Report - 68.us.findthewind.xyz/feed/?link=true&tid=68&subid=68.us.macos&ref=track.gositego.live&s1=6357ace970df776ff4062766

Report Overview

Submitted URL
68.us.findthewind.xyz/feed/?link=true&tid=68&subid=68.us.macos&ref=track.gositego.live&s1=6357ace970df776ff4062766
IP
23.235.251.114
ASN
#19437 SS-ASH
Submitted
2022-10-25 09:31:58
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
topsolutions.rdtk.io	308069	2020-04-27T11:12:54Z	2023-03-04T16:23:09Z	628 B	1.0 kB	85.17.54.17
adverster.g2afse.com	200149	2021-05-26T13:36:17Z	2023-03-04T16:23:11Z	547 B	531 B	34.90.14.205
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T13:37:03Z	486 B	32 kB	216.58.207.195
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	658 B	1.4 kB	93.184.220.29
redir.tealwinds.xyz	unknown	2022-07-28T07:22:11Z	2022-12-09T12:09:16Z	2.6 kB	2.8 kB	198.211.113.186
c.mybestclick.net	103231	2018-10-18T16:06:05Z	2023-02-05T12:22:33Z	1.2 kB	717 B	192.241.144.203
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	758 B	2.8 kB	143.204.55.115
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594 B	127 B	52.42.234.253
adspredictiv.com	160243	2015-04-30T23:27:53Z	2023-03-10T09:44:56Z	1.4 kB	5.0 kB	35.190.38.40
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	993 B	2.1 kB	142.250.74.35
c.srvpcn.com	35194	2021-11-04T09:37:05Z	2023-03-10T11:25:09Z	406 B	268 B	52.22.167.208
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T10:17:57Z	656 B	1.9 kB	172.64.155.188
free3dgame.xyz	unknown	2021-03-11T14:07:41Z	2023-03-09T20:18:00Z	4.2 kB	994 kB	146.190.28.107
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.9 kB	8.0 kB	23.36.76.226
68.us.findthewind.xyz	unknown			440 B	2.3 kB	23.235.251.114
eu.pushnow.net	unknown	2022-03-23T01:35:15Z	2023-01-23T16:37:28Z	675 B	595 B	38.100.129.195
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.7 kB	60 kB	34.120.237.76
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321 B	229 B	34.117.237.239
lykos-bzm.com	unknown	2022-09-21T22:06:11Z	2022-12-01T15:10:36Z	464 B	696 B	35.174.150.83
go.money616.xyz	unknown	2022-07-29T07:26:08Z	2023-02-11T07:58:41Z	484 B	1.8 kB	52.59.165.42

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-25	medium	lykos-bzm.com	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed
2022-10-25	medium	free3dgame.xyz	Sinkholed

JavaScript (9)

	URL	Size	First Seen	Last Seen
	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364	183 B	2023-03-07	2023-03-11
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-03-11 11:33:41 Times Seen1 Hash 3021debdb3a8269f54d162a9ea34187f 53c110199cf7fd52e2f4ea57f68f8bf3715279d4 9dc51ebac0e8dfb74a6729d034ab8678112dc631b80cc391994cd5c811013f4b Loading...

	go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o	303 B	2023-03-07	2023-03-29
Pretty URL go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o IP 52.59.165.42 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:00 Last Seen2023-03-29 22:02:34 Times Seen2 Hash 31a347fbfc2dd44f703fbb699f9d625a 8d6506621dc9a3ca94de1c9308e01a73cf995a0f d37f8d9576b0cdb4b7894427834c30ebfb08f5856c45f00b2cf1b12154cd9a4b Loading...

	adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o	6.8 kB	2023-03-10	2023-03-10
Pretty URL adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o IP 35.190.38.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:46:58 Last Seen2023-03-10 14:46:58 Times Seen1 Hash 2c953e7ccb776260a2fcb6374f829b6f 4562b3bcc9b44bd215c7abe5790d032312c796f2 bbe54d4151359a95414263200d45a3f301d74e451854f464c5343a7cd91ae6a3 Loading...

