Overview

URL68.us.findthewind.xyz/feed/?link=true&tid=68&subid=68.us.macos&ref=track.gositego.live&s1=6357ace970df776ff4062766
IP 23.235.251.114 (United States)
ASN#19437 SS-ASH
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-25 09:31:58 UTC
StatusLoading report..
IDS alerts0
Blocklist alert9
urlquery alerts No alerts detected
Tags None

Domain Summary (21)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (9) 344 No data No data 23.36.76.226
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 52.42.234.253
redir.tealwinds.xyz (1) 0 2022-07-28 05:22:11 UTC 2022-10-25 06:05:28 UTC 198.211.113.186 Domain (tealwinds.xyz) ranked at: 178693
lykos-bzm.com (1) 0 2022-09-21 20:06:11 UTC 2022-10-25 06:59:50 UTC 35.174.150.83 Unknown ranking
ocsp.pki.goog (3) 175 2019-02-02 06:15:41 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
68.us.findthewind.xyz (1) 0 2022-10-20 12:03:18 UTC 2022-10-20 12:03:18 UTC 23.235.251.114 Unknown ranking
adverster.g2afse.com (1) 200149 2021-05-26 11:36:17 UTC 2022-10-23 22:27:34 UTC 34.90.14.205
free3dgame.xyz (8) 0 2021-03-11 13:07:41 UTC 2022-10-25 07:13:11 UTC 146.190.28.107 Unknown ranking
c.mybestclick.net (1) 103231 2018-10-18 14:06:05 UTC 2022-10-25 01:00:13 UTC 192.241.144.203
img-getpocket.cdn.mozilla.net (7) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
c.srvpcn.com (1) 35194 No data No data 52.22.167.208
ocsp.sectigo.com (2) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
adspredictiv.com (2) 160243 2015-04-30 21:27:53 UTC 2022-10-25 05:06:18 UTC 35.190.38.40
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-10-25 04:03:49 UTC 143.204.55.115
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-25 04:08:26 UTC 34.117.237.239
ocsp.digicert.com (2) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
eu.pushnow.net (1) 0 2022-03-23 00:35:15 UTC 2022-10-25 01:00:14 UTC 38.100.129.195 Unknown ranking
go.money616.xyz (1) 0 No data No data 52.59.165.42 Unknown ranking
topsolutions.rdtk.io (1) 308069 No data No data 85.17.54.17
fonts.gstatic.com (1) 0 2022-10-01 01:41:12 UTC 2022-10-25 04:54:03 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-25 2 lykos-bzm.com Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed
2022-10-25 2 free3dgame.xyz Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 23.235.251.114
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114
2023-01-25 06:47:03 +0000 0 - 0 - 1 21.us.tealwinds.xyz/feed/?link=true&tid=21&su (...) 23.235.251.114
2023-01-19 15:47:03 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114


Last 5 reports on ASN: SS-ASH
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-02-01 20:53:46 +0000 0 - 0 - 22 www.montereycountyclinicservices.org/ 131.153.100.222
2023-01-31 07:05:58 +0000 0 - 0 - 4 www.afamag.com/ 131.153.100.9
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114


Last 5 reports on domain: findthewind.xyz
Date UQ / IDS / BL URL IP
2022-10-25 09:31:58 +0000 0 - 0 - 9 68.us.findthewind.xyz/feed/?link=true&tid=68& (...) 23.235.251.114
2022-10-24 06:48:06 +0000 0 - 0 - 7 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-24 00:22:55 +0000 0 - 0 - 4 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-23 08:38:27 +0000 0 - 0 - 1 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-22 19:28:14 +0000 0 - 0 - 5 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-21 13:11:23 +0000 0 - 0 - 5 cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481& (...) 51.83.143.92
2022-12-08 03:01:32 +0000 0 - 0 - 11 free3dgame.xyz/ 146.190.28.107
2022-11-12 21:01:45 +0000 0 - 0 - 11 free3dgame.xyz/ 146.190.28.107
2022-11-12 15:36:38 +0000 0 - 0 - 11 free3dgame.xyz/ 146.190.28.107
2022-11-03 14:45:51 +0000 0 - 0 - 10 68.us.silverwinds.xyz/feed/?link=true&tid=68& (...) 23.235.251.114

