voir-animes.com/l
172.67.178.153301 Moved Permanently 162 B IP 172.67.178.153:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /l HTTP/1.1
Host: voir-animes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 11 Sep 2022 15:00:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://voir-animes.com/l
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C97RwOmu29XnEYOtLkvLu3EvQDDZDakVRels12LzsoAts07sfpFns71w%2BFKebqb7WZImwyflwQVsyWasy1dvaF4KY%2FU04R0stv5nbkS2bq%2FjYffnkEcyAsNw1g1JFmOTc6E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 749145e4f8000b45-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 14:07:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fjsZBeiNe2JlOkc-ZVJy3IjW7NLlNbqbyN1lf9IONr81XZXLQ_VbTQ==
Age: 3169
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4989
Expires: Sun, 11 Sep 2022 16:23:36 GMT
Date: Sun, 11 Sep 2022 15:00:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MhCfV2RkGivQ4wyZEXFwY0xzFoXnz74mMPmAEESmBI2rEh3efQkSyg==
age: 27795
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d5c5945e68b2deea5d609207380bc64b
4d2715fd8d557edbd388928957d94d7e90ee15fc
0c6608c872abbaca75b6f76dce878ff21cfd84cf8f2bfa6d15a2518a4d18148f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0C6608C872ABBACA75B6F76DCE878FF21CFD84CF8F2BFA6D15A2518A4D18148F"
Last-Modified: Fri, 09 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13228
Expires: Sun, 11 Sep 2022 18:40:55 GMT
Date: Sun, 11 Sep 2022 15:00:27 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 15:00:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d5c5945e68b2deea5d609207380bc64b
4d2715fd8d557edbd388928957d94d7e90ee15fc
0c6608c872abbaca75b6f76dce878ff21cfd84cf8f2bfa6d15a2518a4d18148f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0C6608C872ABBACA75B6F76DCE878FF21CFD84CF8F2BFA6D15A2518A4D18148F"
Last-Modified: Fri, 09 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13228
Expires: Sun, 11 Sep 2022 18:40:55 GMT
Date: Sun, 11 Sep 2022 15:00:27 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 14:56:07 GMT
Expires: Sun, 11 Sep 2022 15:17:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: c5WuqqdEdjnwRqwg1FvtqmSu_RYNIXO-Rp2yuiLxPBDBAXeq-CpVuA==
Age: 261
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 12 kB IP 142.250.74.3:0
Hash 2e72fff48b2d0f16f43faae0dff1462e
dd0d6bd482e41dcd88b2695114320f9761170db2
cca9ba2e19788ea8440790120b0fdf65528ead5a21a8fb7dff0ca8c43b70572f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 13 kB IP 142.250.74.3:0
Hash bbdf10db2c725b127e57d32cecda0bd1
6f914fc6d9e27d98b76c03916e3e73a21db5e592
2c2eea079fdc61fc4289df567d5218c059f157d0dbeaba6966f4ed9f03c2d2b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://voir-animes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:26:57 GMT
expires: Thu, 07 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 329611
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 12 kB IP 142.250.74.3:0
Hash 0da15b927d718142a505c3f6f278ee7e
9a77390285d14565a886e95c214765bc1e5d7a9b
a8509a6b06c4d2555001408f8694b8cef0e3eead5b0b7c1687a2bcf6a52b3a33
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://voir-animes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 16:04:44 GMT
expires: Sat, 09 Sep 2023 16:04:44 GMT
cache-control: public, max-age=31536000
age: 168944
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://voir-animes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:26:57 GMT
expires: Thu, 07 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 329611
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://voir-animes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:26:57 GMT
expires: Thu, 07 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 329611
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9dfcb1cb1f4608b008289690add1ba11
4ebb114bfdc798d60bab2f96917ef6a2d9cc0aee
b5ceeb693fa95e3ab9e950d924c4688c15cff0ee2e3ea004fb0cefc6fb1cec88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5CEEB693FA95E3AB9E950D924C4688C15CFF0EE2E3EA004FB0CEFC6FB1CEC88"
Last-Modified: Sun, 11 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3859
Expires: Sun, 11 Sep 2022 16:04:47 GMT
Date: Sun, 11 Sep 2022 15:00:28 GMT
Connection: keep-alive
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
142.250.74.163200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
IP 142.250.74.163:0
Hash b8d8a549ff5e8e3ff0bc0d1f476fa0e8
52a7b208e06f9130de8025e18b82549f7a85c9a9
d049911221694895ea58a42d7b76a4e90a42a6fe9bae470304f6d0712dc4ce83
GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://voir-animes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 22:17:40 GMT
expires: Wed, 06 Sep 2023 22:17:40 GMT
cache-control: public, max-age=31536000
age: 405768
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5745
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Last-Modified: Sun, 11 Sep 2022 13:24:43 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 4.5 kB IP 172.64.155.188:0
Hash 8c0f46bd56ba912a0feca4c012e969a6
a372133708eedb8a5d52f6388f6d205e14cf17b4
d101b6fddb6e694e9708a0316a8400fac2e9d7a8df7c6a5393a932a4685f4906
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 06:52:31 GMT
Expires: Fri, 16 Sep 2022 06:52:30 GMT
Etag: "c12c4d04abf0ecb3874fdce6d329afbf6011c2c2"
Cache-Control: max-age=402121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749145edce30b517-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 2.7 kB IP 172.64.155.188:0
Hash 15ac79f4bc7bd3473845708a8d14f98c
19ceacf5802d0da029fd8c54926e8633cdcce2c1
d3d61744fc075f859034d0645ceefcbbca9d87c8df1243f2d38b415d9b4f45da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 06:52:31 GMT
Expires: Fri, 16 Sep 2022 06:52:30 GMT
Etag: "c12c4d04abf0ecb3874fdce6d329afbf6011c2c2"
Cache-Control: max-age=402121,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749145edfb46b52d-OSL
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kh6Ut/TPpUM8AfNenOlg9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: z9qAWr8KbWNsGedIU5TmKVHYfCQ=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f99cebe3919652866ee8fba10daa7004
001c15dad22a4338be861fa56af0d5af04fe9ae8
a11965975da43f0c9915224170cfe5e01182f01a764393cbc46be27df8675d75
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A11965975DA43F0C9915224170CFE5E01182F01A764393CBC46BE27DF8675D75"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8399
Expires: Sun, 11 Sep 2022 17:20:27 GMT
Date: Sun, 11 Sep 2022 15:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11206
Expires: Sun, 11 Sep 2022 18:07:15 GMT
Date: Sun, 11 Sep 2022 15:00:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11206
Expires: Sun, 11 Sep 2022 18:07:15 GMT
Date: Sun, 11 Sep 2022 15:00:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11206
Expires: Sun, 11 Sep 2022 18:07:15 GMT
Date: Sun, 11 Sep 2022 15:00:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11206
Expires: Sun, 11 Sep 2022 18:07:15 GMT
Date: Sun, 11 Sep 2022 15:00:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11206
Expires: Sun, 11 Sep 2022 18:07:15 GMT
Date: Sun, 11 Sep 2022 15:00:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: a2fadcbe-350b-4a06-9f9c-ee2da40bb285
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEESeHA_oAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317e742-4740aa3f4ebd479e7a4886ed;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 00:35:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jbF2ZaJUhIoJV-o4f6iviFyUnoDW4R0KHTfC5NySmITnsLbD5iJrPQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 62418
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 60359
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 62015
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 62395
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99bd16c51d8e4853d6ee542d2ec9fb22
a9f77626875d68e1aea2516f78d491eba9969e37
b360c3c9fa12dc4f57fdbfc88fe820ecee1c049f2d43f44cd38b740513d8e9f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8092dc3d-1f2d-4e22-b40a-bf1c53ea42e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10298
x-amzn-requestid: f2e2d57b-1f6f-401a-bf0d-ca5c05dd5e59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE-nmHBKIAMFrZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184496-52d1369463143fc94894e347;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:13:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PRnDEhi5jnNROYiVXzfn4b_vf-OHnwO5RD38I1bLV8JEJb2gDYrqvg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 62395
etag: "a9f77626875d68e1aea2516f78d491eba9969e37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c35b7f5f8e1b0b24570a41b7d18533a
c5b82c9d77851820b8d206573d5c03cd36d27a20
bb2456b31c48e6ebc9595c2bb9972b74531e93dd02ec4571d5af614f2d116ec7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ba7347-38d8-40e3-9b29-41a380f99ed5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6109
x-amzn-requestid: 271b006e-9d17-46ba-9eed-22fd638c4e9e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2AhHZgIAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d039c-444e7d6b22f2a08f7215a986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1ZoYLM2Mj7teQm-1Dz80IZxKGqzuzAoEiT85R3RldbJwO6iJR-JJA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:44:01 GMT
etag: "c5b82c9d77851820b8d206573d5c03cd36d27a20"
content-type: image/jpeg
age: 62188
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.123.175200 OK 31 kB URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (32065)
Hash eb7295a251ca1f8e69c08ffb680a8b91
3e1587a726953926a7d285159ec759072b1ac335
a0e7c9bb1b188b2395f0819e9ac4d7f0a81661699332c1fa48d423d9ad82c082
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:30 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 5951931
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 749145f838ad0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
h4ahsm.cfeucdn.com/video_short.mp4
84.16.243.193206 Partial Content 3.1 kB URL HTTP/1.1 h4ahsm.cfeucdn.com/video_short.mp4
IP 84.16.243.193:0
ASN #28753 Leaseweb Deutschland GmbH
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 639ec085afd48ff720cb1716bb09c075
04789db6677b1e59ae5b2c8c3b565f7ad8bf5c52
7e3c990c8c3e6ad1a07710e7032c1ff22975d6322937e80b0446a07de1b227cb
GET /video_short.mp4 HTTP/1.1
Host: h4ahsm.cfeucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://waaw.to
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Sun, 11 Sep 2022 15:00:30 GMT
Content-Type: video/mp4
Content-Length: 3078
Last-Modified: Sat, 03 Apr 2021 21:17:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6068db6e-c06"
server: YouTube Frontend Proxy
Expires: Tue, 11 Oct 2022 15:00:30 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,Range
Access-Control-Expose-Headers: Content-Range,Content-Length,ETag
Content-Range: bytes 0-3077/3078
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 60409eac62617172b27a13bcaaed459e
7d30f58dbba1db83389cfb542fe31b5ee5f47869
547fa3bbcfd498a9304da901d882899e65c19aa0d18dacb260f19d14a7eb410d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "547FA3BBCFD498A9304DA901D882899E65C19AA0D18DACB260F19D14A7EB410D"
Last-Modified: Sat, 10 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9948
Expires: Sun, 11 Sep 2022 17:46:18 GMT
Date: Sun, 11 Sep 2022 15:00:30 GMT
Connection: keep-alive
waaw.to/js/embed.205.js?736
190.115.19.71200 OK 50 kB URL HTTP/2 waaw.to/js/embed.205.js?736
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type Unicode text, UTF-8 text, with very long lines (3414)
Hash 32f08841644219011abc3fefc90c00ac
eac4e80a06858bcb9886b24011da394fc69dc2c4
0415ddc1b5cde85b548076ad37d92d271454c7c76421adca0a3700e20f1a62b0
GET /js/embed.205.js?736 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=yEpMzKxovX7QmamnqAba; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 25e0740748990b9579a321d1b28983a2
849ef01a23e905d5a6c4a5f823fad713aa9a05e7
ec3c3120565756a22cb396a95382340b4a14eb69115c66ae5538190907974f8e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 15:00:31 GMT
Last-Modified: Sun, 11 Sep 2022 13:41:47 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4JpOQ9iGOR8OXNkOjofPTjE0GDYLW55FkH8E5wvljMesLeYpvnSJbg==
Age: 4725
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash d138179290d9658e4d9bcedc1b814b38
aada05e679349fe926a8f0dedc2f3cec793c8237
fd6e993f7e4f12061634b4530caac835fc9dc385e502a05a12d459fa0dead511
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://waaw.to
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://waaw.to
access-control-allow-credentials: true
set-cookie: uid_id2=785e35ba-c882-4c62-aea5-6594d153fb3d:2:1; expires=Wed, 08 Sep 2032 15:00:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
zap.buzz/lxAR5ZJ
172.67.213.33302 Found 797 B IP 172.67.213.33:0
Hash 759c2af9a501ba842ac0d41bce22bd95
d6fef817676c96545ed2a4a661da19331ce55d72
e1fb516f5ec97d7f9a177e63854641636e88983fd3f5aa19c1aa4e81f03aa4d9
GET /lxAR5ZJ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: text/html; charset=utf-8
location: https://q.cachegorilla.com/r?fid=B79SGewuO6N
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yx34Dw.5naM5PGyNzn2oKeItP3pOOG4PY8; Expires=Sun, 11 Sep 2022 15:30:31 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZMV%2FysAMz%2FFYluPHDANFuBsOJfqXzfBUtPeYFr90alraZ93aXGoBP6Nts%2FeHa5LqQ0UvZr%2BgE0%2Bpw8PP7gIpu%2BDIE5v5v8T8ix%2FsNn%2BAzv8nXrVofVxLTW9%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749145ffde30b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/cdn-cgi/trace
190.115.19.71404 Not Found 29 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 42e5c9ba24a95dd78a09b477657e3669
7b6e36bf7682c29e0822b79c7c010a9344ebffb5
824a545b7325043c7a5c66ca2347b31403ba6615f4063ef0a7d94675bc6b20c9
GET /cdn-cgi/trace HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Cookie: uid=4qpwo9NKCvtmj63I4gNpRiJmyGtfS*54
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=ARV1FFD4rLZaNBC3Zh5x; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
zap.buzz/vqlWwD8
172.67.213.33302 Found 754 B IP 172.67.213.33:0
Hash ad9b37d5f744f794104cd58f42472beb
f76649b6241849f190f8f827d7d727d8f470734d
9a75f010a4692b43adff33f30bf6b9e5169ec39f3acc06fa8c2505f1592b34ca
GET /vqlWwD8 HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: text/html; charset=utf-8
location: https://q.xmlrtb.com/r?fid=k2mHN2AHw88
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yx34Dw.5naM5PGyNzn2oKeItP3pOOG4PY8; Expires=Sun, 11 Sep 2022 15:30:31 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=md%2BJIfB1r0pvnJWJrR8VYpn4xiR9xAoX5YkHXXgtrCF%2Bqf8NTepp4dv5VTX9M3xTiLJCgkPS6g%2FCOgatjdqHxT5QZfH7IIDa0fbTXm1kybKn5x2zSSKE07Jn7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749145ffde1db4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b32a5e9b733c4d6d00fa0ae101956367
a584d7ac68cf4e1e8d897ef1b0ba8d4d3037e997
6d41a9ea960766d6c7a93e01b3da41b93b651a3e38b00ec9873794c4bbdbee5b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6D41A9EA960766D6C7A93E01B3DA41B93B651A3E38B00EC9873794C4BBDBEE5B"
Last-Modified: Sat, 10 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6859
Expires: Sun, 11 Sep 2022 16:54:50 GMT
Date: Sun, 11 Sep 2022 15:00:31 GMT
Connection: keep-alive
addresseepaper.com/sfp.js
104.21.235.2200 OK 23 kB URL HTTP/2 addresseepaper.com/sfp.js
IP 104.21.235.2:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash ce63f98e4fe9ec81b75df92a248350bd
c4c9dc9a0839383664f118cb8cd90d745ef681ad
f827a7fa8fe9981c3c53c5225b6fa290fb8e9521d457dc84f6a22b33adbde84c
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 95401dc818216c87479966477365a95d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 11 Sep 2022 15:00:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JXOjDJ15Qd8RJeRu0uSXacMop4mvzaSLBGgRloQdVBg%2FGe9pOMJZ10hy7%2F1i3tqF45%2BKMWiajYimRNIiXhurqaY7p2rp2esDWWqDhAm8NNtUdJoqARjixUCri4smMVzLgcRAKeo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749146030c2006d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://news24.media/?s&country=no