	free3dgame.xyz/files/jquery.min.js	88 kB	2023-03-07	2024-04-24
Pretty URL free3dgame.xyz/files/jquery.min.js IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 15:35:02 Times Seen95412 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	free3dgame.xyz/files/lang.js	8.0 kB	2023-03-07	2023-04-16
Pretty URL free3dgame.xyz/files/lang.js IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-04-16 16:57:52 Times Seen2 Hash 0e2dc8ac9fdfd903c9203e349acddd2e 181c12848afc8b434b57841de2198df03321e522 ab8a6ecd933190ba9899ec8a18386cab4de96f8ab74e9b8884bdc1963a34c938 Loading...

	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364	59 B	2023-03-07	2023-03-11
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-03-11 11:33:41 Times Seen1 Hash 94c9790c83e7d66a55ec2f8d453705b6 a6e0e091038c42e08aafda94e02e7c98550fa774 265bdb8b880d0badbc6f10623b17bc6329536a0dbbfcb5bd22abe96b3ed5e12a Loading...

	free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364	63 B	2023-03-07	2023-05-18
Pretty URL free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364 IP 146.190.28.107 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-18 05:53:27 Times Seen3 Hash 1eeaee32d7ccd06fdd9d09f92c83fcfc d33200f757a75fcc9d7216c2e29bc620f38ecc69 00f8a44fa20901e0b6437027cbd74815d9cd70c6fedbdecce1647a9847afe88c Loading...

		Size	First Seen	Last Seen
	#1 Write - b771763a75e71e492aa8bb0d3a767222	52 B	2023-03-07	2023-05-18
Pretty Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-18 05:53:28 Times Seen6 Hash b771763a75e71e492aa8bb0d3a767222 87ae2798daad2ff86d276d909397d482b9f0825d 0deedc1abfc3b275016994191944c57799852bae497d3a06461ac07e741712b9 Loading...

	#2 Write - 1b0793fab33f3fe17a1da6c6f085b123	10 B	2023-03-07	2023-05-29
Pretty Observations First Seen2023-03-07 13:17:55 Last Seen2023-05-29 01:56:03 Times Seen10 Hash 1b0793fab33f3fe17a1da6c6f085b123 365f992a0a10615ba2ae06d707bb66c9e6c66bbe 62e0df134d7e80abb976d863e3602a9a240fe509ac17654521ac4ac6bffda44d Loading...

HTTP Transactions (48)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
050bfd0155f265780e88dabcdde8b147
93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 08:32:33 GMT
Expires: Tue, 25 Oct 2022 09:08:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NQoAUIDR0_H6yKYd8v6lwPfCCFQoWukSvz9tQYfVL0iccZ4Zl-Cnbg==
Age: 3553

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14452
Expires: Tue, 25 Oct 2022 13:32:38 GMT
Date: Tue, 25 Oct 2022 09:31:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2236
Expires: Tue, 25 Oct 2022 10:09:02 GMT
Date: Tue, 25 Oct 2022 09:31:46 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: PBAY8Oo40C3ke/T7dZ01z5YFFdnA1AQFgzohZbBhShtr7Jow7jyxOg+lFXnzn2z7ATFsDaoqVX8=
x-amz-request-id: G3FQH2G4392DCQZ2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 09:08:53 GMT
age: 1373
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 25 Oct 2022 08:33:32 GMT
Expires: Tue, 25 Oct 2022 09:07:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QiJWcl3OPamkyvkLma_sCXzjkLHtldq2C3qEX5SRGBcljB63gLvZrg==
Age: 3495

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2698
Cache-Control: max-age=170399
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 09:31:47 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 08:51:46 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.42.234.253