JavaScript

Executed Scripts (7)

Executed Evals (0)

Executed Writes (2)
#1 JavaScript::Write (size: 52) - SHA256: 0deedc1abfc3b275016994191944c57799852bae497d3a06461ac07e741712b9
By clicking on START GAME you confirm you 're over 18
#2 JavaScript::Write (size: 10) - SHA256: 62e0df134d7e80abb976d863e3602a9a240fe509ac17654521ac4ac6bffda44d
Start Game


HTTP Transactions (48)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 08:32:33 GMT
Expires: Tue, 25 Oct 2022 09:08:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NQoAUIDR0_H6yKYd8v6lwPfCCFQoWukSvz9tQYfVL0iccZ4Zl-Cnbg==
Age: 3553


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    050bfd0155f265780e88dabcdde8b147
Sha1:   93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
Sha256: 9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14452
Expires: Tue, 25 Oct 2022 13:32:38 GMT
Date: Tue, 25 Oct 2022 09:31:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2236
Expires: Tue, 25 Oct 2022 10:09:02 GMT
Date: Tue, 25 Oct 2022 09:31:46 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: PBAY8Oo40C3ke/T7dZ01z5YFFdnA1AQFgzohZbBhShtr7Jow7jyxOg+lFXnzn2z7ATFsDaoqVX8=
x-amz-request-id: G3FQH2G4392DCQZ2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 09:08:53 GMT
age: 1373
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:46 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 25 Oct 2022 08:33:32 GMT
Expires: Tue, 25 Oct 2022 09:07:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QiJWcl3OPamkyvkLma_sCXzjkLHtldq2C3qEX5SRGBcljB63gLvZrg==
Age: 3495


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2698
Cache-Control: max-age=170399
Date: Tue, 25 Oct 2022 09:31:47 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 08:51:46 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yfQOhVqaIK9+TgKAlIrfVw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.42.234.253
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gYKFPZorkeWU4NEN4/assOpgonY=