Pragma: no-cache
r3.o.lencr.org/
23.33.119.27200 OK 782 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3768c83cffe9be1592d13429d3beab60
cece392025b8421cd12009005757cdb45e799d85
c46f4780fd7f4138a48d1c9b68403c34286044ff52b8d9ba2dbe673d3cc7342e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EA6F18B7EDF14D2DF9483DB9DAF05E05D6C28D4BA2726E89370A3A7864FCDB0"
Last-Modified: Sat, 10 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12589
Expires: Sun, 11 Sep 2022 18:30:21 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
news24.media/?s&country=no
104.21.80.135200 OK 24 kB URL HTTP/2 news24.media/?s&country=no
IP 104.21.80.135:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (743), with CRLF, LF line terminators
Hash 6145f3fe20fed91e86c515934152c88f
23f40bc2fcca71735700fcc14d9fa34f6f01c515
8fe912757a2b089f44adbf783ad3614f6e13d44f6783625dbddd42d482c19260
GET /?s&country=no HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1
referrer-policy: origin
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tW8zdgYKBrKWW40pZZqvDcpjEyen%2F%2FTtwhiPancB1SFO0KPtv35ru3PMs9d6Vhsxp08J%2B1KlCy%2FQ7f6WP%2Bm%2FSaaO0grEMLbPUS7FQ65K7mc2uHyCk6NvtHmKlIIcCk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914604bf8f0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.123.175200 OK 18 kB URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (29325)
Hash 8e5ed8c0a8a035c19ef76feaa7eeb5e3
980eda0f403bd181e4786eb6034f720e25b5476b
9ba461e2aff8142668f3c7f03c22f4aa106bd3e27fd8168afe74739ae6ec9e1c
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:30 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 12219194
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 749145f838a80b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
waaw.to/js/video.jquery_plugs/modernizr.js?12
190.115.19.71200 OK 14 kB URL HTTP/2 waaw.to/js/video.jquery_plugs/modernizr.js?12
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (1227), with no line terminators
Hash 78a565775bbe394df942ffa4b88ed10e
8b235674269e82cec77ee306bb8d8979f75d1f86
3e22030df3fe3d36c903a4f011cd758cf48f76051b1f338ca8d7b6819ebb1c8e
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=lOD9PMXyF918IRiCg9Sw; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
190.115.19.71200 OK 42 kB URL HTTP/2 waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 30b54e1dbbcec549bbf1d730252d3374
ed829a2e80b0c8292ca6d7f424389914295eeb1e
bcf313948c9d9b954184a8f1e05c48c0e8da80f9825fa052f3abbf7884abc849
GET /e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/watch_video.php?v=ELnH5k29UwCm&http_referer=https%3A%2F%2Fvoir-animes.com%2F
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=7v2wVR90Ger3CQ3zoAa9; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:29 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//waaw.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
expires: Sun, 11 Sep 2022 15:01:30 GMT
x-origin-location: player
cache-control: public, stale-if-error=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
lockfireshimself.com/pixel/purst?dl=0&th=0&sc=0&rs=2474&rd=2474&fd=726&bv=22.8.v.2&tmpl=136
192.243.61.227200 OK 0 B URL HTTP/1.1 lockfireshimself.com/pixel/purst?dl=0&th=0&sc=0&rs=2474&rd=2474&fd=726&bv=22.8.v.2&tmpl=136
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2474&rd=2474&fd=726&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: lockfireshimself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 15:00:32 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsInNyYyI6Mn0=eyJ.js
104.21.82.164200 OK 24 kB URL HTTP/2 ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsInNyYyI6Mn0=eyJ.js
IP 104.21.82.164:0
File type ASCII text, with very long lines (63841), with no line terminators
Hash 2e163ec45ec94c131852a2ddf93acf1b
becdec722e0aae125ec10e01c0b799838f218524
b6980f0c2e148e4b6fb5c3fecd88457f92d5786bd867d8d2b9458412b2430714
GET /p/waWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: ajfnee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://news24.media
e-tag: e420c464f28cb3aa003e58b0554d75a6
cache-control: max-age=14400
cf-cache-status: HIT
age: 4743
last-modified: Sun, 11 Sep 2022 13:41:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNvBsJpGM67RgUY2KSclXUXODsTRDz5Nw4P7xHyItQJfgz9QCvPjzhEMZ%2FFyEHoHivryuCMnZdlqv9lcpHsr%2FuPfEnpi7QUDLi8c6tTwOrxddH3cts1ha853LcDQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914605aa900b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 86c81c670bfe14ca6040a8f4fc893bb3
edd437946e92f91bc0d76122787de627e96681cd
d11f1f9011d84f787fcb48151538e043ef58fb08d3c130f0022e255de8b78b33
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 11:22:14 GMT
Expires: Thu, 15 Sep 2022 11:22:13 GMT
Etag: "edd437946e92f91bc0d76122787de627e96681cd"
Cache-Control: max-age=331900,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749146062f32b517-OSL
kiynew.com/er?a=1
185.162.85.14200 OK 0 B IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /er?a=1 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
kiynew.com/trt?a=1&t=56
185.162.85.14200 OK 0 B IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trt?a=1&t=56 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b17f8c9229c75630e95fb14933980016
9f206074e4f5450cbab0d42dd79a3bdcc2d74397
e3a651a5423eb3c6f805b469c5a822a2f98706c3e585163690d85b6146631ce2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3A651A5423EB3C6F805B469C5A822A2F98706C3E585163690D85B6146631CE2"
Last-Modified: Sat, 10 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7764
Expires: Sun, 11 Sep 2022 17:09:56 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
kiynew.com/trt?a=1&t=60
185.162.85.14200 OK 0 B IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trt?a=1&t=60 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
kiynew.com/cuclc?aid=13710274710995550826&t=1662908432&s=833673
185.162.85.14302 Found 276 B URL HTTP/2 kiynew.com/cuclc?aid=13710274710995550826&t=1662908432&s=833673
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 2f5c431dd0df20b4c5e8700b2b0a425b
194bf853cf183a5e5e17249461a5d98e011eb4fc
e66e988fdc3397d2b2395f6fe828552ef9c8e102122b83bf1c2f670cc1161cbe
GET /cuclc?aid=13710274710995550826&t=1662908432&s=833673 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=utf-8
content-length: 276
location: https://haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13710274710995550826_337233_2_0&si1=a337233
X-Firefox-Spdy: h2
kiynew.com/cuclc?aid=13282893975558769255&t=1662908432&s=777947
185.162.85.14302 Found 216 B URL HTTP/2 kiynew.com/cuclc?aid=13282893975558769255&t=1662908432&s=777947
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 14e762e1c6fe1e68523b7e795f632d73
462c541ee22e8759b923e67aebc2552c3c0165b5
1edb34728094b9b96b13c6e633f52f90f3547385567934804526bda198eeff38
GET /cuclc?aid=13282893975558769255&t=1662908432&s=777947 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=utf-8
content-length: 216
location: https://www.safestgatetocontent.com/pmi9278c?key=080c49fd0af21cc0e5d0d2532f20bc51&psid=a358757
X-Firefox-Spdy: h2
xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=453690&auth=51bnE2&pubid=150133 HTTP/1.1
Host: xml.popmonetizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:32 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.popmonetizer.com/
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.good-trading.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 455371
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c675&q=woma&return_url=&iab_category=2
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c675&q=woma&return_url=&iab_category=2
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c675&q=woma&return_url=&iab_category=2 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c617&q=woma&return_url=&iab_category=7
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c617&q=woma&return_url=&iab_category=7
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c617&q=woma&return_url=&iab_category=7 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c647&q=woma&return_url=&iab_category=9
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c647&q=woma&return_url=&iab_category=9
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c647&q=woma&return_url=&iab_category=9 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c195&q=woma&return_url=&iab_category=10
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c195&q=woma&return_url=&iab_category=10
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c195&q=woma&return_url=&iab_category=10 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c271&q=woma&return_url=&iab_category=11
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c271&q=woma&return_url=&iab_category=11
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c271&q=woma&return_url=&iab_category=11 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c789&q=woma&return_url=&iab_category=8
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c789&q=woma&return_url=&iab_category=8
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c789&q=woma&return_url=&iab_category=8 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c865&q=woma&return_url=&iab_category=12
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c865&q=woma&return_url=&iab_category=12
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c865&q=woma&return_url=&iab_category=12 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c355&q=woma&return_url=&iab_category=13
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c355&q=woma&return_url=&iab_category=13
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c355&q=woma&return_url=&iab_category=13 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c640&q=woma&return_url=&iab_category=14
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c640&q=woma&return_url=&iab_category=14
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c640&q=woma&return_url=&iab_category=14 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c677&q=woma&return_url=&iab_category=4
149.6.163.11404 Not Found 6.9 kB URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c677&q=woma&return_url=&iab_category=4
IP 149.6.163.11:0
Hash b5e405ee559039aefabd53523221ed85
93f5dd21210a67b249f4482358282b349c1586a6
12b60b5d2339ef0668317c21008feaf6fb3e8c9eb4803d14a6ad3ea0695d9b42
GET //direct?pubid=746528&subid=batwoman&feedid=c677&q=woma&return_url=&iab_category=4 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.14200 OK 142 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash b53b666ff3ab6540049a36fe3fe3a188
0c575a2b9b154c113914a5f87c9107ba9cdc4cb0
1000d643d645368dc1e364c2bad1902594d8e51cdd9adf036881c79fc2bc9b46
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c588&q=woma&return_url=&iab_category=5
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c588&q=woma&return_url=&iab_category=5
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c588&q=woma&return_url=&iab_category=5 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c379&q=woma&return_url=&iab_category=1
149.6.163.11404 Not Found 0 B URL HTTP/2 8961.xml.4armn.com//direct?pubid=746528&subid=batwoman&feedid=c379&q=woma&return_url=&iab_category=1
IP 149.6.163.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //direct?pubid=746528&subid=batwoman&feedid=c379&q=woma&return_url=&iab_category=1 HTTP/1.1
Host: 8961.xml.4armn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-length: 0
X-Firefox-Spdy: h2
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJmci5uZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0
185.162.85.14200 OK 142 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJmci5uZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash eb895ab9d0b29a33c0cf47cd1c089629
e3630e2de93a5b7139c7d2d36b2ad4915469e9ec
9aa8d3bd24eccdb1fbd952b7975bc5feab76dbb749402bd6bcfa07197590905c
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJmci5uZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9a1fa136fdb3233e53bf8cd255c9eede
6c3942d47d2bd442d3b39b1124b75751b4b3de7e
98d0bc2c5fcad6dc06440174b4ad1bcef41d8d09a79c4d9d2a7c0d375595d5c9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98D0BC2C5FCAD6DC06440174B4AD1BCEF41D8D09A79C4D9D2A7C0D375595D5C9"
Last-Modified: Sun, 11 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8348
Expires: Sun, 11 Sep 2022 17:19:40 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
phosphatepossible.com/sbar.json?key=ab0be2a44b7ecf91bdbd5cd360d84937&uuid=785e35ba-c882-4c62-aea5-6594d153fb3d%3A2%3A1
192.243.61.225200 OK 4.1 kB URL HTTP/1.1 phosphatepossible.com/sbar.json?key=ab0be2a44b7ecf91bdbd5cd360d84937&uuid=785e35ba-c882-4c62-aea5-6594d153fb3d%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5697), with no line terminators
Hash 2e1293b71dc7859f341a55f3a3ca4fc5
baccd6c88909e0689ee2fdad30727f5cb1245206
526e67a2e13bdc41a8312f10bc5a4a781125e3cbbed71ea4165636e5710def49
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ab0be2a44b7ecf91bdbd5cd360d84937&uuid=785e35ba-c882-4c62-aea5-6594d153fb3d%3A2%3A1 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://waaw.to
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 15:00:32 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://waaw.to
Access-Control-Allow-Origin: https://waaw.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334947; expires=Mon, 12 Sep 2022 15:00:32 GMT; secure; SameSite=None
uid_id2=785e35ba-c882-4c62-aea5-6594d153fb3d:2:1; expires=Sun, 18 Sep 2022 15:00:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 12 Sep 2022 15:00:32 GMT; secure; SameSite=None
uncs=1; expires=Mon, 12 Sep 2022 15:00:32 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 12 Sep 2022 15:00:32 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 12 Sep 2022 15:00:32 GMT; secure; SameSite=None
slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]; expires=Sun, 11 Sep 2022 15:00:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c60b18e6e93a65075bea04f77eb87ffc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f9586374bb1bef58a7f21c55bdcccbcf
f4dfc53e23c579b828c19a2ab88d095b05d7b8df
545d01bc8dd9ba4d616be5179a3ae220c605bfba00982fd639835ca09a4dc56f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "545D01BC8DD9BA4D616BE5179A3AE220C605BFBA00982FD639835CA09A4DC56F"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7093
Expires: Sun, 11 Sep 2022 16:58:45 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bed1979c01f06cfea5c942a3db417b95
bce1fc044908ffde348e41c37eab4ff887358b1c
469a45a4e506527af81ee08e6576bc9cd10cf3c545b0c1f9e64acce09a18dd3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469A45A4E506527AF81EE08E6576BC9CD10CF3C545B0C1F9E64ACCE09A18DD3F"
Last-Modified: Sat, 10 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6427
Expires: Sun, 11 Sep 2022 16:47:39 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bed1979c01f06cfea5c942a3db417b95
bce1fc044908ffde348e41c37eab4ff887358b1c
469a45a4e506527af81ee08e6576bc9cd10cf3c545b0c1f9e64acce09a18dd3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469A45A4E506527AF81EE08E6576BC9CD10CF3C545B0C1F9E64ACCE09A18DD3F"
Last-Modified: Sat, 10 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6427
Expires: Sun, 11 Sep 2022 16:47:39 GMT
Date: Sun, 11 Sep 2022 15:00:32 GMT
Connection: keep-alive
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0
185.162.85.14200 OK 44 kB URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash a6613f8b5b11c8feb544b807b2563e27
da57e2c7b4309719f93bdaef7923501a8f98bba5
f15822ae4bea3370ee203982703132577774376fa49d3f26f393e102cee32572
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=1&if=0 HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 14:55:02 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 771129468
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: rbx1
x-cdn-pop-ip: 51.254.41.128/25
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.245200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1550)
Hash 945c4562d85f9cf6a0720b316a2745d8