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.234.253:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yfQOhVqaIK9+TgKAlIrfVw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gYKFPZorkeWU4NEN4/assOpgonY=

68.us.findthewind.xyz/feed/?link=true&tid=68&subid=68.us.macos&ref=http://track.gositego.live&s1=6357ace970df776ff4062766

23.235.251.114

301 Moved Permanently

0 B

URL HTTP/1.1
68.us.findthewind.xyz/feed/?link=true&tid=68&subid=68.us.macos&ref=http://track.gositego.live&s1=6357ace970df776ff4062766
IP
23.235.251.114:0
ASN
#19437 SS-ASH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /feed/?link=true&tid=68&subid=68.us.macos&ref=http://track.gositego.live&s1=6357ace970df776ff4062766 HTTP/1.1
Host: 68.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766
Date: Tue, 25 Oct 2022 09:31:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b953d573d7a195218d10b4d2f56c84a8
d191f3485619de1e6a0ddac0eb87a49b909836b3
c753e6d5f95f6aa9eca822e2a450e867d80c6818aae70132b1a550182a9ae4d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C753E6D5F95F6AA9ECA822E2A450E867D80C6818AAE70132B1A550182A9AE4D3"
Last-Modified: Tue, 25 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13321
Expires: Tue, 25 Oct 2022 13:13:49 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

redir.tealwinds.xyz/feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766

198.211.113.186

302 Found

1.7 kB

URL HTTP/1.1
redir.tealwinds.xyz/feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766
IP
198.211.113.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with very long lines (1660), with no line terminators
Size
1.7 kB (1660 bytes)
Hash
3235c782d04ec35c64e63e9d2a034831
756e8fe449f2803359606ce129fe2271aa42a055
cc846447c4b0455a58294a60a4b366bef524f750b02dc0275512c291f663aefa

HTTP Headers

GET /feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766 HTTP/1.1
Host: redir.tealwinds.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 1660
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8673b3fccec64b7385a6d3187bf95de
82798d1757da99133b3b10bd1ac15201e3c2b9fb
709c330abf819d6d8df14c30e51842916d479edeb150f00fed69d3277192208c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "709C330ABF819D6D8DF14C30E51842916D479EDEB150F00FED69D3277192208C"
Last-Modified: Sat, 22 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13928
Expires: Tue, 25 Oct 2022 13:23:56 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2

192.241.144.203

302 Found

264 B

URL HTTP/1.1
c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2
IP
192.241.144.203:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
264 B (264 bytes)
Hash
14e59b0ac23812cfc31534efb56b5ed4
adf32bcf9b421ac80276b9e1a71f5356eee889f1
f69603bee5f31937cf72570224787ad6367455ca10a95ebea787c70a4666418d

HTTP Headers

GET /feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2 HTTP/1.1
Host: c.mybestclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://eu.pushnow.net/postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 264
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b871df16e2399dbb8d96ae46e3d2cd6b
9f871f357f4b1a4ad59a48a8992b0a799ba47328
31fbff7ed4fd3fd4643cf9c1dcb401579f12c291689ef026a9b1115b38a5a735

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "31FBFF7ED4FD3FD4643CF9C1DCB401579F12C291689EF026A9B1115B38A5A735"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2428
Expires: Tue, 25 Oct 2022 10:12:16 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

