd3377d2; oaidts=1685581856
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-length: 0
location: https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
x-trace-id: cb19937043d47cc341c477b88e589c1a
link: <https://www.mysexymatches.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://psaudous.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=e7c94e161a7f4dd39ef1c8ffdd3377d2; expires=Fri, 31 May 2024 01:10:57 GMT; path=/; secure; SameSite=None
oaidts=1685581856; expires=Fri, 31 May 2024 01:10:57 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 08 Jun 2023 01:10:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

niwooghu.com/500/5904249?excludes=&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL OPTIONS HTTP/2
niwooghu.com/500/5904249?excludes=&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5904249?excludes=&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237

52.17.88.125

200 OK

12 kB

URL GET HTTP/2
www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
gzip compressed data, from Unix\012- data
Size
12 kB (11720 bytes)
Hash
a1b3de96b8ab39fc98cecb9da281e2d6
b36da26e147d7c0cfc06b902c1471e5b921788fc
0fc3af1a52085a86b8d66e8e75732075913ed9b61d5c69ecdf407e8c00483c31

HTTP Headers

GET /c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237 HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=6477f02100022641; Path=/; Expires=Mon, 31 Jul 2023 01:10:57 GMT; Secure; SameSite=None
unique_id2=6477f02100022e5c; Path=/; Expires=Wed, 30 Aug 2023 01:10:57 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Thu, 01 Jun 2023 01:10:57 GMT; Secure; SameSite=None
6477f02100022e5c_sl=[277423]; Path=/; Expires=Thu, 15 Jun 2023 01:10:57 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

1.6 kB

URL OPTIONS HTTP/2
niwooghu.com/500/5904249?excludes=&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.6 kB (1561 bytes)
Hash
00c4479118f8c9eb7d4184da70928049
20d5097da5ef735866b85011826ac8b324ffa509
ef7d16b9a52ce6e51f932f8b790da908395d2a18437c099e838ae8f22bbc9eff

HTTP Headers

GET /500/5904249?excludes=&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Cookie: OAID=4c030a7c9eec41ebb5db3631a98b203f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: application/javascript
x-trace-id: 5bf9a335144311635cd92b2ccfaea570
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://rewardarium.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=f7531ae4ce4d4dfbad0f0284c1d11ee1; expires=Fri, 31 May 2024 01:10:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/277423/1669996037/css/stylesheet.css?1669996037

23.36.76.96

200 OK

1.3 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/css/stylesheet.css?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
1.3 kB (1266 bytes)
Hash
c4709de8c9c356021de98176f13270b3
9aa1ef140c7d3800f0bbc85a740acbdebe6f4ccf
bb7494d63176403e003a8af05c8017b4f56b18ac8b73bedaad87350f38168d32

HTTP Headers

GET /landings/277423/1669996037/css/stylesheet.css?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: IyESBznHP7Ein0nvpfWYoHLdKF/ERsmL3RJ/hMTJ90TlFJanGi/X0MkZPhsbXrD2m2l5iVtiMdI=
x-amz-request-id: 9HZPW3V4SPRRPM3J
Last-Modified: Fri, 02 Dec 2022 15:47:19 GMT
ETag: "c4709de8c9c356021de98176f13270b3"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 01 Jun 2023 01:10:57 GMT
Content-Length: 1266
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277423/1669996037/js/secondofferv2.js?1669996037

23.36.76.96

200 OK

454 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/js/secondofferv2.js?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
454 B (454 bytes)
Hash
9bbe216b8e526fd98d219f2b91ccaa57
3f5d1be91ba58b6501c022155fe6778ce82b1663
1c83d2863f746a234e46c5578826ceeb8cbe126bc4c274ca679295441c44b948