f49f4e3fcc7cf6958cf6ca99192a6ff4cd09bc4a
892d73e2087ceb3f246ae57cef48263269680ea72ea42c38f17bf58abc2552a2
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22631df81108aca9.535470583131951486%22%3B%7D; expires=Tue, 10 Sep 2024 15:00:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C75709504%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cgood-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.popmonetizer.com/
104.21.87.233200 OK 10 kB IP 104.21.87.233:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (308)
Hash 0e6796d03574972658b6acb250b4e5cb
2ad0601e23126840ba0acb797075efd9e991fbf9
e159115ccb3dd0edf600e73d229d93eedcf11006b2d1951832ad3147cf823a9e
GET / HTTP/1.1
Host: www.popmonetizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=utf-8
vary: Cookie
set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiYjMzMTQyODRlN2ZiM2Y1YTk3NWE2ZGFlMTc5NWNmNjljYjQxOWM3YiJ9.Yx34EA.elb4WNw6zXC_4WWo0zNq3_6Uasw; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mT37pS8B3D%2F%2Fqiwvj5TuudDCNjIQ%2BpOpi59nLoRnQwvBflA8yXNTYAfrv4FALWa7r9u0HMZi9ymPfi42Nl%2F4gOMBmYBznw%2BFnEPwCTCYI%2B%2BMggPTIDmf%2FmeObbds%2FkhlRWXQd6sf3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146085f45b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 03940aa128cfe203b837135bd0793c56
0bf6f6e8ccea0122d0702dc1f553f4737a3f27ce
0df3e584d191454e815427e4ceefa22592dff1880b3ff50ea476a5ff37db9813
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0DF3E584D191454E815427E4CEEFA22592DFF1880B3FF50EA476A5FF37DB9813"
Last-Modified: Sat, 10 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10828
Expires: Sun, 11 Sep 2022 18:01:01 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRu9lQy8gXejko1ipBcKik5PfXRXd5tFMI4jg5NMSBTdiN6v7rnO7bqVe6u6emY1JCBZtv%2Bg5vR8EA0SwW2C9ASyGBDSummI8x9ECC5cSHcGW5%2FNc06dszh1nvv1bn5CfOR0snzFbCut6VK96lfe%2FCwILlbWVJL3K%2F1m%2FEVcu1ixvXdbcdV%2Fq%2FKh5JtmKfQD3w%2F8oLKirGyb%2FtJUhErvtYJqy6%2FWwmpQr6Fv%2F8td7sFRD6J3Ql6CEuOFR955KD5C0r2%2FLN1mZtJ3PujmmmbGoicOP0k2E1Mk6M5h23poJ4enbhj3ZOUhTLI%2FiwvT%2B8fI1Jh4jx%2BCJYenIcF6e7OcTEMmYOL%2FKHojSD2CoiNwcxtKPCEAF7i6jqR7cNXYgm49V%2BlUHZOFZ39AFWOy8Nt5JN3vL2vVr9wwOs%2BUSRz67RKqP4LqjJDmR8i2z0AVR%2BDZLSjxM1l6toaku7futIESk9cbzbqM6owu8mYzXKzxOFykktYX43qrJoJ61GaRmBWk1AiqPYKWA1B3BrnzkCsPedtDnnroikmFB0HQ8AWnfrPFeSQaksXCD2ijHdDAj5vI%2BfQfBsjSAbgegNsdpHYHm2oAm%2F8Et1HCCQ8uI%2BiJEoUkKBxBQQkKRVBkBEWv3Bfaha48ENrlLDjd4emOyqHJOrt032QdmZDd9IS8OC3OO3driE05qVDmMxnSWo01JG%2B3AiaYqHMRxb5o1lpRA06VUO4MqPOwrcbk1QdvI1Vj8r%2FPn4LRIzh9BK7eAM0vgBbDRuiDbgxrTR%2FbycHGzZvVzECYEmm2gGzL29Un5OXZ6aJfNSQ%2FvvQluzL%2B%2Fe5f4LZEakt8pR4RdPSd4XVTkL3rpnDkh%2FU0U121TadnvZHRTJ799iO5VRgrVpfd4O57fCpM4b2PpcvWaCJU0nHku8tKCGlXjOWSPFh1n0p2LXcbl3Ob5OnatfdXVruplc4pk4xA1ZiQx8fgakzO%2FTiZvdhXnt6HsiPYvEQ3PyanA2WOwNMduHSe35mzsHruYamHIi%2BHNmTzj1oRaDnnlJVw%2F%2BJsjnfdHXTsa6DZbSTdEj1boqdLUD2Ay88Os9QeX%2Folmg2Y9oZMW2%2BPaau%2FeV6uU5NKI4p8GrfqQaNBZYPVwmY7DgSlYS0O45hGyNyYX%2Fjzhb8BAAD%2F%2FwEAAP%2F%2Fx21f%2BnwEAAA%3D
192.243.61.225200 OK 830 B URL HTTP/1.1 phosphatepossible.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRu9lQy8gXejko1ipBcKik5PfXRXd5tFMI4jg5NMSBTdiN6v7rnO7bqVe6u6emY1JCBZtv%2Bg5vR8EA0SwW2C9ASyGBDSummI8x9ECC5cSHcGW5%2FNc06dszh1nvv1bn5CfOR0snzFbCut6VK96lfe%2FCwILlbWVJL3K%2F1m%2FEVcu1ixvXdbcdV%2Fq%2FKh5JtmKfQD3w%2F8oLKirGyb%2FtJUhErvtYJqy6%2FWwmpQr6Fv%2F8td7sFRD6J3Ql6CEuOFR955KD5C0r2%2FLN1mZtJ3PujmmmbGoicOP0k2E1Mk6M5h23poJ4enbhj3ZOUhTLI%2FiwvT%2B8fI1Jh4jx%2BCJYenIcF6e7OcTEMmYOL%2FKHojSD2CoiNwcxtKPCEAF7i6jqR7cNXYgm49V%2BlUHZOFZ39AFWOy8Nt5JN3vL2vVr9wwOs%2BUSRz67RKqP4LqjJDmR8i2z0AVR%2BDZLSjxM1l6toaku7futIESk9cbzbqM6owu8mYzXKzxOFykktYX43qrJoJ61GaRmBWk1AiqPYKWA1B3BrnzkCsPedtDnnroikmFB0HQ8AWnfrPFeSQaksXCD2ijHdDAj5vI%2BfQfBsjSAbgegNsdpHYHm2oAm%2F8Et1HCCQ8uI%2BiJEoUkKBxBQQkKRVBkBEWv3Bfaha48ENrlLDjd4emOyqHJOrt032QdmZDd9IS8OC3OO3driE05qVDmMxnSWo01JG%2B3AiaYqHMRxb5o1lpRA06VUO4MqPOwrcbk1QdvI1Vj8r%2FPn4LRIzh9BK7eAM0vgBbDRuiDbgxrTR%2FbycHGzZvVzECYEmm2gGzL29Un5OXZ6aJfNSQ%2FvvQluzL%2B%2Fe5f4LZEakt8pR4RdPSd4XVTkL3rpnDkh%2FU0U121TadnvZHRTJ799iO5VRgrVpfd4O57fCpM4b2PpcvWaCJU0nHku8tKCGlXjOWSPFh1n0p2LXcbl3Ob5OnatfdXVruplc4pk4xA1ZiQx8fgakzO%2FTiZvdhXnt6HsiPYvEQ3PyanA2WOwNMduHSe35mzsHruYamHIi%2BHNmTzj1oRaDnnlJVw%2F%2BJsjnfdHXTsa6DZbSTdEj1boqdLUD2Ay88Os9QeX%2Folmg2Y9oZMW2%2BPaau%2FeV6uU5NKI4p8GrfqQaNBZYPVwmY7DgSlYS0O45hGyNyYX%2Fjzhb8BAAD%2F%2FwEAAP%2F%2Fx21f%2BnwEAAA%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash cfb6fa3036cebd36d67440a12ffed7e3
5ee029f3c683e3d3c35e87d38581aafb6bc7a553
311ee792bb352311fd834284f2aaebcffc93b6ff64705c278bb2cf790b8735a9
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYscVRu9lQy8gXejko1ipBcKik5PfXRXd5tFMI4jg5NMSBTdiN6v7rnO7bqVe6u6emY1JCBZtv%2Bg5vR8EA0SwW2C9ASyGBDSummI8x9ECC5cSHcGW5%2FNc06dszh1nvv1bn5CfOR0snzFbCut6VK96lfe%2FCwILlbWVJL3K%2F1m%2FEVcu1ixvXdbcdV%2Fq%2FKh5JtmKfQD3w%2F8oLKirGyb%2FtJUhErvtYJqy6%2FWwmpQr6Fv%2F8td7sFRD6J3Ql6CEuOFR955KD5C0r2%2FLN1mZtJ3PujmmmbGoicOP0k2E1Mk6M5h23poJ4enbhj3ZOUhTLI%2FiwvT%2B8fI1Jh4jx%2BCJYenIcF6e7OcTEMmYOL%2FKHojSD2CoiNwcxtKPCEAF7i6jqR7cNXYgm49V%2BlUHZOFZ39AFWOy8Nt5JN3vL2vVr9wwOs%2BUSRz67RKqP4LqjJDmR8i2z0AVR%2BDZLSjxM1l6toaku7futIESk9cbzbqM6owu8mYzXKzxOFykktYX43qrJoJ61GaRmBWk1AiqPYKWA1B3BrnzkCsPedtDnnroikmFB0HQ8AWnfrPFeSQaksXCD2ijHdDAj5vI%2BfQfBsjSAbgegNsdpHYHm2oAm%2F8Et1HCCQ8uI%2BiJEoUkKBxBQQkKRVBkBEWv3Bfaha48ENrlLDjd4emOyqHJOrt032QdmZDd9IS8OC3OO3driE05qVDmMxnSWo01JG%2B3AiaYqHMRxb5o1lpRA06VUO4MqPOwrcbk1QdvI1Vj8r%2FPn4LRIzh9BK7eAM0vgBbDRuiDbgxrTR%2FbycHGzZvVzECYEmm2gGzL29Un5OXZ6aJfNSQ%2FvvQluzL%2B%2Fe5f4LZEakt8pR4RdPSd4XVTkL3rpnDkh%2FU0U121TadnvZHRTJ799iO5VRgrVpfd4O57fCpM4b2PpcvWaCJU0nHku8tKCGlXjOWSPFh1n0p2LXcbl3Ob5OnatfdXVruplc4pk4xA1ZiQx8fgakzO%2FTiZvdhXnt6HsiPYvEQ3PyanA2WOwNMduHSe35mzsHruYamHIi%2BHNmTzj1oRaDnnlJVw%2F%2BJsjnfdHXTsa6DZbSTdEj1boqdLUD2Ay88Os9QeX%2Folmg2Y9oZMW2%2BPaau%2FeV6uU5NKI4p8GrfqQaNBZYPVwmY7DgSlYS0O45hGyNyYX%2Fjzhb8BAAD%2F%2FwEAAP%2F%2Fx21f%2BnwEAAA%3D HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Cookie: u_pl=17334947; uid_id2=785e35ba-c882-4c62-aea5-6594d153fb3d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d04a07b04082e678e300d1bf7a2988d
Strict-Transport-Security: max-age=0; includeSubdomains
thenetwork18.net/direct.html
172.67.191.234200 OK 76 kB URL HTTP/2 thenetwork18.net/direct.html
IP 172.67.191.234:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2e91662b0e54cf15ec9d984af95e7a2e
1f5a47c62cdba1f98b49c09a64930abe5f3b0b7c
b5a307ebacea34b0aa967a36fb9b3937fe439915b6ad88466390aa04a64a4c60
GET /direct.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEF9:CFE6_D5BA2113:0050_631DE00E_11B4:25C46
x-iplb-instance: 30850
cache-control: max-age=14400
cf-cache-status: HIT
age: 6143
last-modified: Sun, 11 Sep 2022 13:18:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yhh3Dld2t5OjznzZPsnWbaG%2FEObjGLrpvXpZEHxJFHYspEiSMEbuqBLrf7B3f00O%2BXgzY6MOzWUSQMlcF3XMv2zuAXcIGI%2BHq%2Bcsnh8zxvT0YixusVBqYXsg0ZgcLBJhikts"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146090d96b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da7b1c24eee0db0c23872933557b7521
b8bc1215b4073784c048587e51a40152bd88c8ed
6ba38b5c68971135ed3f1fbe7afa658ce883240142a4244ce7d84fa251a64c3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 29a9e76bdf0876459fae8f58085f12ff
f3d4c6b711ddf12927fe03e9c13ed41f73ef14d5
729d8a3cbfee8ecdec6fcb76e9784adfaf3387e180f1971e619af0e8eacb13c8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729D8A3CBFEE8ECDEC6FCB76E9784ADFAF3387E180F1971E619AF0E8EACB13C8"
Last-Modified: Sat, 10 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Sun, 11 Sep 2022 17:13:50 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
vast.yomeno.xyz/event?tcid=14898&uid=7051e04e36459a8f9e53fc11d762dd92
109.206.181.2200 OK 0 B URL HTTP/2 vast.yomeno.xyz/event?tcid=14898&uid=7051e04e36459a8f9e53fc11d762dd92
IP 109.206.181.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?tcid=14898&uid=7051e04e36459a8f9e53fc11d762dd92 HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
95.211.229.245200 OK 10 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash b203aa5a0409d9b52b6482a3f869b87f
a2df2c13fc5466fc1fe3eeec40f242f65fb75e28
79bcd4900a193161f05f4a40fb9219ed75e1c17a4e8578a8fadc37b3d85753a3
GET /splash.php?idzone=3918598&sub=1614288077 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22631df811408f29.126690771698083598%22%3B%7D; expires=Tue, 10 Sep 2024 15:00:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3918598%7C75663980%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C1614288077%7Cgood-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
142.250.74.163200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 142.250.74.163:0
Hash 3b489414389c3c63d583360d28d3c1ed
018e7d9644213624e2168b1be0dab287cd098709
f4f441fa0dcfa77957f7cd94c88ca86997ede4bab79041131fbd30f4b40b0630
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.popmonetizer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:13:12 GMT
expires: Tue, 05 Sep 2023 21:13:12 GMT
cache-control: public, max-age=31536000
age: 496041
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.164200 OK 557 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 2ccc89f867610ca13b2456db03928f05
d9816baef3ded701d95b61e184d8b7fe2f473c09
fb834adb29f4d3ba0653177176a82a136a06fd8cf8c55583372eabf7212eb25b
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.popmonetizer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 11 Sep 2022 15:00:33 GMT
date: Sun, 11 Sep 2022 15:00:33 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.tubecorp.com/vs/vs.js
45.133.44.25200 OK 15 kB URL HTTP/2 cdn.tubecorp.com/vs/vs.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (43236)
Hash b6442ec7ee7bb3bec3544b44f13cc44f
64e268e2e62a8a7066ba7dc089882298e752e4a4
da93acd0b37848feb191a919b35aeb3eae02a39fb534c890b7989d8074c96cc1
GET /vs/vs.js HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.20.1
last-modified: Fri, 26 Feb 2021 08:59:15 GMT
etag: W/"6038b863-b46b"
cache-control: max-age=3600
x-request-id: e07a8c5e4f2b0b8b4d0d7fdeb26353fa
content-encoding: gzip
expires: Sun, 11 Sep 2022 16:00:32 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
95.211.229.245200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1550)
Hash 563f835579ccb434309fde66bcaacf6c
88b296733208d8dd62e2976c784e4baa8a4a8e9b
c5ef6b5c0435fe93a18eb0d8a52b85ce9de34b920d4db688577a0ca47a5263ca
GET /splash.php?idzone=3918598&sub=1614288077 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22631df811578703.036674372559787194%22%3B%7D; expires=Tue, 10 Sep 2024 15:00:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3918598%7C75709504%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C1614288077%7Cgood-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1866&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=30
172.67.129.202200 OK 0 B URL HTTP/2 api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1866&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=30
IP 172.67.129.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1866&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=30 HTTP/1.1
Host: api.codetabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-length: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6R5w%2F43GaGgn9cJEGJVwaQuZYeDAY1Ztvn%2FBB%2Bmmtw7iN1QAfVdl7k1AkS9jNdCrZcSmZoTz6Q8mE%2Be6ImR2EWeTbHoJGQR05f6hKTWR34qWvSnePQO7fWkj6HEyrt5FWkG2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460a9e95b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash af95ad9454365bf0c06d134ac753198a
3c2bc4a2403096afc08580cc00afd0c008858ee9
23ecbd22f192ead4258e4a4316d5b7cbf5076210f420ebc3c588e9d4e05d4dc6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23ECBD22F192EAD4258E4A4316D5B7CBF5076210F420EBC3C588E9D4E05D4DC6"
Last-Modified: Fri, 09 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6670
Expires: Sun, 11 Sep 2022 16:51:43 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 20 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cb962abab12e92b3e20a0ad1ae2e5803
e598bdf8527a29e9443eb54b9de90d047edd306d
0dff0030dea6e0ae5342991d68b8da074fea6540904c0f619ed38fd03099e518
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "23ECBD22F192EAD4258E4A4316D5B7CBF5076210F420EBC3C588E9D4E05D4DC6"
Last-Modified: Fri, 09 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6670
Expires: Sun, 11 Sep 2022 16:51:43 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
redirect3.online/flurryad.html
104.21.39.111200 OK 179 B URL HTTP/2 redirect3.online/flurryad.html
IP 104.21.39.111:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 184ccdedde270a19e3f160636cc5e3a7
2593f729a520ee28f7e4cbd9cdf651a803f2954a
1f5d78979cd6a3ac202093513b22b6956cd19fdc388ee99a134e429118dc4977
GET /flurryad.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 246
last-modified: Sun, 11 Sep 2022 14:56:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6o7c5aYr2t%2FDOjrlIcM4lL7hdsD2G7KZw9y4Q1%2BUuP32LcCNedBsBMGXmqGAlakyda3ebC3ELoLAbPbRJuSJOrjJqWMcboujiEwDS8tu7Iu3AxvaCcu1x6N2Em9Lgpt%2BeK2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460a4981fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kts.cvastico.com/in/vtcevents/?e_type=impression&source=1614288077&tcid=14898&iab=IAB25&cap=15&p=&ccid=&ctype=slider&uid=7051e04e36459a8f9e53fc11d762dd92&endpoint=&other=https://syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
109.206.175.252200 OK 0 B URL HTTP/2 kts.cvastico.com/in/vtcevents/?e_type=impression&source=1614288077&tcid=14898&iab=IAB25&cap=15&p=&ccid=&ctype=slider&uid=7051e04e36459a8f9e53fc11d762dd92&endpoint=&other=https://syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077
IP 109.206.175.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/vtcevents/?e_type=impression&source=1614288077&tcid=14898&iab=IAB25&cap=15&p=&ccid=&ctype=slider&uid=7051e04e36459a8f9e53fc11d762dd92&endpoint=&other=https://syndication.realsrv.com/splash.php?idzone=3918598&sub=1614288077 HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/xml
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
set-cookie: 754.0=1; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
votreimc.com/main.html
172.67.199.50200 OK 1.4 MB IP 172.67.199.50:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size 1.4 MB (1428257 bytes)
Hash c2f56e7cfca0b6970caf4077d4c2e9ac
ffc343bdf8163a0b1db81f69e72d6fd47ad58b81
7de95f6719a12efb5eb739c00d5d394ae393854708768a88fe40d7754df23f64
GET /main.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5183
last-modified: Sun, 11 Sep 2022 13:34:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tvG7f1wCZQGpcfKCzNTxmjVyikKA%2FMoYJ%2BgBegbgBei8DI17H3lTgTHsP9INew%2BuQB9CPzqPsDaNcUGns509Opj%2FHZRj17SZWH6OdoWE2IeAXIUOWT%2BkgFghwccU2ok%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146093dcdb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kts.cvastico.com/in/vtcevents/?e_type=start&source=1614288077&tcid=14898&ctype=slider&iab=IAB25&cap=15&uid=7051e04e36459a8f9e53fc11d762dd92&ccid=&endpoint=
109.206.175.252200 OK 0 B URL HTTP/2 kts.cvastico.com/in/vtcevents/?e_type=start&source=1614288077&tcid=14898&ctype=slider&iab=IAB25&cap=15&uid=7051e04e36459a8f9e53fc11d762dd92&ccid=&endpoint=
IP 109.206.175.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/vtcevents/?e_type=start&source=1614288077&tcid=14898&ctype=slider&iab=IAB25&cap=15&uid=7051e04e36459a8f9e53fc11d762dd92&ccid=&endpoint= HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/xml
content-length: 0
access-control-allow-origin:
access-control-allow-credentials: true
set-cookie: 754.0=1; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.25200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sun, 11 Sep 2022 15:05:33 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
q.xmlrtb.com/r?fid=k2mHN2AHw88
172.67.160.207302 Found 20 B URL HTTP/2 q.xmlrtb.com/r?fid=k2mHN2AHw88
IP 172.67.160.207:0
File type gzip compressed data, max speed, from Unix\012- data
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /r?fid=k2mHN2AHw88 HTTP/1.1
Host: q.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:33 GMT