eu.pushnow.net/postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9

38.100.129.195

302 Found

0 B

URL HTTP/2
eu.pushnow.net/postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9
IP
38.100.129.195:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9 HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; platform_user_id_from_ssp_3rd_party=platform:f86f862ff85e673a9c9766752124fbcc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: openresty/1.15.8.3
date: Tue, 25 Oct 2022 09:31:48 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
platform_user_id_from_ssp=platform:c56f7887f30fdefdaec235ac0d8f081d
platform_user_id_from_ssp_3rd_party=platform:c56f7887f30fdefdaec235ac0d8f081d; SameSite=None; Secure; Max-Age=31556952
location: http://c.srvpcn.com/click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18f72757-5389-44e5-9b3d-fd0ed441e42b.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18f72757-5389-44e5-9b3d-fd0ed441e42b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7992 bytes)
Hash
9cea1dfb80f297f57f615a570d64f730
f0bd82da0a3c7b8cc65fba1e9c4af0760e3ae861
56c57a837b357d24e08ad9eea9836501f83a1ba4b0d2f2fa9b74f65fef9cdef1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18f72757-5389-44e5-9b3d-fd0ed441e42b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: d14e1fb8-46b8-414f-bc03-b7619dc7cb6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ackbGGEaIAMFV8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6354e77a-7fd668d97068c40639ca3d3f;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 07:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xELJXviFBSsn0bUsRBJ5YfKsgD1y1sfZkSs6WM7jTh4-HDcxzlc71Q==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:37:33 GMT
age: 6855
etag: "f0bd82da0a3c7b8cc65fba1e9c4af0760e3ae861"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49bb46dd-5578-4e72-9aed-dc70960d4c97.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7633 bytes)
Hash
edae4c2a51941f9d01ea6658430a95b8
ed419179e1460d655f14735e430cbbd76ab2a869
92f280cc9ad01c6901b08269a12908b927877082952ec52fe9a082910c181076

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49bb46dd-5578-4e72-9aed-dc70960d4c97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7633
x-amzn-requestid: e85011ac-422d-44b3-8af4-32d1c657597f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3D6EYXIAMFRlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054c-4f56cf37570dfcbe64ce4778;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: w3KKBDQzR5-BVF158SvYqzoDTuT1Ayx64lHy02MoBWUkOWR4H3ZTqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:17 GMT
age: 42091
etag: "ed419179e1460d655f14735e430cbbd76ab2a869"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe70105c7-5a5d-48c2-a113-06846e24dff9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11822 bytes)
Hash
e43859d91550f002f2fc145b8a044f40
762e9f0ce9256ff9a54e08d76dca7596d44677df
3d39a87540b716721e9d4e28aa499233ccde5ed4c6e7f1a902010e56572c8f46

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe70105c7-5a5d-48c2-a113-06846e24dff9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11822
x-amzn-requestid: 1702783e-fce4-4c9d-96a9-ee0477cff0ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHpINH1LIAMFZjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c889a-0cc362f90671a9827f4573f9;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:41:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YgdgwWNWat8JCI07iCToqMsVpoWDl54TS0Q6o41OGaCePkGjNfYzjA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 04:08:53 GMT
age: 19375
etag: "762e9f0ce9256ff9a54e08d76dca7596d44677df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4206 bytes)
Hash
3cf322f19151bcfa374c2e32b9ac986f
e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jiu-Z6DMgXxXdZ5BDwjNoq5Y15kBgM894k4EY2qSRZKdvk0bfkn89A==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:16 GMT
age: 42092
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8090 bytes)
Hash
531f350512ac7712d932234803aa4602
2fb4599ad3d513a160c1f29fefda27b45852c381
7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUBXr7SKYdvhryoB8p9to-Eo8twjspRYnHO2xf9TtvLJIIyOwe3W1w==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:43:49 GMT
age: 6479
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7977 bytes)
Hash
80bab61eeda285e378b86b3efc4f87f9
5c690531e195332c04092ce22e7bdcecccc3c9d5
0c4dec046835501b598b5165acd592c3baeb2d6e21b6ac5fd549e790a802cd02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7977
x-amzn-requestid: 3e217877-33a2-4efc-a21f-b75764a8ced9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3FWGRooAMFagw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570555-2bc77cb653ef022b4aab7f71;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CWRIYnB8Zcc-9L-EdFq_ahTPlv8AMqnBGlZmRTN-0BsZIUWF3eUOfg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:37:08 GMT
age: 42880
etag: "5c690531e195332c04092ce22e7bdcecccc3c9d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c.srvpcn.com/click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34