HTTP Headers

GET /landings/277423/1669996037/js/secondofferv2.js?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TBXznBQnjCkBzBBFj9JkzFMaDIYn8xvJBUm1XIV1OQobif1haYm4G918n4r7TuaZ4fb9w7KqUB8=
x-amz-request-id: VBQAT92HF3YSW2PR
Last-Modified: Fri, 02 Dec 2022 15:47:20 GMT
ETag: "9bbe216b8e526fd98d219f2b91ccaa57"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 01 Jun 2023 01:10:57 GMT
Content-Length: 454
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277423/1669996037/js/MB_push_NEW.js?1669996037

23.36.76.96

200 OK

671 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/js/MB_push_NEW.js?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
671 B (671 bytes)
Hash
533a9cb9c41907529c3d603edb25d5d9
222bee472465971cf71bfa210d04136eb765ccc0
45d257677164ebc2c1fd4ff44b4ee5a1ce9c87682f165836a3e38113d1e09eaf

HTTP Headers

GET /landings/277423/1669996037/js/MB_push_NEW.js?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TwtcLsNEPH0+dOTQxWCH0dp8vLuCBDIrT/t2FyN4HhkY5jqf77SoMEMiHK+TLdb/FDICBNRSev0=
x-amz-request-id: 9HZQ5999SNHCV322
Last-Modified: Fri, 02 Dec 2022 15:47:20 GMT
ETag: "533a9cb9c41907529c3d603edb25d5d9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 671
Date: Thu, 01 Jun 2023 01:10:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277423/1669996037/js/jquery.min.js?1669996037

23.36.76.96

200 OK

30 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/js/jquery.min.js?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /landings/277423/1669996037/js/jquery.min.js?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: JrgOilEZ3uRoKC6ngsupgtvA0XmkXUSz0XfNR3rzF0zCH3hHZ06hF/4c6ZKPwM6mVuOMVG+QbPk=
x-amz-request-id: 9HZTD5K3AZSVMWET
Last-Modified: Fri, 02 Dec 2022 15:47:19 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 01 Jun 2023 01:10:57 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277423/1669996037/js/main.js?1669996037

23.36.76.96

200 OK

40 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/js/main.js?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (568), with CRLF line terminators
Size
40 kB (40511 bytes)
Hash
a0f4da40bd81c65d824afc106743d47f
55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f
e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10

HTTP Headers

GET /landings/277423/1669996037/js/main.js?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: g+E+f+ZbK/fcOZUXAojseAsPNRn67mWzaCqIfISD2cC6tTHSKxejVPkwtmuzMSGis2iwjqPrvFI=
x-amz-request-id: 9HZQGJ3RYAASCRS4
Last-Modified: Fri, 02 Dec 2022 15:47:19 GMT
ETag: "a0f4da40bd81c65d824afc106743d47f"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 01 Jun 2023 01:10:57 GMT
Content-Length: 40511
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