location: https://popxperts.com/w3ar3w1n
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V536JcwW1Wy99sHSVo5H2v1G4fwK04zsl8yFM%2FxROOgUWzUMmFAAa7zKKRVlPmvjDC4zp7lmFqvVvRxVHS8LI1FNABQXHu5J74EMCa7HXHxF7bm%2FZCeQ1kdngZulHLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146004f6bb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
142.250.74.163200 OK 157 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (539)
Size 157 kB (157166 bytes)
Hash 026df0dfed2314af108e700900288961
51c2a55bca7d65c549ef138d1294cac2aa98dd96
24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.popmonetizer.com
Connection: keep-alive
Referer: https://www.popmonetizer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/javascript
age: 423433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 45ef770d1fc2c638b9ceb7173268c228
75a7b868275139facf64c26b50db8c50e12b401f
6b4b6a1bd9ee07c973038e6a4673cbdb7a340ddfc3f85ddbe863cdff75b5d8c4
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 14:04:58 GMT
ETag: "75a7b868275139facf64c26b50db8c50e12b401f"
Last-Modified: Sun, 11 Sep 2022 14:04:59 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460e9db70b3d-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash c6143dfb724638e1bf6b63465f3035e5
660ac1fe8f58762f30358419739a97ae7939ac42
a50814d4aa79344129b414358829efa1e69f80ac5f68fd10198263e841b7321a
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 13:24:53 GMT
ETag: "660ac1fe8f58762f30358419739a97ae7939ac42"
Last-Modified: Sun, 11 Sep 2022 13:24:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460e9f47b4f9-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 45ef770d1fc2c638b9ceb7173268c228
75a7b868275139facf64c26b50db8c50e12b401f
6b4b6a1bd9ee07c973038e6a4673cbdb7a340ddfc3f85ddbe863cdff75b5d8c4
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 14:04:58 GMT
ETag: "75a7b868275139facf64c26b50db8c50e12b401f"
Last-Modified: Sun, 11 Sep 2022 14:04:59 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460e9ffd1bfe-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash c6143dfb724638e1bf6b63465f3035e5
660ac1fe8f58762f30358419739a97ae7939ac42
a50814d4aa79344129b414358829efa1e69f80ac5f68fd10198263e841b7321a
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 13:24:53 GMT
ETag: "660ac1fe8f58762f30358419739a97ae7939ac42"
Last-Modified: Sun, 11 Sep 2022 13:24:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460e9a840b61-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 57512bb2177da094bf2ae2b926fd2534
52ace5ec9a7e82e4c2ed8c473470bbbc202b45e1
484f42613ff8ab686d57278f2c0183fabf0c58333b7d1a7cf8cd7eb8e63fa1f5
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 11:19:28 GMT
ETag: "52ace5ec9a7e82e4c2ed8c473470bbbc202b45e1"
Last-Modified: Sun, 11 Sep 2022 11:19:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460e9f65b524-OSL
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6313
Expires: Sun, 11 Sep 2022 16:45:46 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6c2fea93ba89de81c2b01aaca1a87835
0a7f50001f709285bc10f6ef044ef39a60535bff
6cae8a5f9949975a3adedc41088196b8c9dd984e4023e54bbe655800a9478349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 3.7 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 600bc97f74d9e7503daa29afebb8eb56
7fa685778add30e44f8a4961c35d045534ea3ab1
001f4089434f8eacae507d662bb83aa650dceb848e563e95009c201fbabbd0e1
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 14:00:48 GMT
ETag: "47b08da5a586bfbb7f650ccae08b3c1a418d4502"
Last-Modified: Sun, 11 Sep 2022 14:00:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460f0e280b3d-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash a6720bcd5ae10684bd22b36c3077249e
47b08da5a586bfbb7f650ccae08b3c1a418d4502
5de9cd54e30e159e32e1e4fa3791be7807c00e13f284844d0cf564078d1c8361
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 14:00:48 GMT
ETag: "47b08da5a586bfbb7f650ccae08b3c1a418d4502"
Last-Modified: Sun, 11 Sep 2022 14:00:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460f0fc4b4f9-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8235f58ce2da46f8a4d2c6d0fa290d70
179bea9486ef010987a2f81ce56c018f63c625a3
39e6096774682bb234545e7156c9751e11471ffcf31b35965e2b11d888913ba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39E6096774682BB234545E7156C9751E11471FFCF31B35965E2B11D888913BA4"
Last-Modified: Sat, 10 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10261
Expires: Sun, 11 Sep 2022 17:51:34 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8235f58ce2da46f8a4d2c6d0fa290d70
179bea9486ef010987a2f81ce56c018f63c625a3
39e6096774682bb234545e7156c9751e11471ffcf31b35965e2b11d888913ba4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39E6096774682BB234545E7156C9751E11471FFCF31B35965E2B11D888913BA4"
Last-Modified: Sat, 10 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10261
Expires: Sun, 11 Sep 2022 17:51:34 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 148f47b3136382e6bee6043813c92e20
a976417d7d1b387c2b19f9a8033b5f3e050cf183
5663464017cf8f82469c419bbe9094cbd639acf7b5d3419ee4ea3e1a55fc7300
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 12:28:11 GMT
ETag: "a976417d7d1b387c2b19f9a8033b5f3e050cf183"
Last-Modified: Sun, 11 Sep 2022 12:28:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460f6b660b61-OSL
www.ad-good.com/infinitya.html?1
104.21.91.64200 OK 5.7 kB URL HTTP/2 www.ad-good.com/infinitya.html?1
IP 104.21.91.64:0
Hash 6845ec0cef1d2e882f2dd3f35d738506
a02972729b812c4facdd2e66c255959fbbbfd497
636d1ad325f17648a9bfaef1801a477a71742bb781f73135a49b6f7d7e32673a
GET /infinitya.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 246
last-modified: Sun, 11 Sep 2022 14:56:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEZ5axJy%2FufLX5eK4rBfIScf00d5ECq9f4gzisGFoOUmaC7UrJKGutJPoOF5vpMRULeJkELcpQyYoBPBaqjiIBhUP2rNaIJMKBFVdzHr2FFzIbm37TBrlivWIGyF1P4DMWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460c0d830b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 148f47b3136382e6bee6043813c92e20
a976417d7d1b387c2b19f9a8033b5f3e050cf183
5663464017cf8f82469c419bbe9094cbd639acf7b5d3419ee4ea3e1a55fc7300
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 12:28:11 GMT
ETag: "a976417d7d1b387c2b19f9a8033b5f3e050cf183"
Last-Modified: Sun, 11 Sep 2022 12:28:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491460f68d81bfe-OSL
www.votreimc.com/adzgameadu.html
172.67.199.50200 OK 1.5 kB URL HTTP/2 www.votreimc.com/adzgameadu.html
IP 172.67.199.50:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 84a88ad9365042a2c43e518aaa2a357d
514d6ccfceb8086c36bcc31accf17ca1335e687c
40d85a1e4f72371d95af35af7b67267ea03593bc728779dec1578ab635fcdf9c
GET /adzgameadu.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 3766
last-modified: Sun, 11 Sep 2022 13:57:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=heBrnDnXSJm5uCp7pBZck%2BdFl0CnmXRBSyKrHyzxnCheQwWEr%2FHm7SAXbOq11TzElayxnbFc3%2B4honOxmojA8RzsBiwVuA7vxNVGpqXf8jiiAPN1w57zkAY6KloM%2Fh%2FzV0Xg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146095e13b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bgvke.haxbyq.com/images/play-2/icon1.png
185.56.234.205200 OK 7.3 kB URL HTTP/2 bgvke.haxbyq.com/images/play-2/icon1.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d0ab5834c8bf7134e4d21fa3288317f
c31d1a6b9df206f67ea194f4c424cdc372a423c2
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
GET /images/play-2/icon1.png HTTP/1.1
Host: bgvke.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgvke.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-1c54"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
bgvke.haxbyq.com/images/play-2/icon3.png
185.56.234.205200 OK 7.8 kB URL HTTP/2 bgvke.haxbyq.com/images/play-2/icon3.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba
GET /images/play-2/icon3.png HTTP/1.1
Host: bgvke.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgvke.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: image/png
content-length: 7847
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-1ea7"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
api.allorigins.win/raw?url=https://popmyads.com/serve/66922/70894/cGRwZHllZHN2ZWM0MDQ0Y2MwN2M=/aHR0cHM6Ly93d3cuZ29vZC10cmFkaW5nLmNvbS9pbmRleC5waHA_X19yPTEuMmE1NWNhZTIwZDk0MjQ1MDQ2YjU5ZDc5OGZkNDk2ZjkmZ29vZC1u/3/1280x1024/0
104.21.235.195200 OK 7.9 kB URL HTTP/2 api.allorigins.win/raw?url=https://popmyads.com/serve/66922/70894/cGRwZHllZHN2ZWM0MDQ0Y2MwN2M=/aHR0cHM6Ly93d3cuZ29vZC10cmFkaW5nLmNvbS9pbmRleC5waHA_X19yPTEuMmE1NWNhZTIwZDk0MjQ1MDQ2YjU5ZDc5OGZkNDk2ZjkmZ29vZC1u/3/1280x1024/0
IP 104.21.235.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f491c35e4f24347d442b37a6351f6eb3
1d8e47acfacca869d5a69a1394ad3d0d7046c41e
df24cf3e2c33916a4edee1b88b6607b1d6ad9fbba58676a6df4c6dfef0337ffe
GET /raw?url=https://popmyads.com/serve/66922/70894/cGRwZHllZHN2ZWM0MDQ0Y2MwN2M=/aHR0cHM6Ly93d3cuZ29vZC10cmFkaW5nLmNvbS9pbmRleC5waHA_X19yPTEuMmE1NWNhZTIwZDk0MjQ1MDQ2YjU5ZDc5OGZkNDk2ZjkmZ29vZC1u/3/1280x1024/0 HTTP/1.1
Host: api.allorigins.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Encoding, Accept
access-control-allow-methods: OPTIONS, GET, POST, PATCH, PUT, DELETE
access-control-allow-origin: https://www.good-trading.com
cache-control: public, max-age=86400, stale-if-error=600
via: allOrigins v2.6.1
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFyBGojXRCX5UZIdN2LyBQgpO%2FhojbNILObzKNW6vOXcep4pzZGmNyHhmqBB4XCX0V7ob%2ByrU%2BJRfA%2F%2FOZgFiVYQCYCDfzHEfdR9DYgLJRr8OKq0%2B0FBr07nISvuYbXSCUzbrkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7491460c89baf437-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bgvke.haxbyq.com/images/play-2/icon5.png
185.56.234.205200 OK 3.3 kB URL HTTP/2 bgvke.haxbyq.com/images/play-2/icon5.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash 1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
GET /images/play-2/icon5.png HTTP/1.1
Host: bgvke.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgvke.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-cc0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.25200 OK 35 kB URL HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 21814e888b3a830c614c2baa2019fba5
673062c2580806246c86c1d415b44d29ef31179d
7766a9ee718f7b104aaad7cd5c36e9487f27d44e8d325a30983df6be70c8de0b
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 09 Sep 2022 15:26:37 GMT
etag: W/"631b5b2d-15a5f"
content-encoding: gzip
expires: Sun, 11 Sep 2022 15:05:33 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
bgvke.haxbyq.com/images/play-2/icon8.png
185.56.234.205200 OK 4.2 kB URL HTTP/2 bgvke.haxbyq.com/images/play-2/icon8.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 9e5f120cddb9c88453c344fbcb11bf51
d32fff59f41d8f584b105445c25b451a2cf04c6a
4f11a5f1de2e38535287b48f6da7a81c5de9d8511b7c0b90fe07a9361869d1e3
GET /images/play-2/icon8.png HTTP/1.1
Host: bgvke.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bgvke.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-fe0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 11a62de4541037ab66a1ee3a198916bd
767beb0fd7d3ef086d2dff0a984f54f6b6f9d0e4
1f6a4b80a80691e041057bf8a0a5beb9440df1a1a9af8d2447af252055850d1a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F6A4B80A80691E041057BF8A0A5BEB9440DF1A1A9AF8D2447AF252055850D1A"
Last-Modified: Sat, 10 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6313
Expires: Sun, 11 Sep 2022 16:45:46 GMT
Date: Sun, 11 Sep 2022 15:00:33 GMT
Connection: keep-alive
xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
173.239.53.18200 OK 0 B URL HTTP/1.1 xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=61986&cat=&sub_id=819126637
Pragma: no-cache
xml.ctrtraffic.com/redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com
198.134.116.18200 OK 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.zaimads.com/redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com
174.137.133.17200 OK 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
go.xlirdr.com/smartpop/8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20?userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&campaignId=et2-video-web0.01-b2-220906&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY
172.64.145.216302 Found 0 B URL HTTP/2 go.xlirdr.com/smartpop/8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20?userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&campaignId=et2-video-web0.01-b2-220906&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY
IP 172.64.145.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20?userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&campaignId=et2-video-web0.01-b2-220906&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:33 GMT
content-length: 0
location: https://go.xlirdr.com/api/models/vast?campaignId=8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20&campaignType=smartpop&creativeId=4ed558a087c6df7cff4e819ba54b153a8ab30017481c5f5a95dac4f4cd3c0f48&duration=00%3A00%3A30&endpoint=room&iterationId=245959&masterSmartpopId=2683&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=7237&tag=-girls%2Findian&userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&variationId=29011&videosList=oil-show
access-control-allow-origin: https://www.good-trading.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67574152.29011; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr2St4i2aEH3UZ9YHipXAq2zNDBS; SameSite=None; Secure; path=/; expires=Mon, 12-Sep-22 14:00:33 GMT; HttpOnly
server: cloudflare
cf-ray: 7491460fd9e81c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ctrtraffic.me/mediam.html
172.67.211.225200 OK 176 B URL HTTP/2 ctrtraffic.me/mediam.html
IP 172.67.211.225:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 5f6f02f1fed6027ddd58ef781fad658d
7aa03bca8c77dc1433fa7cbc21fa0ae40dbcf7b6
2c4722b89324141130fc5f55e9b7c851e0f74a5708c7c636129d66c8ef650da8
GET /mediam.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 4917
last-modified: Sun, 11 Sep 2022 13:38:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t1YNDQ0aD7ba%2FmYOIpKccWQXsy%2BcH8ru5Rnt2NGYtwvduBVYy8RNo5XhAPlJ7SBL%2BXJjOTY0huOlQHK2U8xUdByR82PQv8F%2BoDdXHLcr8CdfILdLTl8sxIusk54iV3sE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914608fd3c1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
174.137.133.18200 OK 0 B URL HTTP/1.1 click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Location: https://mediacpm.pl/v.php?user=13428
xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
174.137.133.16302 Found 7.7 kB URL HTTP/1.1 xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash 546f53f1314421408a40e5455b04fdc8
5b294e0937ee90d70bbf69c8108d22aea7102505
8d06001171472bafcb028f688955b956197e7beb1e03ce4fcb0c923af3072cb4
GET /redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Location: https://mediacpm.pl/v.php?user=13428
xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com
198.134.116.18200 OK 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com
173.239.53.22200 OK 0 B URL HTTP/1.1 xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP 173.239.53.22:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com
173.239.53.22200 OK 0 B URL HTTP/1.1 xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP 173.239.53.22:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cngcpy.com/cuhdl?wh=bkDIZgWJBf5QK-UU6OcooUGn
Pragma: no-cache
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 68b395adacf0efa6aa13b540a5493d8f
3c7e0a066e8e42c97735f2374a34e90e1c501835
6f23eac9d47f05b2d7c3e6680471bdda1941b296502372636e7558e1dc2caadc
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 13:39:17 GMT
ETag: "3c7e0a066e8e42c97735f2374a34e90e1c501835"
Last-Modified: Sun, 11 Sep 2022 13:39:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74914610ec3bb524-OSL
xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Location: http://mediacpm.pl/v.php?user=13428
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 68b395adacf0efa6aa13b540a5493d8f
3c7e0a066e8e42c97735f2374a34e90e1c501835