52.22.167.208

303 See Other

0 B

URL HTTP/1.1
c.srvpcn.com/click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
IP
52.22.167.208:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34 HTTP/1.1
Host: c.srvpcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 303 See Other
Date: Tue, 25 Oct 2022 09:31:48 GMT
Content-Length: 0
Connection: keep-alive
Location: http://lykos-bzm.com/zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51

lykos-bzm.com/zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51

35.174.150.83

302

0 B

URL HTTP/1.1
lykos-bzm.com/zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51
IP
35.174.150.83:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51 HTTP/1.1
Host: lykos-bzm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Date: Tue, 25 Oct 2022 09:31:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o
Server: iOYVWolE

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62c45a6b66e612861c39b2c6e55f031f
818227b6df938d3ca5894325db5613038f298fc0
e775511413fe208a7e7fb88c82425e4db6bc97cd88dff0220a690a2c60c56cfd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E775511413FE208A7E7FB88C82425E4DB6BC97CD88DFF0220A690A2C60C56CFD"
Last-Modified: Mon, 24 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2636
Expires: Tue, 25 Oct 2022 10:15:45 GMT
Date: Tue, 25 Oct 2022 09:31:49 GMT
Connection: keep-alive

go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o

52.59.165.42

200 OK

1.6 kB

URL HTTP/1.1
go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o
IP
52.59.165.42:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Size
1.6 kB (1556 bytes)
Hash
e429b828cc03dee0a2723ca8c4622657
75a2d74db25910dbcaf3885e8c4a84c6f273790b
9072308f87ab3e46d5100ad8b12fe4145596ed62111b9777c6483da6aab4cba0

HTTP Headers

GET /co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1556
Date: Tue, 25 Oct 2022 09:31:49 GMT

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4b4947263357a5cf383a519dcca40228
cfacf43717b7f1d77314dae8390737274d913315
3edf03c09f18dfb6c8677c751e99f9ab6e26890c438338338dcfb218b8d7162a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 09:31:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=391395,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f9f102aa92b515-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4b4947263357a5cf383a519dcca40228
cfacf43717b7f1d77314dae8390737274d913315
3edf03c09f18dfb6c8677c751e99f9ab6e26890c438338338dcfb218b8d7162a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 09:31:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=391394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f9f1051d0bb515-OSL

adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o

35.190.38.40

200 OK

3.3 kB

URL HTTP/2
adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o
IP
35.190.38.40:0
ASN
#15169 GOOGLE

File type
data
Size
3.3 kB (3251 bytes)
Hash
16c0da0a50e7787046a7d42316d5d993
5d5b0b9d506b67cef1e03ded92eca864f562711d
03300bca3f749b571cf057ce09179cc74b9225554483c0d4ea503814de64b8a5

HTTP Headers

GET /jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: openresty
date: Tue, 25 Oct 2022 09:31:49 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=6143714-1264786048-3542256106&sub2=&sub3=309529620&sub4=126766&sub5=1666690310&sub6=6143714&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166669031010000TNOTV415326358024V7c

85.17.54.17

302 Found

191 B

URL HTTP/1.1
topsolutions.rdtk.io/631d71ca60776e00012e0e8f?sub1=6143714-1264786048-3542256106&sub2=&sub3=309529620&sub4=126766&sub5=1666690310&sub6=6143714&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166669031010000TNOTV415326358024V7c
IP
85.17.54.17:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text
Size
191 B (191 bytes)
Hash
912ce040c385b61a8447f02f35666c5d
8dae229151c8ec27d2f841638e11e39bcda5a919
e69a8df506dd18cad70b8ff50a225d5d16b258400de0d9ad1c76e1c12fc1074f