                                        
                                            GET /feed/?link=true&tid=68&subid=68.us.macos&ref=http://track.gositego.live&s1=6357ace970df776ff4062766 HTTP/1.1 
Host: 68.us.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.tealwinds.xyz/feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766
Date: Tue, 25 Oct 2022 09:31:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C753E6D5F95F6AA9ECA822E2A450E867D80C6818AAE70132B1A550182A9AE4D3"
Last-Modified: Tue, 25 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13321
Expires: Tue, 25 Oct 2022 13:13:49 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            GET /feed/click/?t1=128&tid=68&uid=15&subid=68.us.macos&id=166ff520e6cd307eeabb9bb5b1c83097:ee39e72875a48ffaa0c7a48ef555862344ae7b0c22f52ca36701997f03a806486297c4b01eb4eb63415cd6eb3a661ff73f6ee0e96402f9f429c9bda45a3010bd595c3a4a76f4779dae256b69abc32f5b550b30a58c89a87909af9e151cacab478cea3db9baec539de59df46d92c9d632cdffadf32bb7406a67c20a4d497c3698e1daa9c5d80eedc1a99f71741e1972bcb62b72c48c4586d0d36670c644df558559df58ebd626e1e187d7404bc10a882da42e0782baa25e150052c2ed9b550f3155b401aa2dd8629df15e62967ad8ffaf1c45745247bec75edf1311da5f6391676bfbcee2b840100239a1b166777cee1665529620f68a4dad49b406c40a3d3ce5bff7f44aa2f01f1289fe598b658d930e99946a96b5996ceccc49ba21bfed2521c59751b078ea691b03829cc45eeb93772b02a1e753a7cf8ba05023a2550de8270a414c41e8a40d156c921dd55f37cdf02dff957c4fd06bfa99a7b045cdd57367eb299377594ae4184c6dfbd89e28f9804d63ed115e24970ad60fd4b528b7e68a56beea22df3511eb7e9d25abe34cf7f4e6da6baf8bffce5ee6bea131e525086886942e9db21bd1899778b6a07fb93f085452c5ff19f5cc3e414eb30b963a37af29ecc9319b6d6b3f9391313f19a2b04b4210a95741a43c47e248607e83b9966eb3439ea22e113b343f0ebd98163bea58dea29fa8a2188f4fd651c00c1899abf493e85e53cd9c57e1ae512ea0eb064a88921fc665afcf62133f2c2985f7574078f620ebce2988ad414a9ac9d38a2f548a35ba0c7dd48b676b21b4b9f74b48300d415b54b7e2fa90389744b001ee81f8a6aa11df6d5e5db6a74220e12659798347753469a765bd8c193e9c0bdff5ea2e1b82416c5e93a33b44c489e5b044789c4a274713dc5e25741f1462648a6e88f33667a1f8912effa7d3f2cc0576bbcdd8af52376bd25fc0a16bdc894132a1036e09372f2abbce9fd747d4075a6c4de6568144575e16a18a8a1cb9c4ac89548c4198b10659e4a1aeeb08b8cd361d880ae939dd9b43d55ade1f49c33c2c97cdff4c024d31c9e14a33e4bbfd4895b63931682ba02ad21a245fabb7e212e4edbd4ef4d293ed4f8b38dcc6aec2b9151cdbda8a546f176db3919bb65051adabab29f9af86c024d28e904f8fd8e3307fec50aa699c206304f5b21c02fb73e263df19dc4e322fc7b099a5467374b2c5bfa94a611fbf63ab045753551c3428230267afc284153fbe4351e39a0db71ed03013b5a36c80a8dd147b2c6be7048c6baf3b985257468afb72ed1f9f1837221f5f892abb24c92186887f89dce85b19221b2afe7ca0d472770bb273259f2203517a3453288e8d03bf7f8b2585d2764d954389ea671981d363dfa2c52bb94dab8add423675ccde808c4850200fe485c8ecaceb881faced&s1=6357ace970df776ff4062766 HTTP/1.1 
Host: redir.tealwinds.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2
Vary: Accept
Content-Length: 1660
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1660), with no line terminators
Size:   1660
Md5:    3235c782d04ec35c64e63e9d2a034831
Sha1:   756e8fe449f2803359606ce129fe2271aa42a055
Sha256: cc846447c4b0455a58294a60a4b366bef524f750b02dc0275512c291f663aefa
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "709C330ABF819D6D8DF14C30E51842916D479EDEB150F00FED69D3277192208C"
Last-Modified: Sat, 22 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13928
Expires: Tue, 25 Oct 2022 13:23:56 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            GET /feed/click/?t1=128&tid=3115&uid=4465&subid=68_68.us.macos&id=b6076c09f9bd6978ad09f71ebb736708:a00a7d1b1f0059c805c0add747a38c1d656a6ba75fe554a81694726e271de1ff025cdb990cafe23d6a3ed785d6c1fa4b24d6c4003e374ef748f25d4de78d3db9aa325ec4625ab2a10d3c9f93fcc03dd6ff834056f91effae6b40a7c5dca836dff3a2cb1816e2ed135ee94080d92b4e7a619aedf062b1a33fde9e2201a4ef35f693b9ab9c4d515f4598829f512f3145a8e05ded2bdf72949ccc3565c4363a401ce051326014b29240ab30917ae8551aa2d8be231141598f232bce34baca2b30638f1e312e30030f1715d7e286521d721b6bcdd573a21ebec6c9f4c8737fd9c3c0b299b73d49c4bca5553704f922a5dfbf01f469a430059e7afa2f5cacc1330c9cfc0ad1834e8e4a5b91ff129554995cf5d9761ea8c1f97d18b0eb2150a7509ce9eff74d7aa19abeadfd6243e4d2bbde327d65dc974517faed3da9ac1f0650da44b34a094af22a28010cb1fb86e74cdcd2 HTTP/1.1 
Host: c.mybestclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         192.241.144.203
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://eu.pushnow.net/postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9
Vary: Accept
Content-Length: 264
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   264
Md5:    14e59b0ac23812cfc31534efb56b5ed4
Sha1:   adf32bcf9b421ac80276b9e1a71f5356eee889f1
Sha256: f69603bee5f31937cf72570224787ad6367455ca10a95ebea787c70a4666418d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "31FBFF7ED4FD3FD4643CF9C1DCB401579F12C291689EF026A9B1115B38A5A735"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2428
Expires: Tue, 25 Oct 2022 10:12:16 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            GET /postback/click?key=v2-1666690306941-4-5479-1084493-bf769868-0bd9-7ccc-3e98-6bb551ce10a9 HTTP/1.1 
Host: eu.pushnow.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; platform_user_id_from_ssp_3rd_party=platform:f86f862ff85e673a9c9766752124fbcc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         38.100.129.195
HTTP/2 302 Found
                                        