niwooghu.com/impression/dh7YFbWZa0IWinWC7OW2ktIUSHn317U8AHDtwVN1LmsmfYiOez3a06nOz7qTFgs6h8rvZ_8athsYcHptoXiN4u-6adPkRjjJEeV2b-aLunQySbHCyYOg-dM5wnXcF3xrz7Y9RM5pVLdyAyjDiLJl3Uo9kbAU_O2y8m0uW4KyzD--Sa_mxaqk76LFkTLMkzlDtCA4lEZ0v7XGRmgQ-L5cP4BG1XIw7SAFrACnVYzOm4F8u2pZ1DKLWlMAWyPzoj2-aP95jO4P4Lr0SYVeljYlotZdyt0XhRdIia68vXndqsFymWeoKirvKbOYwHVQApALTuipeObLv8VcPiXvjBRNo90HFwUv_OSWEonXSdO1LOte46Hzt6ZrzX5ZSIcvyoykS0p9tAhkYcOqIzoZXLhHeAQaCqb1VouJG_sJ-gKW6Lb5wjf1Z-Ywg0n--XP8q9w9x8rKuGngUF1AhI3D_e_v-6g2iYsY5Nlqt_9MQ96iHMXncbnoxKKqHaM_eywrFglm4hdLha6BkhNwVd1bOH-T5IACa1HH-g-fOKInLn-IEboZzOD8dvKhUVQsm447YBOZOrwdA0JE0uvrMXfOUQSj3iHEwJytm88yZFFRHCgj5s5wEesdiDfdYlksMtvR-Js-?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL GET HTTP/2
niwooghu.com/impression/dh7YFbWZa0IWinWC7OW2ktIUSHn317U8AHDtwVN1LmsmfYiOez3a06nOz7qTFgs6h8rvZ_8athsYcHptoXiN4u-6adPkRjjJEeV2b-aLunQySbHCyYOg-dM5wnXcF3xrz7Y9RM5pVLdyAyjDiLJl3Uo9kbAU_O2y8m0uW4KyzD--Sa_mxaqk76LFkTLMkzlDtCA4lEZ0v7XGRmgQ-L5cP4BG1XIw7SAFrACnVYzOm4F8u2pZ1DKLWlMAWyPzoj2-aP95jO4P4Lr0SYVeljYlotZdyt0XhRdIia68vXndqsFymWeoKirvKbOYwHVQApALTuipeObLv8VcPiXvjBRNo90HFwUv_OSWEonXSdO1LOte46Hzt6ZrzX5ZSIcvyoykS0p9tAhkYcOqIzoZXLhHeAQaCqb1VouJG_sJ-gKW6Lb5wjf1Z-Ywg0n--XP8q9w9x8rKuGngUF1AhI3D_e_v-6g2iYsY5Nlqt_9MQ96iHMXncbnoxKKqHaM_eywrFglm4hdLha6BkhNwVd1bOH-T5IACa1HH-g-fOKInLn-IEboZzOD8dvKhUVQsm447YBOZOrwdA0JE0uvrMXfOUQSj3iHEwJytm88yZFFRHCgj5s5wEesdiDfdYlksMtvR-Js-?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/dh7YFbWZa0IWinWC7OW2ktIUSHn317U8AHDtwVN1LmsmfYiOez3a06nOz7qTFgs6h8rvZ_8athsYcHptoXiN4u-6adPkRjjJEeV2b-aLunQySbHCyYOg-dM5wnXcF3xrz7Y9RM5pVLdyAyjDiLJl3Uo9kbAU_O2y8m0uW4KyzD--Sa_mxaqk76LFkTLMkzlDtCA4lEZ0v7XGRmgQ-L5cP4BG1XIw7SAFrACnVYzOm4F8u2pZ1DKLWlMAWyPzoj2-aP95jO4P4Lr0SYVeljYlotZdyt0XhRdIia68vXndqsFymWeoKirvKbOYwHVQApALTuipeObLv8VcPiXvjBRNo90HFwUv_OSWEonXSdO1LOte46Hzt6ZrzX5ZSIcvyoykS0p9tAhkYcOqIzoZXLhHeAQaCqb1VouJG_sJ-gKW6Lb5wjf1Z-Ywg0n--XP8q9w9x8rKuGngUF1AhI3D_e_v-6g2iYsY5Nlqt_9MQ96iHMXncbnoxKKqHaM_eywrFglm4hdLha6BkhNwVd1bOH-T5IACa1HH-g-fOKInLn-IEboZzOD8dvKhUVQsm447YBOZOrwdA0JE0uvrMXfOUQSj3iHEwJytm88yZFFRHCgj5s5wEesdiDfdYlksMtvR-Js-?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Cookie: OAID=f7531ae4ce4d4dfbad0f0284c1d11ee1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: image/gif
content-length: 43
x-trace-id: d3f134793e1b8ebdf54b80ab38ef0679
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/277423/1669996037/images/bg.gif