6f23eac9d47f05b2d7c3e6680471bdda1941b296502372636e7558e1dc2caadc
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 15 Sep 2022 13:39:17 GMT
ETag: "3c7e0a066e8e42c97735f2374a34e90e1c501835"
Last-Modified: Sun, 11 Sep 2022 13:39:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74914611293f0b3d-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 37f8dd75e50c335b4d6250c04eaad84a
c47cf74f26d05587f449bd9f3885c84c3361c108
f6ee86add0876789f176624ecddae6b2a582d61de59f5d466745958502917706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6EE86ADD0876789F176624ECDDAE6B2A582D61DE59F5D466745958502917706"
Last-Modified: Sat, 10 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12765
Expires: Sun, 11 Sep 2022 18:33:19 GMT
Date: Sun, 11 Sep 2022 15:00:34 GMT
Connection: keep-alive
thenetwork18.net/direct.php
172.67.191.234307 Temporary Redirect 7.0 kB URL HTTP/2 thenetwork18.net/direct.php
IP 172.67.191.234:0
Hash c0504cd6db073885e78995bd428330ea
24129d45139525584753cfda4551ed5667eeb375
8aa6ffe9097dc4f5909adb3c6ff768365c3574fd33b1c1ef8af79136f5118509
GET /direct.php HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
location: http://thenetwork18.net/direct.php?__r=1.b54105237ee9023f283625e5568de5dd
x-iplb-request-id: A29EDEE1:D5A6_D5BA2113:0050_631DF810_947B:2134B
x-iplb-instance: 30877
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGE70qfwIiNCODWNQDLaCgGFyxSbAKLm6HwYn0MsuuDI6PKRTSmeHRFAo9y%2FLCDtjxcMkuTQrJfTMKW9XobwkGWtkByh%2F2ZmUpbcCqe1F9On6GseMDESuVBjvomwbseUoMRC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146090d95b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitym.html?1
104.21.91.64200 OK 459 B URL HTTP/2 www.ad-good.com/infinitym.html?1
IP 104.21.91.64:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b78df83360c2bea1a3360fe2274691e1
f317493b68151d69a7949bc70bc42f81f3dffbc8
c5463e6e232a2049420fc1ae3cc94f837be0984173c0a97cd3e9c5a35d8c1ad6
GET /infinitym.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3468
last-modified: Sun, 11 Sep 2022 14:02:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5zq9Oa31d6j7MZoW%2BG6BU4CBpbLn%2FjTSJHMT%2BYSwlxpBb9GcOLkfDV16gfLbxCsikRIrYBjpSYeP7f2Uw1jdX3EN7RR%2BapUKfpminKFqUPFE3owUanIlfnn%2BSgtDs6xhyn4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460bcd420b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Location: http://mediacpm.pl/v.php?user=13428
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/styles__ltr.css
142.250.74.163200 OK 24 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/styles__ltr.css
IP 142.250.74.163:0
File type ASCII text, with very long lines (52762), with no line terminators
Hash f2d649025c814be9c33f166a5e04fe88
26bf59de631415927ba2c6c9e44fe9c763f95313
f95ec963b7657097e1ef827fc07d96eda5b63f7d3e17b5a1b5eeb7a8d0b67921
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24251
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 08:20:51 GMT
expires: Mon, 11 Sep 2023 08:20:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/css
age: 23983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
142.250.74.163200 OK 157 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (539)
Size 157 kB (157166 bytes)
Hash 026df0dfed2314af108e700900288961
51c2a55bca7d65c549ef138d1294cac2aa98dd96
24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/javascript
age: 423434
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 1.8 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ded91928f288e274f348e37c032e67e3
442c6e43c33ac1b28fbf989a7f75e57a60fd2e90
c3c64a14433a2ebc8fe4cce7333b6b22bbe901eccaea6377641d0b53959d4716
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A756F5B5705FFD754AAD280443ED422618543FC944CCE9E9C6E4C452BD8DFED"
Last-Modified: Fri, 09 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7715
Expires: Sun, 11 Sep 2022 17:09:09 GMT
Date: Sun, 11 Sep 2022 15:00:34 GMT
Connection: keep-alive
cadrctlnk.com/in/p/?spot_id=61986&cat=&sub_id=819126637
109.206.163.112200 OK 17 kB URL HTTP/2 cadrctlnk.com/in/p/?spot_id=61986&cat=&sub_id=819126637
IP 109.206.163.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (42408), with no line terminators
Hash c7b1188baaf1cefe0e4607de51117151
f2a1ccb6adaa838496a2723656aa50f1cce1c34b
6e51bf9fe91ca4c04893a1fea1adaf568025cde75631defd03c20fa30695033e
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=61986&cat=&sub_id=819126637 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Mon, 12 Sep 2022 15:00:34 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2d015020b8656c1e9d204b131eee481a
6673d8c1fe1f8ebaaadf8d25d5f1a6c44b7b3faa
323ebca3a8293b0f0fe4dd41d11e33c70dea6f7a11bbd438b499c25010c3fe14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 784
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:34 GMT
Last-Modified: Sun, 11 Sep 2022 14:47:30 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
engine.spotscenered.info/link.engine?guid=8dab7172-1b5f-4bc3-9929-864fcbc40ce9&Hardlink=true&time=0&subid=0708944100
104.18.96.60302 Found 183 B URL HTTP/2 engine.spotscenered.info/link.engine?guid=8dab7172-1b5f-4bc3-9929-864fcbc40ce9&Hardlink=true&time=0&subid=0708944100
IP 104.18.96.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 933c494ff5a16740e91f8b2159b0a9f8
de57aeafcb0fc1db15a575920c3629bd1da59a88
088be8550aad57fedaebbc327550559cdb527f8e4ccfdd9850f8380ed9dbcc5c
GET /link.engine?guid=8dab7172-1b5f-4bc3-9929-864fcbc40ce9&Hardlink=true&time=0&subid=0708944100 HTTP/1.1
Host: engine.spotscenered.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=utf-8
content-length: 183
location: https://www.adsupplyads.net/_adunits/pageunder/index.html?source=d
cache-control: private, no-transform
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=f637f2a7-1aa4-4696-82e3-e9cf59837caf; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure
ISSH=65DF60; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sun, 11-Sep-2022 19:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
PZK={"P":"uUgeD11VhLjkMHxwDos+gS7RV709S3aiOQElGMyphhfu2ZAgQ4lx3opwr6R9FEat","B":[],"UD":1662908434}; expires=Tue, 11-Oct-2022 15:00:34 GMT; path=/; SameSite=None; secure
IPLSH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"1842":[{"SId":"65DF60","D":"22/9/11T8:0:34"}]}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[1842]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Sat, 11-Sep-2032 15:00:34 GMT; path=/; SameSite=None; secure; HttpOnly
x-powered-by: ASP.NET
p3p: CP="CAO PSA OUR IND"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 749146113de0b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=61987&cat=&sub_id=438983571
Pragma: no-cache
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 12:31:58 GMT
expires: Sun, 10 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 95316
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2570e1d97ec07c461070af18ac043f04
ff8180ca99488857206b51720b4daae1defa4c47
c7f947e2a8a4c28e3c1f4cbbe296bd2fe4d149356546191e9aa8d956737b22ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 583
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:34 GMT
Last-Modified: Sun, 11 Sep 2022 14:50:51 GMT
Server: ECS (amb/6BC6)
X-Cache: HIT
Content-Length: 279
www.adsupplyads.net/_adunits/pageunder/index.html?source=d
172.67.70.25302 Found 0 B URL HTTP/2 www.adsupplyads.net/_adunits/pageunder/index.html?source=d
IP 172.67.70.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_adunits/pageunder/index.html?source=d HTTP/1.1
Host: www.adsupplyads.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:34 GMT
content-length: 0
location: https://is.gd/defaultinfad
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Er8M3Q9cXvxZ1rIKpXpRCiWzJNQAQrzhyAiVRqQvyS9fSwriZbS2VAl0io0a55KvADoydk9iD3RoU64qSnvaV9rTFjBUsj9YhOvitdoITkX0ab5Bici%2FtFGa0REcjsT8EQCa4%2Fc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74914614dd270b69-OSL
X-Firefox-Spdy: h2
haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418
185.56.234.205200 OK 10 kB URL HTTP/2 haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 661dfbd3066f2eb2436e2e9f29762cf5
b4114257be38ba05b138428bdddaca49bdc22c06
ea64c664c0dfe6ba8de647559b6f583bc90e191fe0b051b0f781196cfe7740c8
GET /play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418 HTTP/1.1
Host: haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Mon, 12-Sep-2022 15:00:34 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fnews24.media%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:98260343&@b3:1662908423&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.good-trading.com%2Findex.php%3F__r%3D1.2a55cae20d94245046b59d798fd496f9%26good-n&@w
192.99.13.63200 OK 54 B URL HTTP/1.1 s4.histats.com/stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fnews24.media%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:98260343&@b3:1662908423&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.good-trading.com%2Findex.php%3F__r%3D1.2a55cae20d94245046b59d798fd496f9%26good-n&@w
IP 192.99.13.63:0
File type ASCII text, with no line terminators
Hash 12da79f7923f8c246f23b0162fae011a
9dc4d8161a9ae2d5e239ca38db05b3e2601473c7
c40eddcbb3de86f25c783bca8d1e72c2fcf1b27d5147dfa63b4f3274f649d3cf
GET /stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fnews24.media%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:98260343&@b3:1662908423&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwww.good-trading.com%2Findex.php%3F__r%3D1.2a55cae20d94245046b59d798fd496f9%26good-n&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 54
Connection: close
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2ecf874cfe6d82a6ef6c7e4c9b1f4c9a
476fcc8fb194876ce9a92f9a3b131c31441071ec
b04f886f4a119389ee498097a18beaa1fc61b070ae25eccebf3212809ee57736
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 04:42:36 GMT
Expires: Sat, 17 Sep 2022 04:42:35 GMT
Etag: "476fcc8fb194876ce9a92f9a3b131c31441071ec"
Cache-Control: max-age=480720,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74914615dc7eb52d-OSL
redirect3.online/flurry.html
104.21.39.111200 OK 11 kB URL HTTP/2 redirect3.online/flurry.html
IP 104.21.39.111:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 0b9cbf0f1689924dc6f157b2e460f11c
e6c53f27addfd4abdb99002c0d357a30957891c8
6399cdc50f1d703242847d0ee40807d5706034745944ae76561fc0a1e63e384b
GET /flurry.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1070
last-modified: Sun, 11 Sep 2022 14:42:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pFjsLCE3uHZ1tWJn6O%2FRTYzDsLicS%2BELwX54EN7dtTJyxRenSmkFqVjVO9Fyda1rRdULz3os8NsVxZQcYSD9PZGszjUseVM8ZA94TuMbYHbTEPnEFWY9%2F9lJ9TwGGFH0Fgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460a295cfac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=389295&auth=ANAKRj&pubid=150077 HTTP/1.1
Host: xml.revrtb.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.revrtb.com/
ozu3d.haxbyq.com/images/play-2/icon1.png
185.56.234.205200 OK 7.3 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon1.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d0ab5834c8bf7134e4d21fa3288317f
c31d1a6b9df206f67ea194f4c424cdc372a423c2
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27
GET /images/play-2/icon1.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 7252
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-1c54"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/images/play-2/icon2.png
185.56.234.205200 OK 4.6 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon2.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash c947d439eb93367f1af5b2a3d222f057
5b4c10820d39e624bc6df72a113679da80a8e44e
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2
GET /images/play-2/icon2.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 4576
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-11e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
104.21.51.177200 OK 15 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
IP 104.21.51.177:0
Hash 75c2484a40b99e9c4fe128f1ca105047
59eedf10f403aae74980ec697445f9e5d110d46e
e8c1310e0a85b5c5eb6c587a50100352e1e56238ceab4319b988998f81d568f3
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://waaw.to
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3387250
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A378gCZ3WGX9qj%2BmVyr6RJQTPlaCo0tmai9MJkc%2BJyuQnLXYn3KF7HRlRrKwDq%2BOmtAWjQlgaQCKCMQpckBH9Gs9BGgKDOWncopO8hUPVq%2B75AsaAfNzbQiuFKXEM6hTXKc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7491460f6bb9b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/images/play-2/icon4.png
185.56.234.205200 OK 7.2 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon4.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash dacb9ed87a73c65fd7752a443172caf0
7f1edfed5a351328825c37bf27f079df85370d0f
184eb5d0b926ecb6898486eb5e615eddc15fcf2bf28ce73a14bb4d91f9ef340f
GET /images/play-2/icon4.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 7032
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-1b78"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/images/play-2/icon5.png
185.56.234.205200 OK 3.3 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon5.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash 1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503
GET /images/play-2/icon5.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 3264
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-cc0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/images/play-2/icon7.png
185.56.234.205200 OK 3.3 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon7.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718
GET /images/play-2/icon7.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 3283
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-cd3"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/images/play-2/icon8.png
185.56.234.205200 OK 4.1 kB URL HTTP/2 ozu3d.haxbyq.com/images/play-2/icon8.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1
GET /images/play-2/icon8.png HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ozu3d.haxbyq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/png
content-length: 4064
last-modified: Tue, 12 Jul 2022 11:25:43 GMT
etag: "62cd5a37-fe0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
104.21.51.177200 OK 22 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
IP 104.21.51.177:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Hash e1f754e6014f2a7636aa19acdf37eaa7
72ded7fb65560b2702630d5208386654f294e8e9
8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3387349
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t7QTZpS2rmSBAGBFlJwMlY%2Fv8zT0cMGz3PmS1YZiZz%2BdVuUp6vnW%2FjN8c1BLKrAgILe0dysR%2BhhNB0O02tuQPwfdJNAZWJ76slcy6nuq121kh0hPxjd7nZQ%2B6JswqMzDDY0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74914618d8c2b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c475956c17fecf985e692f4728f8b75
ceb52b6095d6429bc16e94d07dfb3da2f8500d07
bbeb19fdf0df52440f1e03e9f964f14e492fad8dbf6d4ec43c31047f976296ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 980f855b82a3d73edc65b71b8f3d113f
9c88299603f12df81ddf8546c75f85246f84aafc
e4af92a1d8ec2c19d16f888343b0f4ba99e9a06c9d57d54a17abb3ca9b50c49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c601d5f60c54bed931deca95aed6c725
cb38c665b9972a50202b502d97dd1afe21307578
7c11a4e82b44360dfd57b5c17fcd6938d00f2b7c257df0263110f5402e198a00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C11A4E82B44360DFD57B5C17FCD6938D00F2B7C257DF0263110F5402E198A00"
Last-Modified: Sat, 10 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10591
Expires: Sun, 11 Sep 2022 17:57:06 GMT
Date: Sun, 11 Sep 2022 15:00:35 GMT
Connection: keep-alive
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLlt4edvHjq48fXDh6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0uffr34eevDprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu8.evbW5e0.xK84vXMvK5XdNTFnx1sNr14TuZ8.Ot2amRivPXA3K5XdNTFnx1tTWS104LzUwPQSsR5lFna36651713ZqbmKW3G13Zqc9cDc9MzdjVa7TFbj01OGfHxrnpgagleXkmbcjz6a36656s.OupqlxyVelyqaOyuCaXPXZU5SvA3nw12UxrvsVP58ePlpnu2x2cdbc7.Wm.HPq6xzad5uc.3Tg5rgknpcqqgmlXqrYrsqz464JJ6XKqoJpV4JbWI4G16XGKppc.Gulx1ylyleqCtxd.aquViRzN6aZvbXSw3BK9uamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49u3Lzw8dOfPp389evDx56dufFt3xx48GO7bGuuCRyqtiSfPj27cvPDx0589bU00UDjU0tTktefG