server: openresty/1.15.8.3
date: Tue, 25 Oct 2022 09:31:48 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36 platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952 platform_user_id_from_ssp=platform:c56f7887f30fdefdaec235ac0d8f081d platform_user_id_from_ssp_3rd_party=platform:c56f7887f30fdefdaec235ac0d8f081d; SameSite=None; Secure; Max-Age=31556952
location: http://c.srvpcn.com/click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2518
Expires: Tue, 25 Oct 2022 10:13:46 GMT
Date: Tue, 25 Oct 2022 09:31:48 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18f72757-5389-44e5-9b3d-fd0ed441e42b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7992
x-amzn-requestid: d14e1fb8-46b8-414f-bc03-b7619dc7cb6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ackbGGEaIAMFV8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6354e77a-7fd668d97068c40639ca3d3f;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 07:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xELJXviFBSsn0bUsRBJ5YfKsgD1y1sfZkSs6WM7jTh4-HDcxzlc71Q==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:37:33 GMT
age: 6855
etag: "f0bd82da0a3c7b8cc65fba1e9c4af0760e3ae861"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7992
Md5:    9cea1dfb80f297f57f615a570d64f730
Sha1:   f0bd82da0a3c7b8cc65fba1e9c4af0760e3ae861
Sha256: 56c57a837b357d24e08ad9eea9836501f83a1ba4b0d2f2fa9b74f65fef9cdef1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49bb46dd-5578-4e72-9aed-dc70960d4c97.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7633
x-amzn-requestid: e85011ac-422d-44b3-8af4-32d1c657597f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3D6EYXIAMFRlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054c-4f56cf37570dfcbe64ce4778;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: w3KKBDQzR5-BVF158SvYqzoDTuT1Ayx64lHy02MoBWUkOWR4H3ZTqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:17 GMT
age: 42091
etag: "ed419179e1460d655f14735e430cbbd76ab2a869"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7633
Md5:    edae4c2a51941f9d01ea6658430a95b8
Sha1:   ed419179e1460d655f14735e430cbbd76ab2a869
Sha256: 92f280cc9ad01c6901b08269a12908b927877082952ec52fe9a082910c181076
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe70105c7-5a5d-48c2-a113-06846e24dff9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11822
x-amzn-requestid: 1702783e-fce4-4c9d-96a9-ee0477cff0ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aHpINH1LIAMFZjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634c889a-0cc362f90671a9827f4573f9;Sampled=0
x-amzn-remapped-date: Sun, 16 Oct 2022 22:41:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YgdgwWNWat8JCI07iCToqMsVpoWDl54TS0Q6o41OGaCePkGjNfYzjA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 04:08:53 GMT
age: 19375
etag: "762e9f0ce9256ff9a54e08d76dca7596d44677df"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11822
Md5:    e43859d91550f002f2fc145b8a044f40
Sha1:   762e9f0ce9256ff9a54e08d76dca7596d44677df
Sha256: 3d39a87540b716721e9d4e28aa499233ccde5ed4c6e7f1a902010e56572c8f46
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jiu-Z6DMgXxXdZ5BDwjNoq5Y15kBgM894k4EY2qSRZKdvk0bfkn89A==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:16 GMT
age: 42092
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4206
Md5:    3cf322f19151bcfa374c2e32b9ac986f
Sha1:   e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
Sha256: 54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUBXr7SKYdvhryoB8p9to-Eo8twjspRYnHO2xf9TtvLJIIyOwe3W1w==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:43:49 GMT
age: 6479
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8090
Md5:    531f350512ac7712d932234803aa4602
Sha1:   2fb4599ad3d513a160c1f29fefda27b45852c381
Sha256: 7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7977
x-amzn-requestid: 3e217877-33a2-4efc-a21f-b75764a8ced9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3FWGRooAMFagw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570555-2bc77cb653ef022b4aab7f71;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CWRIYnB8Zcc-9L-EdFq_ahTPlv8AMqnBGlZmRTN-0BsZIUWF3eUOfg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:37:08 GMT
age: 42880
etag: "5c690531e195332c04092ce22e7bdcecccc3c9d5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7977
Md5:    80bab61eeda285e378b86b3efc4f87f9
Sha1:   5c690531e195332c04092ce22e7bdcecccc3c9d5
Sha256: 0c4dec046835501b598b5165acd592c3baeb2d6e21b6ac5fd549e790a802cd02
                                        