HTTP Headers

GET /631d71ca60776e00012e0e8f?sub1=6143714-1264786048-3542256106&sub2=&sub3=309529620&sub4=126766&sub5=1666690310&sub6=6143714&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166669031010000TNOTV415326358024V7c HTTP/1.1
Host: topsolutions.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 25 Oct 2022 09:31:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 191
Connection: keep-alive
Location: https://adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85
Referer: 
Referrer-Policy: no-referrer
Set-Cookie: redhash=NjM1N2FkMDY2MTc3ZTIwMDAxZmJjODU4fDB8NjMxZDcxY2E2MDc3NmUwMDAxMmUwZThmfHw4MDAzOGQ0Zi0zNjQwLTRiODEtODZlMy1kN2NhNjU5ZjQ1Y2R8MTY2NjY5MDMxMA==; Path=/; Domain=topsolutions.rdtk.io; Expires=Wed, 25 Oct 2023 09:31:50 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
601f6076563087266fcb94357da3aadf
3b40de129d0098a3f10912a95a9581a904d8285b
40a5194958ffe0b143487572f5d3bd6aeae6bced7df34f45091001ff926a8078

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2964
Cache-Control: max-age=137218
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 09:31:50 GMT
Etag: "63571674-138"
Expires: Wed, 26 Oct 2022 23:38:48 GMT
Last-Modified: Mon, 24 Oct 2022 22:49:24 GMT
Server: ECS (amb/6B8A)
X-Cache: HIT
Content-Length: 312

adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85

34.90.14.205

302 Found

0 B

URL HTTP/2
adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85
IP
34.90.14.205:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85 HTTP/1.1
Host: adverster.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Tue, 25 Oct 2022 09:31:50 GMT
content-length: 0
location: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
set-cookie: afclick=6357ad068d162a00019d1aea; expires=Wed, 25 Oct 2023 09:31:50 GMT; secure; SameSite=None
afoffers={"140":1666690310}; expires=Wed, 25 Oct 2023 09:31:50 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

adspredictiv.com/jump/next.php?stamat=m%257CMm43ajd3aQdHkAH0dEdHP3xP.5ef%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWv6zAvlD8RKfUndkq4ZvtgXRU8pucRZTnW6cWBntl28trFlMGhpnjy3M3fMN4R8jM_2vroPZM4ZEB0XiPcYq7Cw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o&cbur=0.7964932398146432&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F

35.190.38.40

302 Found

504 B

URL HTTP/2
adspredictiv.com/jump/next.php?stamat=m%257CMm43ajd3aQdHkAH0dEdHP3xP.5ef%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWv6zAvlD8RKfUndkq4ZvtgXRU8pucRZTnW6cWBntl28trFlMGhpnjy3M3fMN4R8jM_2vroPZM4ZEB0XiPcYq7Cw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o&cbur=0.7964932398146432&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F
IP
35.190.38.40:0
ASN
#15169 GOOGLE

File type
data
Size
504 B (504 bytes)
Hash
9aff9e59043c2b945987bb681d3980c0
4c75be03fe92013690a744fb40b55a377ae0d83b
86bf344ad7a9473a842893c97dfd8cc7dc4ee4553bc5920708f45ea79eaefa30