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLlt4edvHjq48fXDh6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0uffr34eevDprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu8.evbW5e0.xK84vXMvK5XdNTFnx1sNr14TuZ8.Ot2amRivPXA3K5XdNTFnx1tTWS104LzUwPQSsR5lFna36651713ZqbmKW3G13Zqc9cDc9MzdjVa7TFbj01OGfHxrnpgagleXkmbcjz6a36656s.OupqlxyVelyqaOyuCaXPXZU5SvA3nw12UxrvsVP58ePlpnu2x2cdbc7.Wm.HPq6xzad5uc.3Tg5rgknpcqqgmlXqrYrsqz464JJ6XKqoJpV4JbWI4G16XGKppc.Gulx1ylyleqCtxd.aquViRzN6aZvbXSw3BK9uamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49u3Lzw8dOfPp389evDx56dufFt3xx48GO7bGuuCRyqtiSfPj27cvPDx0589bU00UDjU0tTktefG
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLlt4edvHjq48fXDh6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0uffr34eevDprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu8.evbW5e0.xK84vXMvK5XdNTFnx1sNr14TuZ8.Ot2amRivPXA3K5XdNTFnx1tTWS104LzUwPQSsR5lFna36651713ZqbmKW3G13Zqc9cDc9MzdjVa7TFbj01OGfHxrnpgagleXkmbcjz6a36656s.OupqlxyVelyqaOyuCaXPXZU5SvA3nw12UxrvsVP58ePlpnu2x2cdbc7.Wm.HPq6xzad5uc.3Tg5rgknpcqqgmlXqrYrsqz464JJ6XKqoJpV4JbWI4G16XGKppc.Gulx1ylyleqCtxd.aquViRzN6aZvbXSw3BK9uamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49u3Lzw8dOfPp389evDx56dufFt3xx48GO7bGuuCRyqtiSfPj27cvPDx0589bU00UDjU0tTktefG HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 1.1 kB IP 142.250.74.3:0
File type gzip compressed data, max compression\012- data
Hash def815ec3a46d8c97051772382c577b6
38b564468f9914e6c7a96be16da9e7eec7a1880f
6cd561f775230345cb83545e6699281b88addfb1fb63c33e3205517e6d968694
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c475956c17fecf985e692f4728f8b75
ceb52b6095d6429bc16e94d07dfb3da2f8500d07
bbeb19fdf0df52440f1e03e9f964f14e492fad8dbf6d4ec43c31047f976296ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
142.250.74.1200 OK 27 kB URL HTTP/2 themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
IP 142.250.74.1:0
File type Web Open Font Format, TrueType, length 27248, version 1.1\012- data
Hash c4f39c8cef7f1746da98c25e82b76f29
d368079e8789e98ad4831b570e096ba28ed365d6
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269
GET /static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: null
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 27248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 16:23:51 GMT
expires: Thu, 07 Sep 2023 16:23:51 GMT
cache-control: public, max-age=31536000
age: 340604
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
f38fd28823.111d140e96.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjI0LjAiLCJ0YWdfaWQiOjIyNzc5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOm51bGwsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0=
45.133.44.24200 OK 0 B URL HTTP/2 f38fd28823.111d140e96.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjI0LjAiLCJ0YWdfaWQiOjIyNzc5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOm51bGwsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0=
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjI0LjAiLCJ0YWdfaWQiOjIyNzc5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOm51bGwsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1
Host: f38fd28823.111d140e96.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.good-trading.com
Connection: keep-alive
Referer: https://www.good-trading.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9LwlYcKPSjWJlFgqKZvLefI9dFGOMBNOmtIpuRO%2FXm1xz37uv9743b5JVaEG6HP%2BDlzP5oFqkgtsWmRS6CAgd3QzU%2FA8iFBcuZKbBsb%2FN75x3zuK887vf7mWnxEdGxyuXzY7Smi7Vy37p7S%2BC4GJpXcVZr9RrNb5q1C6WbPf9dqPsv1P6WPIts1TxA98P%2FKC0qqwMTW9pIkIld9tBue2Xa5VyUK%2BhZ5%2FnLvPgqAfRPSWvQInRwkPvPBQfIo7urUi3lZrkvY%2BiTNPUWHTF0WfxVmzyGNEMhtZDGB%2BduWHc49UHMPHBNC5M9z8jUyPiPXoAFh%2BdhQTr7k9zMg0Zg4kXkXeHkHoIRYfg5haUeEwALnBlA3F0eMXYnG4%2FU%2BlEHZGFp39B5SOy8Md5xNGPy1r1SteNzlJlYodeWED1hlCdIZLsGOnOHFR%2BDJ7ehBK%2FkqWn64ij%2FQ2nDZQYv9ls1WW1zugib7UqizXeqCxSSeuLjXq7JoJ6NWRVMS1IqSFUOISWfVA3h8x5yJSHLPSQJR4iMS7xIAiavuDUb7U5r4qmZA3hB7QZBjTwGy1kfPIPfaRJH1z3we0uEruLLdWHzX6B2yzghAeXEnRFgVwS5I4gpwS5IshTgrxbHAjtKq44FNplLDjblbNdLQYm7ezRA5N2ZEz2klPy8qQ479zNAbbkuESZz2SF1mqsKXnYDphgos5FteGLVq1dbcKpAsrNgToPO2pEXr%2F%2FLhI1Ii98%2BQSMHsPpY3D1Fmh2ATQfNCs%2B6Oag1vKxEx9u3rhRTg2EKZCkC0i3vT19Sl6dnq76u4bkJ5e%2BZpdHf975B9wWSGyBb9RDgo6%2BPbhmcrJ%2FzeSO%2FLSRpCpSO3Ry1uspTeX895%2FI7dxYsbbi%2Bnc%2B4BNhAu9%2BKl26TmOh4o4jPywrIaRdNZZLcn%2FNfS7Z1cxtLmc2zpL1qx%2BurkWJlc4pEw9B1YiQRyfgakTO%2FTyevtjXntyDskPYrECUnZCzgTLH4MkuXDLL78w8rJ55WOIhz4qBrbDZR60ItJxxygq4%2F3E2w3vuNjr2DdD0FuKoQNcW6OoCVPfhsvlBmtiTS79VpwOmvQHT1ttn2urvnpXr1LhU9UWTyVA2mazVa6HkgtXrzOchZ1XRanGkbsQv%2FP3SvwAAAP%2F%2FAQAA%2F%2F9HuYoSfAQAAA%3D%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 phosphatepossible.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9LwlYcKPSjWJlFgqKZvLefI9dFGOMBNOmtIpuRO%2FXm1xz37uv9743b5JVaEG6HP%2BDlzP5oFqkgtsWmRS6CAgd3QzU%2FA8iFBcuZKbBsb%2FN75x3zuK887vf7mWnxEdGxyuXzY7Smi7Vy37p7S%2BC4GJpXcVZr9RrNb5q1C6WbPf9dqPsv1P6WPIts1TxA98P%2FKC0qqwMTW9pIkIld9tBue2Xa5VyUK%2BhZ5%2FnLvPgqAfRPSWvQInRwkPvPBQfIo7urUi3lZrkvY%2BiTNPUWHTF0WfxVmzyGNEMhtZDGB%2BduWHc49UHMPHBNC5M9z8jUyPiPXoAFh%2BdhQTr7k9zMg0Zg4kXkXeHkHoIRYfg5haUeEwALnBlA3F0eMXYnG4%2FU%2BlEHZGFp39B5SOy8Md5xNGPy1r1SteNzlJlYodeWED1hlCdIZLsGOnOHFR%2BDJ7ehBK%2FkqWn64ij%2FQ2nDZQYv9ls1WW1zugib7UqizXeqCxSSeuLjXq7JoJ6NWRVMS1IqSFUOISWfVA3h8x5yJSHLPSQJR4iMS7xIAiavuDUb7U5r4qmZA3hB7QZBjTwGy1kfPIPfaRJH1z3we0uEruLLdWHzX6B2yzghAeXEnRFgVwS5I4gpwS5IshTgrxbHAjtKq44FNplLDjblbNdLQYm7ezRA5N2ZEz2klPy8qQ479zNAbbkuESZz2SF1mqsKXnYDphgos5FteGLVq1dbcKpAsrNgToPO2pEXr%2F%2FLhI1Ii98%2BQSMHsPpY3D1Fmh2ATQfNCs%2B6Oag1vKxEx9u3rhRTg2EKZCkC0i3vT19Sl6dnq76u4bkJ5e%2BZpdHf975B9wWSGyBb9RDgo6%2BPbhmcrJ%2FzeSO%2FLSRpCpSO3Ry1uspTeX895%2FI7dxYsbbi%2Bnc%2B4BNhAu9%2BKl26TmOh4o4jPywrIaRdNZZLcn%2FNfS7Z1cxtLmc2zpL1qx%2BurkWJlc4pEw9B1YiQRyfgakTO%2FTyevtjXntyDskPYrECUnZCzgTLH4MkuXDLL78w8rJ55WOIhz4qBrbDZR60ItJxxygq4%2F3E2w3vuNjr2DdD0FuKoQNcW6OoCVPfhsvlBmtiTS79VpwOmvQHT1ttn2urvnpXr1LhU9UWTyVA2mazVa6HkgtXrzOchZ1XRanGkbsQv%2FP3SvwAAAP%2F%2FAQAA%2F%2F9HuYoSfAQAAA%3D%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWtcVRy9LwlYcKPSjWJlFgqKZvLefI9dFGOMBNOmtIpuRO%2FXm1xz37uv9743b5JVaEG6HP%2BDlzP5oFqkgtsWmRS6CAgd3QzU%2FA8iFBcuZKbBsb%2FN75x3zuK887vf7mWnxEdGxyuXzY7Smi7Vy37p7S%2BC4GJpXcVZr9RrNb5q1C6WbPf9dqPsv1P6WPIts1TxA98P%2FKC0qqwMTW9pIkIld9tBue2Xa5VyUK%2BhZ5%2FnLvPgqAfRPSWvQInRwkPvPBQfIo7urUi3lZrkvY%2BiTNPUWHTF0WfxVmzyGNEMhtZDGB%2BduWHc49UHMPHBNC5M9z8jUyPiPXoAFh%2BdhQTr7k9zMg0Zg4kXkXeHkHoIRYfg5haUeEwALnBlA3F0eMXYnG4%2FU%2BlEHZGFp39B5SOy8Md5xNGPy1r1SteNzlJlYodeWED1hlCdIZLsGOnOHFR%2BDJ7ehBK%2FkqWn64ij%2FQ2nDZQYv9ls1WW1zugib7UqizXeqCxSSeuLjXq7JoJ6NWRVMS1IqSFUOISWfVA3h8x5yJSHLPSQJR4iMS7xIAiavuDUb7U5r4qmZA3hB7QZBjTwGy1kfPIPfaRJH1z3we0uEruLLdWHzX6B2yzghAeXEnRFgVwS5I4gpwS5IshTgrxbHAjtKq44FNplLDjblbNdLQYm7ezRA5N2ZEz2klPy8qQ479zNAbbkuESZz2SF1mqsKXnYDphgos5FteGLVq1dbcKpAsrNgToPO2pEXr%2F%2FLhI1Ii98%2BQSMHsPpY3D1Fmh2ATQfNCs%2B6Oag1vKxEx9u3rhRTg2EKZCkC0i3vT19Sl6dnq76u4bkJ5e%2BZpdHf975B9wWSGyBb9RDgo6%2BPbhmcrJ%2FzeSO%2FLSRpCpSO3Ry1uspTeX895%2FI7dxYsbbi%2Bnc%2B4BNhAu9%2BKl26TmOh4o4jPywrIaRdNZZLcn%2FNfS7Z1cxtLmc2zpL1qx%2BurkWJlc4pEw9B1YiQRyfgakTO%2FTyevtjXntyDskPYrECUnZCzgTLH4MkuXDLL78w8rJ55WOIhz4qBrbDZR60ItJxxygq4%2F3E2w3vuNjr2DdD0FuKoQNcW6OoCVPfhsvlBmtiTS79VpwOmvQHT1ttn2urvnpXr1LhU9UWTyVA2mazVa6HkgtXrzOchZ1XRanGkbsQv%2FP3SvwAAAP%2F%2FAQAA%2F%2F9HuYoSfAQAAA%3D%3D HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Cookie: u_pl=17334947; uid_id2=785e35ba-c882-4c62-aea5-6594d153fb3d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea82ac91c8278a078016c2117d820a55
Strict-Transport-Security: max-age=0; includeSubdomains
phosphatepossible.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 phosphatepossible.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: phosphatepossible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Cookie: u_pl=17334947; uid_id2=785e35ba-c882-4c62-aea5-6594d153fb3d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
f38fd28823.111d140e96.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjguMSIsInRhZ19pZCI6MjI3NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS44NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiR29vZCUyQ1RyYWRpbmclMkNMZXMlMkNtZWlsbGV1cnMlMkNzaXRlcyUyQ2RlJTJDdHJhZGluZyUyQ0V0b3JvJTJDZXN0JTJDbGElMkNtZWlsbGV1ciUyQ3BsYXRlZm9ybWUlMkNkZSUyQ3RyYWRpbmclMkNhbWF0ZXVyJTJDZXQlMkNwcm9mZXNzaW9ubmVsJTJDbGVzJTJDY29tbWlzc2lvbnMlMkNzb250JTJDJUMzJUEwJTJDMCUyNSUyQ2V0JTJDdm91cyUyQ3BvdXZleiUyQ29idGVuaXIlMkN1biUyQ2JvbnVzJTJDZG91YmwlQzMlQTklMkNkZSUyQ3ZvdHJlJTJDcHJlbWllciUyQ2QlQzMlQTlwJUMzJUI0dC4lMjAifQ==
45.133.44.24200 OK 0 B URL HTTP/2 f38fd28823.111d140e96.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjguMSIsInRhZ19pZCI6MjI3NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS44NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiR29vZCUyQ1RyYWRpbmclMkNMZXMlMkNtZWlsbGV1cnMlMkNzaXRlcyUyQ2RlJTJDdHJhZGluZyUyQ0V0b3JvJTJDZXN0JTJDbGElMkNtZWlsbGV1ciUyQ3BsYXRlZm9ybWUlMkNkZSUyQ3RyYWRpbmclMkNhbWF0ZXVyJTJDZXQlMkNwcm9mZXNzaW9ubmVsJTJDbGVzJTJDY29tbWlzc2lvbnMlMkNzb250JTJDJUMzJUEwJTJDMCUyNSUyQ2V0JTJDdm91cyUyQ3BvdXZleiUyQ29idGVuaXIlMkN1biUyQ2JvbnVzJTJDZG91YmwlQzMlQTklMkNkZSUyQ3ZvdHJlJTJDcHJlbWllciUyQ2QlQzMlQTlwJUMzJUI0dC4lMjAifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzY5MTIyMjczNjg4MDA1MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjguMSIsInRhZ19pZCI6MjI3NzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS44NiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiR29vZCUyQ1RyYWRpbmclMkNMZXMlMkNtZWlsbGV1cnMlMkNzaXRlcyUyQ2RlJTJDdHJhZGluZyUyQ0V0b3JvJTJDZXN0JTJDbGElMkNtZWlsbGV1ciUyQ3BsYXRlZm9ybWUlMkNkZSUyQ3RyYWRpbmclMkNhbWF0ZXVyJTJDZXQlMkNwcm9mZXNzaW9ubmVsJTJDbGVzJTJDY29tbWlzc2lvbnMlMkNzb250JTJDJUMzJUEwJTJDMCUyNSUyQ2V0JTJDdm91cyUyQ3BvdXZleiUyQ29idGVuaXIlMkN1biUyQ2JvbnVzJTJDZG91YmwlQzMlQTklMkNkZSUyQ3ZvdHJlJTJDcHJlbWllciUyQ2QlQzMlQTlwJUMzJUI0dC4lMjAifQ== HTTP/1.1
Host: f38fd28823.111d140e96.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=22779
157.90.84.242200 OK 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=22779
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp?tag_id=22779 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22269
Origin: https://www.good-trading.com
Connection: keep-alive
Referer: https://www.good-trading.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.good-trading.com
Set-Cookie: id=10870722448090860457; Expires=Mon, 11 Sep 2023 15:00:35 GMT; Secure; SameSite=None
Vary: Origin
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://waaw.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 329187
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 980f855b82a3d73edc65b71b8f3d113f
9c88299603f12df81ddf8546c75f85246f84aafc
e4af92a1d8ec2c19d16f888343b0f4ba99e9a06c9d57d54a17abb3ca9b50c49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 15:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
waaw.to/js/video.counters.2.js?117
190.115.19.71200 OK 17 kB URL HTTP/2 waaw.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with CRLF line terminators
Hash 492ad9c266b1ed723db90e7db073ffaf
2736c3672e42467d36ac45d709c9f0c710414dc9
5d2419e31366ce748b6ae1a502069b828c9559c5391573ef581286242d413f94
GET /js/video.counters.2.js?117 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Cookie: uid=4qpwo9NKCvtmj63I4gNpRiJmyGtfS*54; dom3ic8zudi28v8lr6fgphwffqoz0j6c=785e35ba-c882-4c62-aea5-6594d153fb3d%3A2%3A1; sb_main_ab0be2a44b7ecf91bdbd5cd360d84937=1; sb_count_ab0be2a44b7ecf91bdbd5cd360d84937=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=phosphatepossible.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=8dSSDZp3YLOETtNw95oT; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:35 GMT
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=22779
157.90.84.242200 OK 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=22779
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp?tag_id=22779 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Content-Type: application/json;charset=utf-8
Content-Length: 22267
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.good-trading.com
Set-Cookie: id=1814990371879922745; Expires=Mon, 11 Sep 2023 15:00:35 GMT; Secure; SameSite=None
Vary: Origin
xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Length: 0
Connection: keep-alive
Location: http://example.com/
counter.yadro.ru/hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DELnH5k29UwCm%26http_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;s1280*1024*24;uhttps%3A//waaw.to/e/ELnH5k29UwCm%3Fhttp_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;0.2881682360330946
88.212.201.198200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DELnH5k29UwCm%26http_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;s1280*1024*24;uhttps%3A//waaw.to/e/ELnH5k29UwCm%3Fhttp_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;0.2881682360330946
IP 88.212.201.198:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?rhttps%3A//waaw.to/watch_video.php%3Fv%3DELnH5k29UwCm%26http_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;s1280*1024*24;uhttps%3A//waaw.to/e/ELnH5k29UwCm%3Fhttp_referer%3Dhttps%253A%252F%252Fvoir-animes.com%252F;0.2881682360330946 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 11 Sep 2022 15:00:35 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Fri, 10 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:36 GMT
Content-Length: 0
Connection: keep-alive
Location: http://example.com/
xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=447283&auth=lwpTSV&subid=test&query=best+deals&url=http%3A%2F%2Fexample.com%2F%3Fq%3Dbest%2Bdeals&default_url=http%3A%2F%2Fexample.com%2F HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 Sep 2022 15:00:36 GMT
Content-Length: 0
Connection: keep-alive
Location: http://example.com/
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash f8072bb4cf37439611790732966307b1
dfcbbd77c5572643fed35f713ece3e5c17a7322d
fb253b3a843efeed9cdaf0344a253788e14165c56c6228a3d1dcda399fabb933
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 15:00:36 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Thu, 15 Sep 2022 12:28:43 GMT
ETag: "dfcbbd77c5572643fed35f713ece3e5c17a7322d"
Last-Modified: Sun, 11 Sep 2022 12:28:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3408
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7491461daad60b59-OSL
mediacpm.pl/v.php?user=13428
104.21.234.94200 OK 6.4 kB URL HTTP/2 mediacpm.pl/v.php?user=13428
IP 104.21.234.94:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (37297), with CRLF, LF line terminators
Hash 91caa802b9a2930ae523b83759d0bb07
116ee00b656bbc6dbf52140ff6f5195fe7de142a
af78b11a3a8e5a53a047fdc885f3c92381f55bdf624476ea386061c941c45a58
GET /v.php?user=13428 HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9b4SRK1LvakB%2FzN8Crfgkkya5v5hiHXbe%2Bbz%2Fm%2FGUy19Z6lLR83LHkiyO5M4jQP2sviAf3lrLLY7il%2F%2B%2BlmzBbxJR3PuayhBNiAiKnxaSZq0P7Al8GxHOzQMOQPeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146134da972a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.who.int/emergencies/diseases/novel-coronavirus-2019
104.17.112.188200 OK 70 kB URL HTTP/2 www.who.int/emergencies/diseases/novel-coronavirus-2019
IP 104.17.112.188:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7ea26ac7788a2879eaadee6937e68c31
8c4cdaa5194b185a3850b824fd3cd12d8a3e1291
2ff6b88543199fa5be8a3e19848832942843c34761d0cde8974d9cff21b9968f
GET /emergencies/diseases/novel-coronavirus-2019 HTTP/1.1
Host: www.who.int
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html; charset=utf-8
cf-ray: 749146180826b506-OSL
access-control-allow-origin: *
age: 15011
cache-control: public, max-age=0, s-maxage=21600
expires: Sun, 11 Sep 2022 10:50:24 GMT
last-modified: Tue, 06 Sep 2022 05:24:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: HTTP_HOST,Accept-Encoding