                                            GET /click?id=cdbqq0j8due589e69ft0&e=b78f0b76-41ad-45e2-b17e-76d940f92309&px=34 HTTP/1.1 
Host: c.srvpcn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         52.22.167.208
HTTP/1.1 303 See Other
                                        
Date: Tue, 25 Oct 2022 09:31:48 GMT
Content-Length: 0
Connection: keep-alive
Location: http://lykos-bzm.com/zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51

                                        
                                            GET /zcvisitor/d87941f2-5447-11ed-bd91-1253798e75cd/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=0098f150-174c-11ed-9b74-128084d1ce51 HTTP/1.1 
Host: lykos-bzm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         35.174.150.83
HTTP/1.1 302
                                        
Date: Tue, 25 Oct 2022 09:31:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o
Server: iOYVWolE


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E775511413FE208A7E7FB88C82425E4DB6BC97CD88DFF0220A690A2C60C56CFD"
Last-Modified: Mon, 24 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2636
Expires: Tue, 25 Oct 2022 10:15:45 GMT
Date: Tue, 25 Oct 2022 09:31:49 GMT
Connection: keep-alive

                                        
                                            GET /co?sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o HTTP/1.1 
Host: go.money616.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         52.59.165.42
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
connection: close
x-content-type-options: nosniff
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 1556
Date: Tue, 25 Oct 2022 09:31:49 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364)
Size:   1556
Md5:    e429b828cc03dee0a2723ca8c4622657
Sha1:   75a2d74db25910dbcaf3885e8c4a84c6f273790b
Sha256: 9072308f87ab3e46d5100ad8b12fe4145596ed62111b9777c6483da6aab4cba0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Oct 2022 09:31:49 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=391395,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f9f102aa92b515-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Oct 2022 09:31:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:25:06 GMT
Expires: Sat, 29 Oct 2022 22:25:05 GMT
Etag: "cfacf43717b7f1d77314dae8390737274d913315"
Cache-Control: max-age=391394,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f9f1051d0bb515-OSL

                                        
                                            GET /jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o HTTP/1.1 
Host: adspredictiv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.money616.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         35.190.38.40
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty
date: Tue, 25 Oct 2022 09:31:49 GMT
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3251
Md5:    16c0da0a50e7787046a7d42316d5d993
Sha1:   5d5b0b9d506b67cef1e03ded92eca864f562711d
Sha256: 03300bca3f749b571cf057ce09179cc74b9225554483c0d4ea503814de64b8a5
                                        
                                            GET /631d71ca60776e00012e0e8f?sub1=6143714-1264786048-3542256106&sub2=&sub3=309529620&sub4=126766&sub5=1666690310&sub6=6143714&sub7=NO&sub8=1000&sub9=Blix%20Solutions&ref_id=166669031010000TNOTV415326358024V7c HTTP/1.1 
Host: topsolutions.rdtk.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         85.17.54.17
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Tue, 25 Oct 2022 09:31:50 GMT
Content-Length: 191
Connection: keep-alive
Location: https://adverster.g2afse.com/click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85
Referer:
Referrer-Policy: no-referrer
Set-Cookie: redhash=NjM1N2FkMDY2MTc3ZTIwMDAxZmJjODU4fDB8NjMxZDcxY2E2MDc3NmUwMDAxMmUwZThmfHw4MDAzOGQ0Zi0zNjQwLTRiODEtODZlMy1kN2NhNjU5ZjQ1Y2R8MTY2NjY5MDMxMA==; Path=/; Domain=topsolutions.rdtk.io; Expires=Wed, 25 Oct 2023 09:31:50 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   191
Md5:    912ce040c385b61a8447f02f35666c5d
Sha1:   8dae229151c8ec27d2f841638e11e39bcda5a919
Sha256: e69a8df506dd18cad70b8ff50a225d5d16b258400de0d9ad1c76e1c12fc1074f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2964
Cache-Control: max-age=137218
Date: Tue, 25 Oct 2022 09:31:50 GMT
Etag: "63571674-138"
Expires: Wed, 26 Oct 2022 23:38:48 GMT
Last-Modified: Mon, 24 Oct 2022 22:49:24 GMT
Server: ECS (amb/6B8A)
X-Cache: HIT
Content-Length: 312