HTTP Headers

GET /jump/next.php?stamat=m%257CMm43ajd3aQdHkAH0dEdHP3xP.5ef%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWv6zAvlD8RKfUndkq4ZvtgXRU8pucRZTnW6cWBntl28trFlMGhpnjy3M3fMN4R8jM_2vroPZM4ZEB0XiPcYq7Cw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o&cbur=0.7964932398146432&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: openresty
date: Tue, 25 Oct 2022 09:31:50 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CA2IuIja7oGU3BP-GH0dEdHP3xP.b14%252ClrsdXCNkoFD47HAu82w_uRqH1luUZXfCSVvBp_djeYaxFLZCQ_Kn8eKulf6JQ8Rub2fQMkmIR7pNnGdSlWod1pASZKbRZMH8gVmb1Fi_ZsAyky1cV5Hf5E5WaRt0xtC4A-EeDPHdAhg0kkoGAJZIIgWN1coWQ0-EPee_DZ4FdMKWM0WOcDsdKo12mR6zkh5RbbeZSDKli3jz1Zv80NbavAUBarqzswPtG4yX-f7UF9md79ysZLgIOK1MnKOMLBxug9NzUHCnSStxSSJagFZG33hIuL8TddjIaDROgBFd5dSzF7pwf8TAhMxBJIakhRHZJDWO0bnI48CMNEhvIL1Dqjy01_xG0tgp3-0qTaELjHOU0j44x3IhqM94y0rEeeN9d-wx0MuH6evL5BJdrJztBboK0HGD3jmDIrwmtTxzX8qqkDH5oRF1ffqE56kgr_UJfnMCemDyVCGXMwLFwr2Z7tdPltlSaNz9pVzAowKjQoKiUZPfEIxXXYW5nE-BW16cU6YPkmvhJyPXAkQ_QDxBJYJC_1KBH4yX8ngyTOdeXgl1nI6luBdbuHB-0iK4U-ONoRu0TwqIGQG0rnC4EC1aj2RAQmiC6OZir_G0AGbFXMvMLuapuutLyCs-JlreqbYw
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364

146.190.28.107

200 OK

3.1 kB

URL HTTP/2
free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
IP
146.190.28.107:0
ASN
#0

File type
data
Size
3.1 kB (3128 bytes)
Hash
79b1e4bf05de5a801910d1dddb4f0fe1
480f243f117596349fe345b6a40cfea5316317cb
5f5e6fd2e2cc5dca96977f565e5afdf9924121dcb0175bdcd8b54a4114906ad5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364 HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:50 GMT
content-type: text/html
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

free3dgame.xyz/files/1.png

146.190.28.107

200 OK

91 kB

URL HTTP/2
free3dgame.xyz/files/1.png
IP
146.190.28.107:0
ASN
#0

File type
PNG image data, 268 x 341, 8-bit/color RGBA, non-interlaced\012- data
Size
91 kB (91434 bytes)
Hash
b1ca79a348b74c1f02654dcdc06fbd7a
015f9320975c34adbacd595681605c79797c0880
19ddba2395038bfe50d196bd2313219bcace3ebf24837e50c700d1f8f5e63a87

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/1.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: image/png
content-length: 91434
last-modified: Tue, 24 May 2022 10:25:50 GMT
etag: "628cb2ae-1652a"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

free3dgame.xyz/files/desc.jpg

146.190.28.107

200 OK

517 kB

URL HTTP/2
free3dgame.xyz/files/desc.jpg
IP
146.190.28.107:0
ASN
#0

File type
JPEG image data, progressive, precision 8, 3360x1882, components 3\012- data
Size
517 kB (517070 bytes)
Hash
abd6f700139d33406e689ae523063675
6fa1dd814d4c2d6a770e644c5aa0a0d7facdeba0
99f3f7d43320f66092019658c89c57d8a0bb5b748b9841384c4324acab71cc52

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/desc.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: image/jpeg
content-length: 517070
last-modified: Tue, 24 May 2022 11:29:05 GMT
etag: "628cc181-7e3ce"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

free3dgame.xyz/files/mob.jpg

146.190.28.107

200 OK

294 kB

URL HTTP/2
free3dgame.xyz/files/mob.jpg
IP
146.190.28.107:0
ASN
#0

File type
JPEG image data, progressive, precision 8, 1182x2100, components 3\012- data
Size
294 kB (294511 bytes)
Hash
6293f6397f0fc4f54cdee9f1016aa620
e1fe2d942487529eef53fc77e5eae9b518ec2944
657405356cbcd646c8090fdb0dbc62755bea4b1b2b0fae0fdade66a4af776f2b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/mob.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: image/jpeg
content-length: 294511
last-modified: Tue, 24 May 2022 11:28:39 GMT
etag: "628cc167-47e6f"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

free3dgame.xyz/files/bg-box.png

146.190.28.107

200 OK

37 kB

URL HTTP/2
free3dgame.xyz/files/bg-box.png
IP
146.190.28.107:0
ASN
#0

File type
PNG image data, 823 x 424, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (37399 bytes)
Hash
d9aab159517209305f0ae6ae43af0c2e
77763dcbe0c4223da8eba455022c7d41d21fe434
158ebf4b5f0045d2235408626133e56e8acef48a5b2cc4d69fd005d951954a63