cf-cache-status: HIT
access-control-expose-headers: Request-Context
content-security-policy: default-src 'self' *.analysis.windows.net *.clarity.ms *.nativechat.com *.tts.speech.microsoft.com *.who.int answers.yext-pixel.com app.powerbi.com assets.sitescdn.net content.powerapps.com covidfunding.eiu.com dc.services.visualstudio.com gis.azureedge.net js.arcgis.com liveapi.yext.com liveapi-cached.yext.com pbi.azureedge.net pbipdfapp.azurewebsites.net player.4am.ch player.clevercast.com polyfill.io services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com tiles.arcgis.com utility.arcgisonline.com visuals.azureedge.net wabi-north-europe-redirect.analysis.windows.net westeurope.tts.speech.microsoft.com who.cloudflareaccess.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whotest.appiancloud.com www.arcgis.com www.googleadservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: apps.who.int/gho/athena/data/ *.clarity.ms *.doubleclick.net *.eloqua.com *.en25.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jwpcdn.com *.msecnd.net *.nativechat.com *.pingdom.net *.sharethis.com *.twimg.com ajax.aspnetcdn.com apis.google.com assets.pinterest.com assets.sitescdn.net cdn.ampproject.org cdn.insight.sitefinity.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net covidfunding.eiu.com https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.arcgis.com js.hs-analytics.net js.hs-scripts.com kendo.cdn.telerik.com munchkin.marketo.net npmcdn.com platform.linkedin.com platform.twitter.com polyfill.io public.tableau.com services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com storage.googleapis.com tagmanager.google.com tiles.arcgis.com utility.arcgisonline.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whosearch.searchblox.com www.arcgis.com www.clarity.ms www.google.com www.googletagmanager.com www.who.int www.youtube.com; style-src 'self' 'unsafe-inline' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.googleapis.com *.nativechat.com *.sharethis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdn.insight.sitefinity.com cdnjs.cloudflare.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com www.who.int player.4am.ch player.clevercast.com whosearch.searchblox.com tagmanager.google.com; font-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com fonts.gstatic.com kendo.cdn.telerik.com *.nativechat.com *.sharethis.com netdna.bootstrapcdn.com data: use.fontawesome.com www.who.int player.4am.ch player.clevercast.com whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net *.clarity.ms; img-src 'self' data: iris.who.int tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com cdn.insight.sitefinity.com js.arcgis.com *.gstatic.com *.googleapis.com *.nativechat.com *.sharethis.com *.google-analytics.com platform.tumblr.com www.clarity.ms *.clarity.ms web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://apps.who.int https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net *.who.int yt3.ggpht.com i.ytimg.com addthis.com *.googleusercontent.com googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com; media-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com terrance.who.int data: blob: *.who.int; frame-src 'self' *.doubleclick.net *.nativechat.com *.sitefinity.cloud *.who.int app.powerbi.com app.sli.do apps.who.int assets.pinterest.com covidfunding.eiu.com creativecommons.org experience.arcgis.com html5-player.libsyn.com js.arcgis.com pbi.azureedge.net platform.twitter.com player.4am.ch player.clevercast.com player.vimeo.com public.tableau.com services.arcgis.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com syndication.twitter.com tiles.arcgis.com utility.arcgisonline.com wabi-north-europe-g-primary-redirect.analysis.windows.net who.maps.arcgis.com who-answers.pagescdn.com who-covid-answers.int.pagescdn.com whotest.appiancloud.com www.arcgis.com www.facebook.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com; frame-ancestors tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net *.who.int; child-src 'self' blob: tiles.arcgis.com www.arcgis.com apps.who.int/gho/athena/data/ services.arcgis.com utility.arcgisonline.com js.arcgis.com https://platform.twitter.com/ https://syndication.twitter.com/ *.nativechat.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.who.int; connect-src 'self' frontdoor-l4uikgap6gz3m.azurefd.net whotest.appiancloud.com geocode.arcgis.com tiles.arcgis.com www.arcgis.com services.arcgis.com static.arcgis.com utility.arcgisonline.com js.arcgis.com cdn.jsdelivr.net stats.g.doubleclick.net accounts.google.com https://*.dec.sitefinity.com *.nativechat.com *.mktoresp.com *.who.int www.clarity.ms *.clarity.ms services.arcgis.com dc.services.visualstudio.com whosearch.searchblox.com *.google-analytics.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; object-src tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net;
referrer-policy: no-referrer-when-downgrade
request-context: appId=cid-v1:7d90af53-a640-4c9a-9d36-1c3f84f71f51
x-aspnet-version: 4.0.30319
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-instance-name: RD501AC5C353B7
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block
set-cookie: __cfruid=e5baaa9b2eeaad53dd6f07ec8681f712a6f3d93f-1662908435; path=/; domain=.who.int; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.popxperts.com/w3ar3g0d
172.67.145.76301 Moved Permanently 0 B URL HTTP/2 www.popxperts.com/w3ar3g0d
IP 172.67.145.76:0
GET /w3ar3g0d HTTP/1.1
Host: www.popxperts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 11 Sep 2022 15:00:31 GMT
location: https://popxperts.com/w3ar3g0d
cache-control: max-age=3600
expires: Sun, 11 Sep 2022 16:00:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDGTY60e1WglHAUI3475fTXnRep8xNkLEsw0Z6Plh9XmC8ogMUjpWfnIr08GgXBmuIoRuU%2BuLeTqtg3H9qd5f3J%2Fotdxq3D4hHJAK93YoMj9cGwGvnyFoQuwP7atM7PCYjmExQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749146025b50b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.good-trading.com/index.php?good-n
172.67.204.115307 Temporary Redirect 0 B URL HTTP/2 www.good-trading.com/index.php?good-n
IP 172.67.204.115:0
Analyzer Verdict Alert fortinet Phishing
GET /index.php?good-n HTTP/1.1
Host: www.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
location: https://www.good-trading.com/index.php?__r=1.2a55cae20d94245046b59d798fd496f9&good-n
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFBp4o1tLEYXfbywnNjuJboB32Qd2%2Fca3oWhxR25a3YeVN5vs6Ra7%2BYn9JEU30lGWrcnWJPIHAXMO%2F2glK5Ianz72U26sYH5wk0LCmsLC1LoKW3Zbv5vV4PMgIoMzyZ5E4vPwHlMBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146059c8fb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ctrtraffic.me/follow.html
172.67.211.225200 OK 0 B URL HTTP/2 ctrtraffic.me/follow.html
IP 172.67.211.225:0
GET /follow.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 336
last-modified: Sun, 11 Sep 2022 14:54:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0nq2gjd3CzhoKD1n3X%2FDi%2B%2BmRqxB1Gq31wiL0xFKiGsNbcvzMgcT5m7Ou%2FxIIP1Qxgp55wgdjmAOy%2BsTO12ngNQ7IunoTnqUdCh1dWw7GyE1wgtIGmGGmqSFDQ0MX7CM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914608ed271c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cadrctlnk.com/in/p/?spot_id=61987&cat=&sub_id=438983571
109.206.163.112200 OK 0 B URL HTTP/2 cadrctlnk.com/in/p/?spot_id=61987&cat=&sub_id=438983571
IP 109.206.163.112:0
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=61987&cat=&sub_id=438983571 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 1095.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 1095.0=1; expires=Mon, 12 Sep 2022 15:00:33 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
webmonetiser.com/partner-vip.php?id=1263&f=728x90
217.160.0.40200 OK 0 B URL HTTP/2 webmonetiser.com/partner-vip.php?id=1263&f=728x90
IP 217.160.0.40:0
GET /partner-vip.php?id=1263&f=728x90 HTTP/1.1
Host: webmonetiser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 11 Sep 2022 15:00:35 GMT
server: Apache
content-encoding: gzip
X-Firefox-Spdy: h2
voir-animes.com/la-grande-aventure-de-bender-film-vf/
104.21.35.188200 OK 0 B URL HTTP/2 voir-animes.com/la-grande-aventure-de-bender-film-vf/
IP 104.21.35.188:0
GET /la-grande-aventure-de-bender-film-vf/ HTTP/1.1
Host: voir-animes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:27 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://voir-animes.com/wp-json/>; rel="https://api.w.org/", <https://voir-animes.com/wp-json/wp/v2/posts/148382>; rel="alternate"; type="application/json", <https://voir-animes.com/?p=148382>; rel=shortlink
x-fastcgi-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7I1j8CIHHuP3LpGKsw6NF4tJOaTluuiwvY%2BvxsCTzO8OTZx4acTyOAwy7oIYdyZbH1g23BU7DF3jPOM%2F0JG3zQjl0%2BwTJPGthVFImz3%2BpOd6pN%2BkB5QnS9LuQwGy3CtVSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749145e87d63b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin
IP 142.250.74.10:0
GET /css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voir-animes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 15:00:27 GMT
date: Sun, 11 Sep 2022 15:00:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
waaw.tv/watch_video.php?v=ELnH5k29UwCm
190.115.19.71302 Found 0 B URL HTTP/2 waaw.tv/watch_video.php?v=ELnH5k29UwCm
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /watch_video.php?v=ELnH5k29UwCm HTTP/1.1
Host: waaw.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://voir-animes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
set-cookie: __ddg1_=ZaVG09EUtt39RqeQMFyB; Domain=.waaw.tv; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:28 GMT
date: Sun, 11 Sep 2022 15:00:28 GMT
content-type: text/html; charset=UTF-8
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
expires: Sun, 11 Sep 2022 15:01:28 GMT
x-cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
location: https://waaw.to/watch_video.php?v=ELnH5k29UwCm&http_referer=https%3A%2F%2Fvoir-animes.com%2F
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.votreimc.com/eximdigitalm.html
172.67.199.50200 OK 0 B URL HTTP/2 www.votreimc.com/eximdigitalm.html
IP 172.67.199.50:0
GET /eximdigitalm.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 4467
last-modified: Sun, 11 Sep 2022 13:46:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZFgXKTur1B4GaixYN92o1jfQZqtfGsLhxJN40Q9k%2B2FgtyCYntzEYlPgoZsq4mflbyKlAP%2FEzU64wnG2bc6T%2FryF8%2F2WZCr2%2FfEgGuZTy0ZUGeyz5drqN6hRtXW%2BbCL6gNh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146095e14b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.revrtb.com/
104.21.44.209200 OK 0 B IP 104.21.44.209:0
GET / HTTP/1.1
Host: www.revrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q8mnLVY237u8M%2Bq%2Fs8gHj4viX4E9H4EFcqwlsUXoSGAnbOo2uDhLRcxYaZqWcknJHurOF9bY1c2ZPeWI2ds9vYaLQ7wUIZy2uz17OpQSv6I%2FqDa534mUsgJg28cs9ibctg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461a5fc30b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cryptotabbrowser.com/16224264
172.67.69.233302 Found 0 B URL HTTP/2 cryptotabbrowser.com/16224264
IP 172.67.69.233:0
GET /16224264 HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, s-maxage=0, no-cache, no-store, must-revalidate
content-language: en
expires: Sun, 11 Sep 2022 15:00:35 GMT
location: /en/16224264/
set-cookie: _ct_sf=1; expires=Tue, 11 Oct 2022 15:00:35 GMT; Max-Age=2592000; Path=/
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Txhj85U0hS6ps9IvN%2FeADZcPL%2BfCg4SLVWIcd9%2BI123RUzSyOUjJsJheIdDUGeotqX4cggCBUv6TISFsHXuuwxYoOOYPoKQbCPmGESmiXuU5h3w3H2aM%2BjGpJq6uymBlWcDhiffa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461a3e6e0b65-OSL
X-Firefox-Spdy: h2
adhitzads.com/1037686
172.64.171.11200 OK 0 B IP 172.64.171.11:0
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html
vary: Accept-Encoding
expires: Sun, 11 Sep 2022 16:00:35 GMT
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHCJWktPj0q2Z9M5JGSMRbf0tLUTk6RQ1djUz9MKLXWyxjfXPU6Yb8OC%2B4nBZ%2B%2FXkayOHjDX%2BN94dPbQ24ZYR2PxL0q7PU916yqsPNaaqtPZ3jx5HVkOF8dKxy4rWfhD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461b4883406b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
voir-animes.com/l
104.21.35.188301 Moved Permanently 0 B IP 104.21.35.188:0
GET /l HTTP/1.1
Host: voir-animes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Sun, 11 Sep 2022 15:00:27 GMT
content-type: text/html; charset=UTF-8
location: https://voir-animes.com/la-grande-aventure-de-bender-film-vf/
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
x-fastcgi-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D3qSBTSjTQPSjhKFQx7y8j%2Fd1jrtMGyJaPX6w%2BeY%2BlvFi74jiZ%2BCZ3FZe2YEIGSAmZH4WgcY6LVppD7I%2BJpqa4xgKEaMzf9IaViDpfq1kbDZM3hlVYFbdNowdGTHxpvU6Tw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749145e7ac3bb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/ad/api/popunder.js
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/api/popunder.js HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=7b82UjQ3yTImXvxM4iyo; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 17 Jul 2022 16:41:23 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: W/"6141fdde-15"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
age: 4832347
ddg-cache-status: HIT,MISS
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
waaw.to/js/d_check.js?34
190.115.19.71200 OK 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/d_check.js?34 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=LxA5Ffqoprk0ZYxhnznm; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13710274710995550826_337233_2_0&si1=a337233
185.56.234.205200 OK 0 B URL HTTP/2 haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13710274710995550826_337233_2_0&si1=a337233
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13710274710995550826_337233_2_0&si1=a337233 HTTP/1.1
Host: haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Mon, 12-Sep-2022 15:00:32 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
www.votreimc.com/eximdigitala.html
172.67.199.50200 OK 0 B URL HTTP/2 www.votreimc.com/eximdigitala.html
IP 172.67.199.50:0
GET /eximdigitala.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 1192
last-modified: Sun, 11 Sep 2022 14:40:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itoFhK3FJtl2kFut9jaFe8KI6mC76AJviOOuIaLz8QYKrnSvd0dKRqIKhNllEv%2B84JPar%2B81LIy2K2eTkGGal4GWfiMxcotUjhBmQzRvzXeh14FpCR8RPHMsSwMtIlBRv4Kw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914609bea9b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=cWX4zCv3QEigk4OlE7JY; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
vast.yomeno.xyz/?tcid=14898
109.206.181.2200 OK 0 B URL HTTP/2 vast.yomeno.xyz/?tcid=14898
IP 109.206.181.2:0
GET /?tcid=14898 HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/xml;charset=UTF-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.good-trading.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
X-Firefox-Spdy: h2
votreimc.com/adu.html
172.67.199.50200 OK 0 B IP 172.67.199.50:0
GET /adu.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 7021
last-modified: Sun, 11 Sep 2022 13:03:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJpjK%2BiMQ%2FuHAZACFF2qDOkY%2Bv7XZqXz7cV3MsZWc2U5bQzLFcumQJrkyFnrB8vXC1MFoQpZ0CGhNhgB%2FTEKqo0k4T8bFEGjqJ45%2Bdbke5FOO8Vj12QQiMaZ8cbPAbI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146093dcfb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitygeo.html?1
104.21.91.64200 OK 0 B URL HTTP/2 www.ad-good.com/infinitygeo.html?1
IP 104.21.91.64:0
GET /infinitygeo.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4468
last-modified: Sun, 11 Sep 2022 13:46:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dO1I%2FT6phn4plelP5Cz9XaHCcsMW6gv1eLbFZ%2Bn5A%2FOmsqCKogM3wk54rJ9%2BoH8Z%2BTKFbHjdyZwrhDsttHx77Ayv3ORoLOACOoq2K0oIEnRCWCRYZ0qnz6sOP6Possc7D2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460c4de20b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
IP 104.21.51.177:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://waaw.to