23.36.76.96

200 OK

1.2 MB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/images/bg.gif
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
GIF image data, version 89a, 298 x 517\012- data
Size
1.2 MB (1235704 bytes)
Hash
24834ba3652037ba5e9dd83bfe2c5c50
955eddd177b4135779733c22c6460e78f8b68a41
50584cbf4273096c0c420aedf9c04ddc0b6651eb26d75994df7665f4191c7705

HTTP Headers

GET /landings/277423/1669996037/images/bg.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-adef.akamaized.net/landings/277423/1669996037/css/stylesheet.css?1669996037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: tG/yOycB7uc1KVXLa4AHQUnMI3lStDs13OpaZ4ApoZNGSHQTSzQc8k22EhV76yoN2rF+j0Eo6Yk=
x-amz-request-id: VBQB08MQ2M49GF38
Last-Modified: Fri, 02 Dec 2022 15:47:19 GMT
ETag: "24834ba3652037ba5e9dd83bfe2c5c50"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 1235704
Date: Thu, 01 Jun 2023 01:10:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

niwooghu.com/500/5904249?excludes=17921596&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL GET HTTP/2
niwooghu.com/500/5904249?excludes=17921596&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5904249?excludes=17921596&oaid=f7531ae4ce4d4dfbad0f0284c1d11ee1&var=zd_6003257&ymid=687942579767226394&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ

142.250.74.168

200 OK

56 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (4691)
Size
56 kB (56019 bytes)
Hash
7d596a035b70c8ddec687bfb4d552a5a
5d68b3f5eb56b177ab21e1c31c271f1e13a41d6d
e3e4ba56e024d3e21de37396a7d060cf80273052c07248dfa0b9e0352a5ec1b0

HTTP Headers

GET /gtm.js?id=GTM-MLVPDTJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Jun 2023 01:10:57 GMT
expires: Thu, 01 Jun 2023 01:10:57 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Jun 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

offerimage.com/www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg

172.67.22.216

200 OK

9.4 kB

URL GET HTTP/2
offerimage.com/www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
9.4 kB (9380 bytes)
Hash
b5f73ce42127f4d8c5bfab96f57ecde2
686013156c0356f659f2f36284ecff5356a0e097
554f56616073200065c6c4690f8edfadf16c2e67450e625eaaa4386452afecfd

HTTP Headers

GET /www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:58 GMT
content-type: image/jpeg
content-length: 9380
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62807d8b-24a4"
expires: Thu, 01 Jun 2023 12:44:20 GMT
last-modified: Sun, 15 May 2022 04:11:55 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 44798
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d03947519e9b517-OSL
X-Firefox-Spdy: h2

s.exv6.com/tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=1005986068

95.211.229.245

200 OK

20 B

URL GET HTTP/1.1
s.exv6.com/tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=1005986068
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerLet's Encrypt
Subjectexv6.com
Fingerprint95:DF:82:34:08:E0:F8:A7:24:C5:64:DB:75:CB:C7:E5:8D:E1:4D:6E
ValidityTue, 09 May 2023 12:39:36 GMT - Mon, 07 Aug 2023 12:39:35 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=1005986068 HTTP/1.1
Host: s.exv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 01 Jun 2023 01:10:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A71748%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-05-31%22%3B%7D%7D; expires=Fri, 31 May 2024 01:10:58 GMT; path=/; domain=.exv6.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

offerimage.com/www/images/3f69e1877801cf3e6e161bb2114c915f.jpg

172.67.22.216

200 OK

10 kB

URL GET HTTP/2
offerimage.com/www/images/3f69e1877801cf3e6e161bb2114c915f.jpg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
10 kB (10224 bytes)
Hash
3f69e1877801cf3e6e161bb2114c915f
e5bd65573fc9d952cbd63fb097395eed8f3f7a3c
34312eeb95acf67ca8d3e63a8bbfb9e067f61550f19e606ab244dab69c78ef5f