                                        
                                            GET /click?pid=364&offer_id=140&sub4=6143714-1264786048-3542256106&ref_id=6357ad066177e20001fbc858&sub2=5cc839de65115c0001015b85 HTTP/1.1 
Host: adverster.g2afse.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         34.90.14.205
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:50 GMT
content-length: 0
location: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
set-cookie: afclick=6357ad068d162a00019d1aea; expires=Wed, 25 Oct 2023 09:31:50 GMT; secure; SameSite=None afoffers={"140":1666690310}; expires=Wed, 25 Oct 2023 09:31:50 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /jump/next.php?stamat=m%257CMm43ajd3aQdHkAH0dEdHP3xP.5ef%252C7H0PozvLiGV-YkDx825CHq_5mNyzZhovkYDfyjWLDI0Sb21IYsIWB7DkTq9zqOvWv6zAvlD8RKfUndkq4ZvtgXRU8pucRZTnW6cWBntl28trFlMGhpnjy3M3fMN4R8jM_2vroPZM4ZEB0XiPcYq7Cw%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6143714&sub1=pyrrhous-marten&sub2=uniform-sac-v0499np96o&cbur=0.7964932398146432&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fgo.money616.xyz%2F HTTP/1.1 
Host: adspredictiv.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         35.190.38.40
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: openresty
date: Tue, 25 Oct 2022 09:31:50 GMT
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CA2IuIja7oGU3BP-GH0dEdHP3xP.b14%252ClrsdXCNkoFD47HAu82w_uRqH1luUZXfCSVvBp_djeYaxFLZCQ_Kn8eKulf6JQ8Rub2fQMkmIR7pNnGdSlWod1pASZKbRZMH8gVmb1Fi_ZsAyky1cV5Hf5E5WaRt0xtC4A-EeDPHdAhg0kkoGAJZIIgWN1coWQ0-EPee_DZ4FdMKWM0WOcDsdKo12mR6zkh5RbbeZSDKli3jz1Zv80NbavAUBarqzswPtG4yX-f7UF9md79ysZLgIOK1MnKOMLBxug9NzUHCnSStxSSJagFZG33hIuL8TddjIaDROgBFd5dSzF7pwf8TAhMxBJIakhRHZJDWO0bnI48CMNEhvIL1Dqjy01_xG0tgp3-0qTaELjHOU0j44x3IhqM94y0rEeeN9d-wx0MuH6evL5BJdrJztBboK0HGD3jmDIrwmtTxzX8qqkDH5oRF1ffqE56kgr_UJfnMCemDyVCGXMwLFwr2Z7tdPltlSaNz9pVzAowKjQoKiUZPfEIxXXYW5nE-BW16cU6YPkmvhJyPXAkQ_QDxBJYJC_1KBH4yX8ngyTOdeXgl1nI6luBdbuHB-0iK4U-ONoRu0TwqIGQG0rnC4EC1aj2RAQmiC6OZir_G0AGbFXMvMLuapuutLyCs-JlreqbYw
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364 HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:50 GMT
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3128
Md5:    79b1e4bf05de5a801910d1dddb4f0fe1
Sha1:   480f243f117596349fe345b6a40cfea5316317cb
Sha256: 5f5e6fd2e2cc5dca96977f565e5afdf9924121dcb0175bdcd8b54a4114906ad5

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /files/1.png HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-length: 91434
last-modified: Tue, 24 May 2022 10:25:50 GMT
etag: "628cb2ae-1652a"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 268 x 341, 8-bit/color RGBA, non-interlaced\012- data
Size:   91434
Md5:    b1ca79a348b74c1f02654dcdc06fbd7a
Sha1:   015f9320975c34adbacd595681605c79797c0880
Sha256: 19ddba2395038bfe50d196bd2313219bcace3ebf24837e50c700d1f8f5e63a87