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: application/javascript
last-modified: Tue, 17 Aug 2021 13:04:06 GMT
etag: W/"611bb3c6-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3387250
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2BOSaXBXfqSlEDEG%2FiIhP5cVdpdyXgr8J3h4ljTVeOnZsYHT1Kzi9%2Fob%2F4NvAO4N8MysIeekhftMMOt5MzdpjmM7A3%2Bvih8VSr49IM0CCoUIF6VG2VoPEWcQVvkIEuFyl5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7491460f5badb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
u3y8v8u4.aucdn.net/library/802424/84319ed716593e3d7013d6d4ffd9986e054d6320.mp4
185.76.9.19206 Partial Content 0 B URL HTTP/2 u3y8v8u4.aucdn.net/library/802424/84319ed716593e3d7013d6d4ffd9986e054d6320.mp4
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
GET /library/802424/84319ed716593e3d7013d6d4ffd9986e054d6320.mp4 HTTP/1.1
Host: u3y8v8u4.aucdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://www.good-trading.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: video/mp4
content-length: 2488621
last-modified: Thu, 08 Sep 2022 07:26:02 GMT
etag: "6319990a-25f92d"
expires: Fri, 08 Sep 2023 07:52:03 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1694159701
server: CDN77-Turbo
x-77-nzt: AblMCQ1rYzj/PFgEAA
x-77-nzt-ray: aw3AGptp178
x-cache: HIT
x-age: 284732
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-2488620/2488621
X-Firefox-Spdy: h2
go.xlirdr.com/api/models/vast?campaignId=8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20&campaignType=smartpop&creativeId=4ed558a087c6df7cff4e819ba54b153a8ab30017481c5f5a95dac4f4cd3c0f48&duration=00%3A00%3A30&endpoint=room&iterationId=245959&masterSmartpopId=2683&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=7237&tag=-girls%2Findian&userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&variationId=29011&videosList=oil-show
172.64.145.216200 OK 0 B URL HTTP/2 go.xlirdr.com/api/models/vast?campaignId=8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20&campaignType=smartpop&creativeId=4ed558a087c6df7cff4e819ba54b153a8ab30017481c5f5a95dac4f4cd3c0f48&duration=00%3A00%3A30&endpoint=room&iterationId=245959&masterSmartpopId=2683&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=7237&tag=-girls%2Findian&userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&variationId=29011&videosList=oil-show
IP 172.64.145.216:0
GET /api/models/vast?campaignId=8d895a7a3b4847a30c0a159b2850ec6cd538abf45b153ead926036436ae26b20&campaignType=smartpop&creativeId=4ed558a087c6df7cff4e819ba54b153a8ab30017481c5f5a95dac4f4cd3c0f48&duration=00%3A00%3A30&endpoint=room&iterationId=245959&masterSmartpopId=2683&memberId=ooc4ASOoumtqutdZVXXRdbK6VzqpbXUzOodNU6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOc6auame22Wyx3IQ7RGJnt2DmPUP7nOldK6V0rpXSuldK6VwfY&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=7237&tag=-girls%2Findian&userId=9b65bf46ffaa65f3a0e9f48617bfce410a91e0834859e07cbac61729433ad6e8&variationId=29011&videosList=oil-show HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.good-trading.com
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.good-trading.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: __cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTL491NniBbfQtk; SameSite=None; Secure; path=/; expires=Mon, 12-Sep-22 14:00:34 GMT; HttpOnly
server: cloudflare
cf-ray: 74914610dafc1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
is.gd/defaultinfad
172.67.83.132301 Moved Permanently 0 B IP 172.67.83.132:0
GET /defaultinfad HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
location: https://www.who.int/emergencies/diseases/novel-coronavirus-2019
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74914615ff411c0a-OSL
X-Firefox-Spdy: h2
zap.buzz/Jr1zAzZ
172.67.213.33302 Found 0 B IP 172.67.213.33:0
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yx34Dw.5naM5PGyNzn2oKeItP3pOOG4PY8; Expires=Sun, 11 Sep 2022 15:30:31 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIxt%2B%2FJh33K%2B8X908DNvn59QQAd2H28mb2idihYZ44lPpVZg886O2XrNAWtvr7SANwygfXkmoIDi9754SdgouDjaR5fzMqLLxSIwDGrYOIgXs86dso4UeiGkpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749145ffde28b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vast.yomeno.xyz/?tcid=14898
109.206.181.2200 OK 0 B URL HTTP/2 vast.yomeno.xyz/?tcid=14898
IP 109.206.181.2:0
GET /?tcid=14898 HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/xml;charset=UTF-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.good-trading.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
X-Firefox-Spdy: h2
www.ad-good.com/infinitygeo.html
104.21.91.64200 OK 0 B URL HTTP/2 www.ad-good.com/infinitygeo.html
IP 104.21.91.64:0
GET /infinitygeo.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1071
last-modified: Sun, 11 Sep 2022 14:42:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCIOtw6HzfHRyLlh3MsdZkdtQxAmbaQp9FGK6QbMX9nTvq%2BvFI5nyka7a04dUH5al8qzUSj0LOK475tr4VHx%2BqtuwfvSdpSEwj%2BuCLyyzKlDeL1L%2FGTVK4pMjyXYl7h2VAo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460c3dd40b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trafficplan.pl/images/unnamed.png
104.21.17.99404 Not Found 0 B URL HTTP/2 trafficplan.pl/images/unnamed.png
IP 104.21.17.99:0
GET /images/unnamed.png HTTP/1.1
Host: trafficplan.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: HIT
age: 146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2F2HzE%2BNWm82eGqPv8T59df4gcE043cf2QCv8W2leoN9LDO6M0fvubLlxwThxeSHi01KSB8W2xJrg5fE9NDoFHS42bnuJtwVl4%2FZB8t%2B6hfKGGX4Ki7zaAJPfHftxZQenA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461af9f5b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cryptotabbrowser.com/en/16224264/
172.67.69.233200 OK 0 B URL HTTP/2 cryptotabbrowser.com/en/16224264/
IP 172.67.69.233:0
GET /en/16224264/ HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mediacpm.pl/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=14400, s-maxage=3600
content-language: en
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 650
last-modified: Sun, 11 Sep 2022 14:49:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkPyYULHcLZ7edfIlEkYuvKPbqwLbAuxxRFk6xvcxJtQ2rcvyt804mvAHargPye8W1c42EWYKmM%2FItSc61COvJ3fdgfGU6rZFvi5Ld53Ql7V08qYBYYUQVVMjSA3GGo%2FYYVS92mB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7491461c68700b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.votreimc.com/adzgame.html
172.67.199.50200 OK 0 B URL HTTP/2 www.votreimc.com/adzgame.html
IP 172.67.199.50:0
GET /adzgame.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 7037
last-modified: Sun, 11 Sep 2022 13:03:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Bavd5Heg6cJELwFXng500zrpZJWqDrWCYzxHpYmafUXkQT0hOWECKJVJxISEyyvD6VkYWR9BsHwSHlSoew3N%2Ba4S00zvPL1gMfVe4pt1pLgRafCuKX6JmvVPilWPhpxE%2FnM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146095e11b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitya.html
104.21.91.64200 OK 0 B URL HTTP/2 www.ad-good.com/infinitya.html
IP 104.21.91.64:0
GET /infinitya.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4468
last-modified: Sun, 11 Sep 2022 13:46:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8fquHVkrHFBaG4ibLDWaOdhnBXB4aer3v1mNxSaLfvDWAgTWEgQ9KcvLSo6AVALxdQ5ilTobucEXWsoFTAm1Ug8eWp2C1ey%2FeNhxwoRoj51Gx4goSylORi86MQLX7tunuo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491460bed5d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.14200 OK 0 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE1MDIwMywid2lkIjozNTg3NTcsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/v.php?user=13428
104.21.234.94200 OK 0 B URL HTTP/2 mediacpm.pl/v.php?user=13428
IP 104.21.234.94:0
GET /v.php?user=13428 HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbZnFDH4%2BLDbcoNREbDwOJLxv%2FXktBcjJ2A44CeCfqB32LLcrQLVDjhGnPxrJEX3uUAIfxeyjfY%2FSBke9SWOiCjXv%2BOA%2BSHl2ZhMT1hDvIfMpEg%2BzeariY2alkaoKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146134dad72a2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.popmyads.com/pma.js
172.67.163.175301 Moved Permanently 0 B IP 172.67.163.175:0
GET /pma.js HTTP/1.1
Host: cdn.popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html; charset=iso-8859-1
location: https://popmyads.com/x/pma
cache-control: max-age=14400
cf-cache-status: HIT
age: 301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TCFV0y9cQQnbe26TyGemJbllXKviQ4xMOrlKVrkw2SojyqJPbVagRMoiArgDwtlJJ7ocIW5E%2BioxuHXyiujPstUJb5I5T4pOAUta%2BumQthCesMkVj3KUa3wb4xQpWFqiz6lY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749146076a65b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/e/ELnH5k29UwCm?http_referer=https%3A%2F%2Fvoir-animes.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=2Jdl7RcRSNHVkFYryzLm; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:30 GMT
date: Sun, 11 Sep 2022 15:00:29 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
ctrtraffic.me/following.html
172.67.211.225200 OK 0 B URL HTTP/2 ctrtraffic.me/following.html
IP 172.67.211.225:0
GET /following.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 1280
last-modified: Sun, 11 Sep 2022 14:39:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eC0cWEnts5cCCynFTD6GkE4slp0RvS16d%2B5qTe88pdOX25L1n4HDTs37kt3aOYYgz3MKmp3vjDC04fUwBKQHyhgdKGTdkm0z7G%2FPplCkWQzAGrEp%2FZZYQHxYeEYOBkFr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914608dd181c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.adsfcdn.com/js/N2prQzdaKzBidFE9.js
172.67.199.144200 OK 0 B URL HTTP/2 cdn.adsfcdn.com/js/N2prQzdaKzBidFE9.js
IP 172.67.199.144:0
GET /js/N2prQzdaKzBidFE9.js HTTP/1.1
Host: cdn.adsfcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 05:38:27 GMT
vary: Accept-Encoding
etag: W/"62a6cd53-d7b"
expires: Sun, 11 Sep 2022 19:04:37 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 28557
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QDKt3lCItE63FYVmgpbk815tOarAL20i0oceGjJO3Y7GRAsy%2FHZBia21h3fc16tD4gii0fYZzCUqjsHyJ23vKNCq8KQKRwFDPY1JBdJyVX2MbhT9sFVcl6jPQ2cRCRZxOGs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461a9a3db511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adhitzads.com/1036911
172.64.171.11200 OK 0 B IP 172.64.171.11:0
GET /1036911 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html
vary: Accept-Encoding
expires: Sun, 11 Sep 2022 16:00:35 GMT
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YbnHM1NDCXd6J6wxbGNcdskxLTAjCC%2BZW1bMGL6yfBsJWV7JfvMHlclOwq4wn5wQP%2F8DjeOTTkT7pAAmVSKScOw5LrzVQ%2B4rpBFPz%2Bi6%2FgsPDjg7HtF0O5g9PUTZ02HR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461bb9ab406b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waaw.to/watch_video.php?v=ELnH5k29UwCm&http_referer=https%3A%2F%2Fvoir-animes.com%2F
190.115.19.71200 OK 0 B URL HTTP/2 waaw.to/watch_video.php?v=ELnH5k29UwCm&http_referer=https%3A%2F%2Fvoir-animes.com%2F
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /watch_video.php?v=ELnH5k29UwCm&http_referer=https%3A%2F%2Fvoir-animes.com%2F HTTP/1.1
Host: waaw.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://voir-animes.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=tDZUqjSJFAJ3iO2s8waH; Domain=.waaw.to; HttpOnly; Path=/; Expires=Mon, 11-Sep-2023 15:00:28 GMT
date: Sun, 11 Sep 2022 15:00:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
expires: Sun, 11 Sep 2022 15:01:28 GMT
x-cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsInNyYyI6Mn0=eyJ.js
104.21.82.164200 OK 0 B URL HTTP/2 ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsInNyYyI6Mn0=eyJ.js
IP 104.21.82.164:0
GET /p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozMzcyMzMsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: ajfnee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://news24.media
e-tag: 61b8b3ac70fa1348903b3391b0d367aa
cache-control: max-age=14400
cf-cache-status: HIT
age: 5669
last-modified: Sun, 11 Sep 2022 13:26:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WB13KFfy2My0A0K%2FSnfEd4AxbAOZJb1Xp%2FWrtyoDsBXCm0cE7SyEA41PTZiWfmxT9qAV3nTptSTcmGmQnHcqP1qMH38P%2BhzDGwHyPuanVl9Pv9U%2BdAGFpSO1i3lb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914605aa8e0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.123.175:0
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:30 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 5951931
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 749145f838ab0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
cryptotabbrowser.com/16224264
172.67.69.233302 Found 0 B URL HTTP/2 cryptotabbrowser.com/16224264
IP 172.67.69.233:0
GET /16224264 HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:35 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, s-maxage=0, no-cache, no-store, must-revalidate
content-language: en
expires: Sun, 11 Sep 2022 15:00:35 GMT
location: /en/16224264/
set-cookie: _ct_sf=1; expires=Tue, 11 Oct 2022 15:00:35 GMT; Max-Age=2592000; Path=/
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p81guay0iRnzE1KlvFKtQ9CXVdneuDm8496biYiTJjAwu1%2BdlQu%2BPDvDo%2FR7AY3MsXKYeV0OcwUEfEa3pZBUlkeOpOSWQNr8stHo8WQcW7WoFFGqCgFE4xIboXj%2BBbg6nALZTPMC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7491461c384d0b65-OSL
X-Firefox-Spdy: h2
cngcpy.com/cuhdl?wh=bkDIZgWJBf5QK-UU6OcooUGn
104.21.38.243302 Found 0 B URL HTTP/2 cngcpy.com/cuhdl?wh=bkDIZgWJBf5QK-UU6OcooUGn
IP 104.21.38.243:0
GET /cuhdl?wh=bkDIZgWJBf5QK-UU6OcooUGn HTTP/1.1
Host: cngcpy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=utf-8
location: https://haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YQZ0yCbBUmmWo2zDrSpm%2F9DeiZ%2BVYYjcd3QCZNy5NurHdtWOt5dAOjreDlSq6XDKtziI0iE%2FcwMT0zL%2B4uTpJ2fKtuueR8fLKTrIYNNnipL6JZ%2BOiRdInq7zDBJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74914611bea90b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ozu3d.haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418&i=1
185.56.234.205200 OK 0 B URL HTTP/2 ozu3d.haxbyq.com/play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /play-2_1?h=waWQiOjExMzI5NDksInNpZCI6MTE1NzI1Niwid2lkIjozNzI0NjksInNyYyI6Mn0=eyJ&click_id=a2_13239097152324914056_354418_2_0&si1=a354418&i=1 HTTP/1.1
Host: ozu3d.haxbyq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 11 Sep 2022 15:00:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Mon, 12-Sep-2022 15:00:34 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://waaw.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2898f2c1a3f3b9ace72a025b6a5263cc
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 11 Sep 2022 15:00:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKryo8%2FvGyw8clHJhj8jj3v1zfNMfM44%2FyA3omCW24N7Afj9gWDhyg1qediI%2Bqz4SVUqd7pRSS4ZFQU%2FfQ%2BGXN3vMUkms6ypVcxH7mu0YWubM9yrIm8QftoMF7TDYQEBEOy0k1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749145fe2e2a7767-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
q.cachegorilla.com/r?fid=B79SGewuO6N
104.21.51.225302 Found 0 B URL HTTP/2 q.cachegorilla.com/r?fid=B79SGewuO6N
IP 104.21.51.225:0
GET /r?fid=B79SGewuO6N HTTP/1.1
Host: q.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 11 Sep 2022 15:00:31 GMT
location: https://www.popxperts.com/w3ar3g0d
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zymMJqn2z13oVJY9tB130p3A4VsSVhIf8YyNvwN6KFHuz9B6ctmlQYotf9fH9eMS2uHxvKXgNBy8ndBLjk9mfAmTmWdZKHxXAMGl5T6ReTlxb02RDS7YItKPEFEqUuAvdv0r9a4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146005dc20b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ctrtraffic.me/mediaa.html
172.67.211.225200 OK 0 B URL HTTP/2 ctrtraffic.me/mediaa.html
IP 172.67.211.225:0
GET /mediaa.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Sep 2022 15:00:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 4917
last-modified: Sun, 11 Sep 2022 13:38:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DCof1b9grZsnOvEqNBY2PFHW55pxDS7KU77cpW7mmhU9y0dwVxoR8hdCJJMAklrzDmd%2B6UU1BV%2F%2F4Yl6fwUxOyPs9NVRICl7Y6FQ2IbGiKI48WYyWhpMtTJHq9U95Em"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749146090d511c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2