HTTP Headers

GET /www/images/3f69e1877801cf3e6e161bb2114c915f.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:58 GMT
content-type: image/jpeg
content-length: 10224
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63fdb2cf-27f0"
expires: Thu, 01 Jun 2023 11:18:10 GMT
last-modified: Tue, 28 Feb 2023 07:52:47 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 49968
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0394756a08b517-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:10:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/5.0.2/firebase-app.js

142.250.74.35

200 OK

8.6 kB

URL GET HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
ASCII text, with very long lines (25088)
Size
8.6 kB (8604 bytes)
Hash
9164d0e8a317eceb870cca88c9683127
4617c910005f7100b4ff26a458a8b4463e33cdc6
15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931

HTTP Headers

GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 17:31:35 GMT
expires: Wed, 29 May 2024 17:31:35 GMT
cache-control: public, max-age=31536000
age: 113963
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:10:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js

142.250.74.35

200 OK

10 kB

URL GET HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
ASCII text, with very long lines (35547)
Size
10 kB (10017 bytes)
Hash
0cb7a0eb328ea70ab360f861314c8820
e3e20eb50dae36f4cbcef1890b1cc7878acb537a
4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9

HTTP Headers

GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 21:40:29 GMT
expires: Wed, 29 May 2024 21:40:29 GMT
cache-control: public, max-age=31536000
age: 99029
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fd0c5fcd552e140b1496b4697b18a3a4
264e38a9d130f40f54539a52cba317d16aea03ef
a7ed4a9f0a8b37cf7bcf3a12317f70c607fa56aac6a980a6fda121b2c30d5151

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Jun 2023 01:10:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

smrtlnktp.com/go/5?pid=1

173.214.244.181

4.2 kB

URL
smrtlnktp.com/go/5?pid=1
IP
173.214.244.181:0
ASN
#15317 SERVEREL-AS

File type
gzip compressed data, max speed, from Unix\012- data
Size
4.2 kB (4219 bytes)
Hash
9aff54fdb07ae6d89486092e3c0e0831
6a9e7004cb94f799041b68febc3a0f1d787480a1
515cab2a54fc72a3ab990691cb9d58942a7aaa321f60d2bdf7f0e76a215b2367

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /go/5?pid=1 HTTP/1.1
Host: smrtlnktp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dpj4c.gtuvyu.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 01 Jun 2023 01:09:56 GMT
content-type: text/html; charset=UTF-8
location: https://thbstvd.com/?source=tk_all
X-Firefox-Spdy: h2

offerimage.com/www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg

172.67.22.216

200 OK

9.4 kB

URL GET HTTP/2
offerimage.com/www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg
IP
172.67.22.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
9.4 kB (9380 bytes)
Hash
b5f73ce42127f4d8c5bfab96f57ecde2
686013156c0356f659f2f36284ecff5356a0e097
554f56616073200065c6c4690f8edfadf16c2e67450e625eaaa4386452afecfd

HTTP Headers

GET /www/images/b5f73ce42127f4d8c5bfab96f57ecde2.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:11:00 GMT
content-type: image/jpeg
content-length: 9380
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62807d8b-24a4"
expires: Thu, 01 Jun 2023 12:44:20 GMT
last-modified: Sun, 15 May 2022 04:11:55 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 44800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d039481dfeeb517-OSL
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/277423/1669996037/js/backoffer.js?1669996037

23.36.76.96

200 OK

430 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277423/1669996037/js/backoffer.js?1669996037
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

HTTP Headers

GET /landings/277423/1669996037/js/backoffer.js?1669996037 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: wQjQ4KLZfZPl4C4F+cDGnMVIpeWXFGoN5EU5RZivmlsy4B9dTxNAY7kNXlx9wjGfAnd6nZY5JPk=
x-amz-request-id: 9HZH1FTBM5DXQVE7
Last-Modified: Fri, 02 Dec 2022 15:47:19 GMT
ETag: "6d5aa83d23ce0b9f72d3b87d000d8fae"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 430
Date: Thu, 01 Jun 2023 01:10:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}