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /files/desc.jpg HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-length: 517070
last-modified: Tue, 24 May 2022 11:29:05 GMT
etag: "628cc181-7e3ce"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, progressive, precision 8, 3360x1882, components 3\012- data
Size:   517070
Md5:    abd6f700139d33406e689ae523063675
Sha1:   6fa1dd814d4c2d6a770e644c5aa0a0d7facdeba0
Sha256: 99f3f7d43320f66092019658c89c57d8a0bb5b748b9841384c4324acab71cc52

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /files/mob.jpg HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-length: 294511
last-modified: Tue, 24 May 2022 11:28:39 GMT
etag: "628cc167-47e6f"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, progressive, precision 8, 1182x2100, components 3\012- data
Size:   294511
Md5:    6293f6397f0fc4f54cdee9f1016aa620
Sha1:   e1fe2d942487529eef53fc77e5eae9b518ec2944
Sha256: 657405356cbcd646c8090fdb0dbc62755bea4b1b2b0fae0fdade66a4af776f2b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /files/bg-box.png HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/files/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-length: 37399
last-modified: Tue, 24 May 2022 10:25:14 GMT
etag: "628cb28a-9217"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 823 x 424, 8-bit/color RGBA, non-interlaced\012- data
Size:   37399
Md5:    d9aab159517209305f0ae6ae43af0c2e
Sha1:   77763dcbe0c4223da8eba455022c7d41d21fe434
Sha256: 158ebf4b5f0045d2235408626133e56e8acef48a5b2cc4d69fd005d951954a63

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /files/jquery.min.js HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Tue, 25 Oct 2022 21:31:51 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   34961
Md5:    16d481ffeecfe52e5559e9301e1faf88
Sha1:   dd662a8b27ba6f6da37bba67bf383772d56c742e
Sha256: 34bc966ae3d1166a6007e5017a028e75108c6cfcd9a7226021f06d4f676020c3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://free3dgame.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 02:24:20 GMT
expires: Sun, 22 Oct 2023 02:24:20 GMT
cache-control: public, max-age=31536000
age: 284851
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 31516, version 1.0\012- data
Size:   31516
Md5:    9e4726d312080161871f0472659ecf14
Sha1:   e0231f21da02732e9ef19c2280ea5a7aa25f04de
Sha256: 68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
                                        
                                            GET /files/apple-touch-icon.png HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Thu, 24 Nov 2022 09:31:51 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   9390
Md5:    049ac8181fb1c147054e1ec9ae763d70
Sha1:   565397e7f0a82d7c31abccddbd9a310fddb3591d
Sha256: 6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 25 Oct 2022 09:31:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /files/lang.js HTTP/1.1 
Host: free3dgame.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=byq8yz76skm800fc6ylf&code=6357ad068d162a00019d1aea&sub1=&sub2=Sexually+Submission+low&sub3=topsolutionsmedia&sub4=6143714-1264786048-3542256106&sub5=364
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         146.190.28.107
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 25 Oct 2022 09:31:51 GMT
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Tue, 25 Oct 2022 21:31:51 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3374
Md5:    94754c0c0818d5cf7e2b369693f7d159
Sha1:   a93dae9a8163d65459fc51d3de24124d0331853c
Sha256: 267208b8ba69b63a4acfc83aa56a629e3cba478bb35e25969bfc80c3539f0b19

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fe81c53-d1b6-41f3-80b6-2deb2f9910a2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4606
x-amzn-requestid: 27a36481-c1d3-4bf3-a6b0-61a00b6bb058
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3JBHEzIAMF4aQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357056c-0e3cf1f16c80195571efe893;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XW-ciDnnHUUdvqVriEU4ALAwx_oRvWG2gmKAoyBXQw20Y2b6_A_s3A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:50:18 GMT
age: 42097
etag: "5f466d8c8fac2fad3e4539e92ac8f7f8fab4dc53"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4606
Md5:    9f9dcb593f8cda6614f0038cd9d9f240
Sha1:   5f466d8c8fac2fad3e4539e92ac8f7f8fab4dc53
Sha256: c111e59b70b4bca5f935cd53cbb6c5287d549a2364f537b8258da64d4405ad3a