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/bg-box.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/files/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: image/png
content-length: 37399
last-modified: Tue, 24 May 2022 10:25:14 GMT
etag: "628cb28a-9217"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

free3dgame.xyz/files/jquery.min.js

146.190.28.107

200 OK

35 kB

URL HTTP/2
free3dgame.xyz/files/jquery.min.js
IP
146.190.28.107:0
ASN
#0

File type
data
Size
35 kB (34961 bytes)
Hash
16d481ffeecfe52e5559e9301e1faf88
dd662a8b27ba6f6da37bba67bf383772d56c742e
34bc966ae3d1166a6007e5017a028e75108c6cfcd9a7226021f06d4f676020c3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/jquery.min.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Tue, 25 Oct 2022 21:31:51 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

216.58.207.195

200 OK

32 kB

URL HTTP/2
fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 31516, version 1.0\012- data
Size
32 kB (31516 bytes)
Hash
9e4726d312080161871f0472659ecf14
e0231f21da02732e9ef19c2280ea5a7aa25f04de
68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604

HTTP Headers

GET /s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://free3dgame.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 02:24:20 GMT
expires: Sun, 22 Oct 2023 02:24:20 GMT
cache-control: public, max-age=31536000
age: 284851
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

free3dgame.xyz/files/apple-touch-icon.png

146.190.28.107

200 OK

9.4 kB

URL HTTP/2
free3dgame.xyz/files/apple-touch-icon.png
IP
146.190.28.107:0
ASN
#0

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
9.4 kB (9390 bytes)
Hash
049ac8181fb1c147054e1ec9ae763d70
565397e7f0a82d7c31abccddbd9a310fddb3591d
6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/apple-touch-icon.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: image/png
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb9238eaa63063c98563a1961fbbfefa
9b23eea87129d9516b8e7527cce7b8b1efcfa1fe
ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

free3dgame.xyz/files/lang.js

146.190.28.107

200 OK

3.4 kB

URL HTTP/2
free3dgame.xyz/files/lang.js
IP
146.190.28.107:0
ASN
#0

File type
data
Size
3.4 kB (3374 bytes)
Hash
94754c0c0818d5cf7e2b369693f7d159
a93dae9a8163d65459fc51d3de24124d0331853c
267208b8ba69b63a4acfc83aa56a629e3cba478bb35e25969bfc80c3539f0b19

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /files/lang.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Tue, 25 Oct 2022 21:31:51 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fe81c53-d1b6-41f3-80b6-2deb2f9910a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4606 bytes)
Hash
9f9dcb593f8cda6614f0038cd9d9f240
5f466d8c8fac2fad3e4539e92ac8f7f8fab4dc53
c111e59b70b4bca5f935cd53cbb6c5287d549a2364f537b8258da64d4405ad3a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fe81c53-d1b6-41f3-80b6-2deb2f9910a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 4606
x-amzn-requestid: 27a36481-c1d3-4bf3-a6b0-61a00b6bb058
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3JBHEzIAMF4aQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357056c-0e3cf1f16c80195571efe893;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XW-ciDnnHUUdvqVriEU4ALAwx_oRvWG2gmKAoyBXQw20Y2b6_A_s3A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:18 GMT
age: 42097
etag: "5f466d8c8fac2fad3e4539e92ac8f7f8fab4dc53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1