188.114.97.1

200 OK

27 kB

URL User Request GET HTTP/2
rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type

Size
27 kB (27372 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4} HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://p.rapolok.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PaR5jbROH%2Ff758%2B%2B4B%2F3nUY32Bnu%2BBn4uaWYFK5C4tPDhJ31G%2FTLxnT3FDWk6ZlFocn5forhAYmvRTyxnN7kVAgk4jgszX4mVHw2r510LSGXqNYTX%2BErdZx7beH%2FAiC6Eko%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d03946868adb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rewardarium.com/lightning.svg

188.114.97.1

200 OK

558 B

URL GET HTTP/3
rewardarium.com/lightning.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (603), with no line terminators
Size
558 B (558 bytes)
Hash
9c0ef0f4019464092e924742904d75ea
33ed4dae960a9bfc33b63882d39e47ec431ec46d
2b810d0b2fb0339bca96276a4646b209804b992d8dbffb6e0d62651e48d97e83

HTTP Headers

GET /lightning.svg HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"9cbec3ef22e57179a0901d90b7b6e2fd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpQpBOFvDdK%2BoTU1VOGw4MJcVcW0ADzCZvxq6lrZXi3NbUQshNi8Ws0G2vDf%2BzSYkZtmHSOJbpZLXlM2I%2BE7FLYkXA9q6a%2FwLIaKpiW7R2fhsJ%2B25gwQKXTzbxRad997NKJGXrmiqMxerEFWjZg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4119
server: cloudflare
cf-ray: 7d0394698d7eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js

52.17.88.125

200 OK

9.4 kB

URL GET HTTP/2
www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
C source text\012- troff or preprocessor input, ASCII text, with very long lines (9653), with no line terminators
Size
9.4 kB (9389 bytes)
Hash
84b622eb79d84a20b4fb5d3e2e122e2a
73eb77325e2b070e36f393eb4db66fa5af549ac6
514e603036c84a1e1afbc3b0eb748362dbd294f6af16bf88637d7b27f7a224dc

HTTP Headers

GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Cookie: unique_id=6477f02100022641; unique_id2=6477f02100022e5c; 6477f02100022e5c_sl=[277423]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: application/javascript
expires: Thu, 08 Jun 2023 01:10:57 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

retryngs.com/link?z=6003257&var=539748&ymid=125036389790

139.45.197.249

302 Found

27 kB

URL User Request GET HTTP/2
retryngs.com/link?z=6003257&var=539748&ymid=125036389790
IP
139.45.197.249:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectretryngs.com
Fingerprint1A:C8:0D:3F:5E:17:29:A3:F4:BB:4D:C3:33:82:DB:4E:13:0A:B7:40
ValidityWed, 26 Apr 2023 05:34:17 GMT - Tue, 25 Jul 2023 05:34:16 GMT

File type

Size
27 kB (27372 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /link?z=6003257&var=539748&ymid=125036389790 HTTP/1.1
Host: retryngs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://p.rapolok.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-length: 0
location: https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e55c4d6a50981f98f62fbb6a33d8bb89
link: <https://rewardarium.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=3cd65b8963144c18a0dc3ad141c45b40; expires=Fri, 31 May 2024 01:10:55 GMT
oaidts=1685581855; expires=Fri, 31 May 2024 01:10:55 GMT
OXCCLK=7013937.1; expires=Fri, 31 May 2024 01:10:56 GMT
allcnt=1; expires=Fri, 31 May 2024 01:10:56 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687942579767226394&var=zd_6003257&var3=539748

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687942579767226394&var=zd_6003257&var3=539748
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
C source, ASCII text, with very long lines (14679), with no line terminators
Size
15 kB (14679 bytes)
Hash
dd1bd926c9d267f953b3631fa55c8597
1a37cc25c5dbeb4edd216419587df4c3f270adf0
6e021b2b21122242fa40175b8df6316a9386aa36454efd2c234e891258003d27

HTTP Headers

GET /pfe/current/tag.min.js?z=5776812&ymid=687942579767226394&var=zd_6003257&var3=539748 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2023 12:46:19 GMT
etag: W/"6475f01b-3957"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

www.mysexymatches.com/js/pushjs/1.0.0/utils.js

52.17.88.125

200 OK

7.1 kB

URL GET HTTP/2
www.mysexymatches.com/js/pushjs/1.0.0/utils.js
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
C source, ASCII text, with very long lines (7334), with no line terminators
Size
7.1 kB (7071 bytes)
Hash
7df62062a027cd25d5a179c520f38668
0ddaa8cd9090908d987e0299cef74fbf7f118738
cdf93aff990bae251f609ef00d7d2bdbb56a35f003c7184ba067b5948629faa3

HTTP Headers

GET /js/pushjs/1.0.0/utils.js HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5904237
Cookie: unique_id=6477f02100022641; unique_id2=6477f02100022e5c; 6477f02100022e5c_sl=[277423]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:58 GMT
content-type: application/javascript
expires: Thu, 08 Jun 2023 01:10:58 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
9e9ef759d961e87cca2c4110ebd9a872
31a99b437c0b48dd6f915579c4a61b3ea7d75832
c6153278076560036227bbd908fa17a8dc9d44cf8eb2b3a486b9ccbd29c21c29

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f7531ae4ce4d4dfbad0f0284c1d11ee1; expires=Fri, 31 May 2024 01:10:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

stootsou.net/zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_6003257&ymid=687942579767226394&var_3=

139.45.197.250

200 OK

880 B

URL GET HTTP/2
stootsou.net/zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_6003257&ymid=687942579767226394&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
68a6d61d9ff42278711c88fd618e29d4
1f04e419443be2c8873674f409c2d4bea56f3b65
4c3d0bfc5902fe0f38cea1f82026458bad06ef57145999a5ddd6c0e23e33d5b9

HTTP Headers

GET /zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_6003257&ymid=687942579767226394&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:56 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 794b2474c996e4c841b51045be771b21
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

niwooghu.com/impression/cZp2yCxC379Z8g3iAO5QIBKQiDiw9i0QmTH_WoZZ3fgFKkmmHrRaIH82J5b996B3PtEoKzzGqVbqZSMNA-6uJL6YjUxp2nz3aHziCBg3tF_UTRjom0_cuGv73P6WAeYJ13axl7YlJ8EoBg0jPIYfTkInpm6JkQge-c_RB6J8KUSZ0TYuWan2aJlUMU9zugN4UFc3dJATa-wI4KmFosRuP1HrIMOa3NdeIlPqcXknX_OWs1CUKh-PgCklrvoCCQ8xkp-yGqPQG6v4gzjTTt1rVW5ciZSexUqLJD7QDbdaPFEPA5wwgEzTVw4L1W0fZHizeqbZ1zjE7sASqexHDSrwLnhmC_qP8bVaBexVktgn9V8-KoNkD6VWzlOSoIOi0GjgUYFf15vIDIyt56ddDYwxRHPq1x4HKp1MDiOvSxx6xzxDcnUwP02Pnbxqb30Xa19lQqcqLhuj2aOFf6PCeXUHVT_6z_UMfHiU9G4tb1OqQ8bIW3cgR1o8ayYvZxoJMFa0uaGuNcU-qBWaEc_jPlr9SSjiqG2nUtENyiMx92iDSZRdvferKbO86LQUr4WwJngrja3wwSD1vNjV7Za5V64-wKjRRxTCXs25pifb9E6HHTqd2UjA6T1x-ydRwWt4HjuD?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL GET HTTP/2
niwooghu.com/impression/cZp2yCxC379Z8g3iAO5QIBKQiDiw9i0QmTH_WoZZ3fgFKkmmHrRaIH82J5b996B3PtEoKzzGqVbqZSMNA-6uJL6YjUxp2nz3aHziCBg3tF_UTRjom0_cuGv73P6WAeYJ13axl7YlJ8EoBg0jPIYfTkInpm6JkQge-c_RB6J8KUSZ0TYuWan2aJlUMU9zugN4UFc3dJATa-wI4KmFosRuP1HrIMOa3NdeIlPqcXknX_OWs1CUKh-PgCklrvoCCQ8xkp-yGqPQG6v4gzjTTt1rVW5ciZSexUqLJD7QDbdaPFEPA5wwgEzTVw4L1W0fZHizeqbZ1zjE7sASqexHDSrwLnhmC_qP8bVaBexVktgn9V8-KoNkD6VWzlOSoIOi0GjgUYFf15vIDIyt56ddDYwxRHPq1x4HKp1MDiOvSxx6xzxDcnUwP02Pnbxqb30Xa19lQqcqLhuj2aOFf6PCeXUHVT_6z_UMfHiU9G4tb1OqQ8bIW3cgR1o8ayYvZxoJMFa0uaGuNcU-qBWaEc_jPlr9SSjiqG2nUtENyiMx92iDSZRdvferKbO86LQUr4WwJngrja3wwSD1vNjV7Za5V64-wKjRRxTCXs25pifb9E6HHTqd2UjA6T1x-ydRwWt4HjuD?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?z=5904237&p=5904254&ipp=5904249&pez=5982883&rv=5982989&var=zd_6003257&ar=1&ymid=687942579767226394&source=539748&ret={var_4}
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/cZp2yCxC379Z8g3iAO5QIBKQiDiw9i0QmTH_WoZZ3fgFKkmmHrRaIH82J5b996B3PtEoKzzGqVbqZSMNA-6uJL6YjUxp2nz3aHziCBg3tF_UTRjom0_cuGv73P6WAeYJ13axl7YlJ8EoBg0jPIYfTkInpm6JkQge-c_RB6J8KUSZ0TYuWan2aJlUMU9zugN4UFc3dJATa-wI4KmFosRuP1HrIMOa3NdeIlPqcXknX_OWs1CUKh-PgCklrvoCCQ8xkp-yGqPQG6v4gzjTTt1rVW5ciZSexUqLJD7QDbdaPFEPA5wwgEzTVw4L1W0fZHizeqbZ1zjE7sASqexHDSrwLnhmC_qP8bVaBexVktgn9V8-KoNkD6VWzlOSoIOi0GjgUYFf15vIDIyt56ddDYwxRHPq1x4HKp1MDiOvSxx6xzxDcnUwP02Pnbxqb30Xa19lQqcqLhuj2aOFf6PCeXUHVT_6z_UMfHiU9G4tb1OqQ8bIW3cgR1o8ayYvZxoJMFa0uaGuNcU-qBWaEc_jPlr9SSjiqG2nUtENyiMx92iDSZRdvferKbO86LQUr4WwJngrja3wwSD1vNjV7Za5V64-wKjRRxTCXs25pifb9E6HHTqd2UjA6T1x-ydRwWt4HjuD?_z=5904249&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fz%3D5904237%26p%3D5904254%26ipp%3D5904249%26pez%3D5982883%26rv%3D5982989%26var%3Dzd_6003257%26ar%3D1%26ymid%3D687942579767226394%26source%3D539748%26ret%3D%7Bvar_4%7D&drf=https%3A%2F%2Fp.rapolok.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Cookie: OAID=f7531ae4ce4d4dfbad0f0284c1d11ee1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 01 Jun 2023 01:10:59 GMT
content-type: image/gif
content-length: 43
x-trace-id: 89456d3424e57d676f452cf7f78531f7
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML