av28.com/video/90452/test
104.21.58.248301 Moved Permanently 0 B URL HTTP/1.1 av28.com/video/90452/test
IP 104.21.58.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/90452/test HTTP/1.1
Host: av28.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 08:15:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 04 Oct 2022 09:15:51 GMT
Location: https://av28.com/video/90452/test
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EW6hx3EZ6ryXIB%2FjM9CTH%2FK%2F4Z%2BdnJBlSO9HCK1LbLp%2BBl4iy3GZ73CkuGUeH1GcvZLuYEjdqbN6Wmd5uE5VQVfVljQHHxIkWNq%2B6emo6XvVMIakuCyAZMhOlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754c78dc89ee0b3d-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 07:29:42 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KsC8uXJACLEJlUplaE3EmVCsGfg3F-gAVSFCCmMQZhaRR1EyA1x60w==
Age: 2769
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eabb7d9ffae717f7305d63c057755470
3b7f0baccfdbb8d9ffefa4a2215d4d6094be454a
ab48f17e54075e1ecf034278e82bcacd2e3689773186cc84fba9b79aac907294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7453
Expires: Tue, 04 Oct 2022 10:20:04 GMT
Date: Tue, 04 Oct 2022 08:15:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VeDfUk56VpPerOQ7Dzn_MYLYDhFpUwswz4k0j9mID8ovcN1P-KaZSA==
age: 10045
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 08:15:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 07:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 08:26:00 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NOA66bYbPqw5WgLXqq2PNWDAM_-5RsIeetQ2X4ZUqKVV9Q2j3yfckA==
Age: 2779
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3193
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:52 GMT
Last-Modified: Tue, 04 Oct 2022 07:22:39 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RoaDJdux/bmRvS/hoMzI+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SZVVti3nW7u17Z+D2/APyuNVDvI=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20012
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 08:15:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20012
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 08:15:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59c6121e6f6cb833939e12585aca131e
5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df
88b8a458ad437bf40d154b21d844ba56530ae05c2f42b417cfb0e6cffcb294e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 35cc0acc-ac90-4f36-a976-c61c34cfe4fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqNXG3mIAMFujg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5722-112061742493dd5255c3fb00;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VeeA3FQIKbAt5xmPr99k9gQjGbbwrRLM1lFYWaVIO3TCVM19GUKJaA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 37133
etag: "5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5745f8e3528f481ae2acf05b4abd3d0
d830b94bea3b5698e5192a7ea05f90b25b2f9cc9
313e11915f0869a608c830637b9dfd236ff28a8fb3354c3cc8748816b0ee18b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8738
x-amzn-requestid: ede4db78-f2ab-4226-a855-dc7373978dfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTFrBoAMFR3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-2776543e774f0016329ddade;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c9bu34_KooZB6Z4d8xXGnsd9jZ7lPl3yIo9II1Dm_2YVId3l9-7n-w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 37208
etag: "d830b94bea3b5698e5192a7ea05f90b25b2f9cc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 37148
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 12781
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 37200
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34f2dfb2faff276db1d4a57739db2450
f5ce815082043a4efce28fc790ae7d8b3a8531f8
e02ea92f0be524ccfe26eee61a77e39a13d852d1ba3696f729e0f61812028667
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5083
x-amzn-requestid: ed99df03-5d15-4e09-9aea-bbf77a705323
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpI0HT0IAMFxvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556b-422197147d76caac6e910664;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:35 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pddStyEpwVdYKSAUVcpupnWVPw6ALoYCouHQzixF_vTgXdpVF60ElA==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 36295
etag: "f5ce815082043a4efce28fc790ae7d8b3a8531f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s7.addthis.com/js/300/addthis_widget.js
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116423 bytes)
Hash d5b9b7a3accd3b7b7de639c072ae3ee2
9583b5c046d78af5c6379d844219f828aa2222d0
648dad6716bb917c7d981e7772fca499d9583717fd83ffef47b0534cb9132b60
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: "5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
content-encoding: gzip
content-length: 116423
date: Tue, 04 Oct 2022 08:15:55 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43eccb266d50dd92d10250853a0733b0
a56f10f050bb4a9582b440f5778e1d1121b320df
13028a1a8a7c71fc67fd10bf312bebbac781c2cb7432f3733b6b73668edfebbe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13028A1A8A7C71FC67FD10BF312BEBBAC781C2CB7432F3733B6B73668EDFEBBE"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20386
Expires: Tue, 04 Oct 2022 13:55:41 GMT
Date: Tue, 04 Oct 2022 08:15:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
creative.xxxiijmp.com/widgets/Spot/lib.js
104.18.42.40200 OK 79 kB URL HTTP/2 creative.xxxiijmp.com/widgets/Spot/lib.js
IP 104.18.42.40:0
File type Unicode text, UTF-8 text, with very long lines (38767), with LF, NEL line terminators
Hash 0c7492051f8f92b67cbb5d9bba34c786
25baeec20aae0b8a2547e4e002e22b7cfa36bfd6
44c6c8b7ab4525e8f81d01fd61f9901a1b748f289d083b2475770af1949fa77e
GET /widgets/Spot/lib.js HTTP/1.1
Host: creative.xxxiijmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 03 Oct 2022 07:59:03 GMT
etag: W/"633a9647-43645"
expires: Tue, 04 Oct 2022 08:15:50 GMT
cache-control: max-age=10
pragma: public
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7188ab50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
142.250.74.106200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (32086)
Hash 430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 02:47:33 GMT
expires: Mon, 02 Oct 2023 02:47:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 192503
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-122567730-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-122567730-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash b8619f1d9ce4882a624e027a4bed84d8
d2a940df0f32604c5fed121052314c5c8bd0b73a
cc0acb5d7ba7a14ca0764355342e0c32cf33b937a639af98bba47f3214a6d953
GET /gtag/js?id=UA-122567730-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 08:15:56 GMT
expires: Tue, 04 Oct 2022 08:15:56 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42394
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
142.250.74.138200 OK 130 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (2831)
Size 130 kB (129563 bytes)
Hash 1518af66a6a45dc07b47f5d33dddd709
c07f8ceddb0a9f297bbb7098f9705324e9414970
ef2e95c0a64206661035ec5a1ce2f66cb9cad7394e240f1463d867dade111a14
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 129563
date: Tue, 04 Oct 2022 08:15:56 GMT
expires: Tue, 04 Oct 2022 08:15:56 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.rawgit.com/MailOnline/videojs-vast-vpaid/master/bin/videojs_5.vast.vpaid.min.js
194.242.11.186301 Moved Permanently 130 B URL HTTP/2 cdn.rawgit.com/MailOnline/videojs-vast-vpaid/master/bin/videojs_5.vast.vpaid.min.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
File type ASCII text, with no line terminators
Hash 344fd53ccf40651c15eb4e9817f95c25
12917557a85ba645de3d3b73232934787efd80eb
69d8c31e0e1ee468749068cc60e8de17e2696736de970f1b4deca8d632254830
GET /MailOnline/videojs-vast-vpaid/master/bin/videojs_5.vast.vpaid.min.js HTTP/1.1
Host: cdn.rawgit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: text/plain; charset=utf-8
content-length: 130
location: https://cdn.jsdelivr.net/gh/MailOnline/videojs-vast-vpaid@master/bin/videojs_5.vast.vpaid.min.js
server: BunnyCDN-NO-830
cdn-pullzone: 201235
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: *
age: 82695
alt-svc: h3=":443", h3-29=":443", h3-27=":443"
cache-control: public, max-age=2592000
cdn-cachedat: 10/04/2022 08:15:56
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-served-by: cache-fra19180-FRA, cache-chi-kigq8000152-CHI
x-cache: MISS, HIT
cdn-proxyver: 1.02
cdn-requestpullcode: 301
cdn-requestpullsuccess: True
cdn-edgestorageid: 830
cdn-status: 301
cdn-requestid: 17de944a422b5b3baf934ad473909e83
cdn-cache: EXPIRED
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae91da7f10e2e7731b76523a6aa972e0
e17a029c6d08127ff7d29db3b4933a7eaf705558
b884e2825245a1deb9d04afb0c5550893add4ceba5ea4760f4c4757b87db619c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B884E2825245A1DEB9D04AFB0C5550893ADD4CEBA5EA4760F4C4757B87DB619C"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18165
Expires: Tue, 04 Oct 2022 13:18:41 GMT
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: keep-alive
cdn.jsdelivr.net/gh/MailOnline/videojs-vast-vpaid@master/bin/videojs_5.vast.vpaid.min.js
151.101.85.229200 OK 28 kB URL HTTP/2 cdn.jsdelivr.net/gh/MailOnline/videojs-vast-vpaid@master/bin/videojs_5.vast.vpaid.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (32057)
Hash 42b4812a56cbc446841d235a356d7a25
0ba42c1e443a01475226f83e21153b55db5a3200
2822e06b052d68f240429c9b766f30507f1d8d5cfa0653278b7f8add174b59dd
GET /gh/MailOnline/videojs-vast-vpaid@master/bin/videojs_5.vast.vpaid.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://av28.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"19ebe-sGXZ+r4GyjSIzdYoxtoxnEndSng"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:15:56 GMT
age: 24256
x-served-by: cache-fra19164-FRA, cache-bma1654-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 28225
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136588.jpg
104.21.233.196200 OK 137 kB URL HTTP/2 www.javjap.com/thumbs/13/136588.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 800x450, components 3\012- data
Size 137 kB (136583 bytes)
Hash cd3a5e9d4ca20bf77c950da014b6313e
00e846c97c5e9f6f3465b7135f65a88411408883
9f5aed16088e166fbe9170f372ae07dec7dfd4d331d0e9d008b1133b295888cc
GET /thumbs/13/136588.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 136583
last-modified: Tue, 20 Sep 2022 10:00:17 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 5136
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjMsAfc8eawrmoTOnw89MxZV73M1M4l4obIL1unL%2FYHEtFFmDZy4ptRlJ%2F4dQs60jdNQMHFYNpZxkNak9OdaqwY5F8QXjByx2OUcW%2Bfl0xFLur2Cag79W314u%2B8yj08Tdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f738e871d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 968651ec1bd724fa257a3d0511abdbf5
4db5eb368663c92f2578f9af4b3046cd508cf81f
40c68556a7b80ee23928c731b882173668d474d00f01ae75debed27a3c1b0241
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "175C52EDC858ADE458D1438BC62851F03D381ECD"
Expires: Tue, 04 Oct 2022 19:00:00 GMT
Last-Modified: Tue, 04 Oct 2022 07:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1199
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754c78f90b56b4ed-OSL
www.javjap.com/thumbs/13/136578.jpg
104.21.233.196200 OK 185 kB URL HTTP/2 www.javjap.com/thumbs/13/136578.jpg
IP 104.21.233.196:0
Size 185 kB (184745 bytes)
Hash 891cca3065061cadc3542f84192abd0f
cf533d6a34a5294d6b997c534fb901bf16a0aaf9
ee7cac126d7767ce73c4eb4cfa10731bb674da52a324fbf07ad53bdbaa2b14d0
GET /thumbs/13/136578.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 180513
last-modified: Tue, 20 Sep 2022 09:59:49 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B44S%2BHGNaNOVAV0s6Caex%2FhVQGhwWSyu5h7F01NajxdSzgOMpqRuAtOC%2B7bDB8tK%2FmXg3ClhpIM87EBVf237H564TkrRClgWv067S4o2ENqsygPfi0oyic7qEFpeLGRtOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728d771d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136591.jpg
104.21.233.196200 OK 194 kB URL HTTP/2 www.javjap.com/thumbs/13/136591.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 194 kB (194522 bytes)
Hash a2a57d3180d2943f8572358197de3d67
eb8292a6f2713b4f7a2838dc480f34a2e91d010d
5d64510bbdcf1ed45fec746f43d6df001974dc658ba48324bdd621fbfdbb8e4f
GET /thumbs/13/136591.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 194522
last-modified: Tue, 20 Sep 2022 10:00:33 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3280
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OtazhVA82za9YbCxcOltMn%2BTUiF9nTDDrkOd4pD7Y9RJqZdo4utnQgFbp9O%2BfHQ1FFixeAqW7zwRzq%2BG65%2FbIYcZC7N6pY2f5wZypthaTrMD%2BgT0yWnb0AxrXcOE1%2FAtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728dc71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136592.jpg
104.21.233.196200 OK 176 kB URL HTTP/2 www.javjap.com/thumbs/13/136592.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 176 kB (175807 bytes)
Hash b97fca45c2a643bbb318489754e0859a
43c58709e5db99c952958ee1f64999473b7efe60
a69ab017269c429dd276a7114604d411b40193695b4b677a01b2ba91d13072cd
GET /thumbs/13/136592.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 175807
last-modified: Tue, 20 Sep 2022 10:00:38 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yUVFilwnmroeojgD1NEqHV7ly7LLLNjsnohGlHeRoIdzRVPo0aSMpqjuyYqDD0SUsgslnSGpdYKjxyh3XqLZ9pCIM1%2FIDw7bElre6AYms7Hw5TmRdTLkPbR1fha%2FyG%2BOfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728db71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136586.jpg
104.21.233.196200 OK 195 kB URL HTTP/2 www.javjap.com/thumbs/13/136586.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 800x538, components 3\012- data
Size 195 kB (195168 bytes)
Hash 915d956a3d5836376f40efbcb6dd6fad
e18a44276a98439fedb19d3279cbfa411e37e5a7
9780c8a4ee3f17fb6f60fd2aa029613939d19d23d400aa4572d2ebec2c9ffdf5
GET /thumbs/13/136586.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 195168
last-modified: Tue, 20 Sep 2022 10:00:09 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=onlEIxMNE7NV52msN57H004sN66l4kIb9r4AV2D5TbdHaPU%2BLNJs%2BgMKssvbsEf%2BP06ri78FmgKRwlu9JRWtuZujeoajGy1hcTcyVWAMqXuy0INphFXVeQEcgEy%2FW%2FiOqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7490671d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136585.jpg
104.21.233.196200 OK 169 kB URL HTTP/2 www.javjap.com/thumbs/13/136585.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 800x539, components 3\012- data
Size 169 kB (169151 bytes)
Hash 0fd9d0f85b5592441ed4ac30606b5e9d
ce938be8444a15944ef9fb17b3f30a7284653217
833e5d33f8c95f6f92bb7a3259c2eb3366a6de2444dee53b33e99d0673a4608f
GET /thumbs/13/136585.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 169151
last-modified: Tue, 20 Sep 2022 10:00:05 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkjoGyyox5UMt%2F%2BqmWQtVII1%2BQKdN%2BvMv%2BCbreDkPXCDogwXQeTpwn2Qpp0BRD70oJnO555oqwyb4VAc13tyxaogGPKb9CV8TYDJiHMnJnQso2qUfOfoZAaN0mO%2FEZWmCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7490971d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136590.jpg
104.21.233.196200 OK 204 kB URL HTTP/2 www.javjap.com/thumbs/13/136590.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 204 kB (203570 bytes)
Hash a1e903163bc9213a14f20f522d4deeea
9160c42d7b010aa6cfa8bfa699df72cec801d235
f857791a5377fd2ff09938b12fe9874fc78b44909a254b04f3158e23f4e92a6c
GET /thumbs/13/136590.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 203570
last-modified: Tue, 20 Sep 2022 10:00:25 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3280
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nONjPMsBWHiwhj%2Fck9ZYOuW%2FGWcPwztZvm0n%2FDQnyJBoI54hWfXys7qS4P4l222nRbVRo7MY4kw4WFFyDDfbYMV7jEDPLaZRem4q3mTTdK4XAuweFmhC22ZljB9WmCKlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728dd71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136589.jpg
104.21.233.196200 OK 203 kB URL HTTP/2 www.javjap.com/thumbs/13/136589.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 203 kB (202703 bytes)
Hash 0e53fe5dd4f48fd2b0cca66156683ef9
dbf58f8b4b3b52be44ec8cd155f13ca51167e0a8
9d383313141d4792de2bdac516d54787f6a9c2299744d4070b749bd29811f2e5
GET /thumbs/13/136589.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 202703
last-modified: Tue, 20 Sep 2022 10:00:21 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 5136
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EauW6P2EYZN6qCiJx6Bxhh0MF7%2FytLV%2FGBswm7TQ2pFGHEElGRZCFJwr21oQXMPSBPrlv6cXPNPSQyEKW6n%2Bt4ux2PyI4rjkOvG5XfO%2FWOHHwV9xtDLxQYw7tWmKGUaTdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728df71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136587.jpg
104.21.233.196200 OK 202 kB URL HTTP/2 www.javjap.com/thumbs/13/136587.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 800x539, components 3\012- data
Size 202 kB (202306 bytes)
Hash 4d7dfc0ba11146c7e5680d5db0f46b35
72c4ba61bcd5c2964d2dd9f4cb8adb78fbe8e3ff
5fd3be917f89a0698b24a508dd95802c66524ae19eaec845145d13f6d015857a
GET /thumbs/13/136587.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 202306
last-modified: Tue, 20 Sep 2022 10:00:14 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UReWuQH8APIdcL7sZTDjEez%2FliPXyPU76sHVbjHYVKjhey%2FrWGn%2BAjX5102vx1D8373bispSX80WI38rf%2FpSZs5WjiGpwg3aKApG1PmOh8kgSZ2mjIVUyqHsrA4Z1QcaeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f738f671d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136584.jpg
104.21.233.196200 OK 202 kB URL HTTP/2 www.javjap.com/thumbs/13/136584.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 202 kB (202174 bytes)
Hash 4e211234ac4b415bd2345f7079867f26
8a3a110f5ca90c05ddc3c612121b0bbe170cd0a4
0e444f5ace649724d0d7c4816a9ecfed0772bf29255d59b50e8f06b246d4df83
GET /thumbs/13/136584.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 202174
last-modified: Tue, 20 Sep 2022 10:00:02 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvAkQ5%2BTyRu9Iwi34NIzCZDtJ3Tt5dQ5KtgS3aNHFtsFZidGQ4%2FznrpyDPHqbHrqPhv81UMyxuZEzQnq70PpB%2BIxmQLyYOagdyHbyvjwYRhj4Mn4bdbiLP2KwgJXiP0Giw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7490a71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
charmshoist.com/34/61/3d/34613dea521250e599f737448156d052.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 charmshoist.com/34/61/3d/34613dea521250e599f737448156d052.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37116), with no line terminators
Hash 838970a29bc0a3574cf86ea5b0eb9bb7
3b74bbf2dff4cc1c37c43d8f05b1239245c714c0
15344f7cc78804b353b046c9bf557dccd60ac5c24cb1be2784c4bce024609e85
Analyzer Verdict Alert quad9 Sinkholed
GET /34/61/3d/34613dea521250e599f737448156d052.js HTTP/1.1
Host: charmshoist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 734a7d9807d6e7066829da7ce523114c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.javjap.com/thumbs/13/136581.jpg
104.21.233.196200 OK 328 kB URL HTTP/2 www.javjap.com/thumbs/13/136581.jpg
IP 104.21.233.196:0
Size 328 kB (327472 bytes)
Hash 63dc1a3549ac396890dcc4cc365d0dd4
d220186854a6d3a1ef18a2c2e45413964226bc0b
471fed059b46dc7c87c5fba669c19743201f4975004e94f2ed83fc926550a9ce
GET /thumbs/13/136581.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 326751
last-modified: Tue, 20 Sep 2022 09:59:55 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViraEOE04CVrV6TGLT%2B52r5zmOHNCybBYWQdDfac2kCh6%2FeToxxZI3fA6uDnJH2SKU%2BcYOTBaFcs8LCYs5kCt9xK0tG5K4X%2B2FffOXcfGVhABTCQN%2FxR%2BPdDW%2Bo%2BJ7kqgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728d271d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136583.jpg
104.21.233.196200 OK 373 kB URL HTTP/2 www.javjap.com/thumbs/13/136583.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 373 kB (372571 bytes)
Hash 6bd32c7d5abb6e22e86bf45d8f3b751a
b31aec314b4f94e497138556beefbba4cf6cec9b
0e86297f2dbde7c7bc1fb09c1292e24b7a9de5c8c7f5562a61c921712171c2eb
GET /thumbs/13/136583.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 372571
last-modified: Tue, 20 Sep 2022 10:00:00 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TT70yYA%2BFrf9PlKgWM5zVbHlXMN%2BgMy%2BCP%2FKL5SV%2FrolKt5zHVKa2ukHxMN2wG%2B1w7NYm4nrW7lXXmLpJhp3JREioPLDWryrz7icje5YYOitJP1Gk5t3tJPJGmYIqff3FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7491571d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136580.jpg
104.21.233.196200 OK 436 kB URL HTTP/2 www.javjap.com/thumbs/13/136580.jpg
IP 104.21.233.196:0
Size 436 kB (436123 bytes)
Hash 97e5cd74ad5f7405e50ac80b485d29c5
4bf9271cc8321086de6fd97c43fce416533b9221
69b5a76d8ebb48be2af2ddaeb1e76d235da0f50854b2134e4819be3cf6a87fa4
GET /thumbs/13/136580.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 431472
last-modified: Tue, 20 Sep 2022 09:59:53 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgNqFhuSH88w7sX6t%2BTagfRRWdnPhN%2FJgB%2BEWb1sCQrL6otTXVvORGG0X9SwuY%2FFcmt5y0Q4%2Fjzv4w4J%2FzpO98TJVbC4hCk1WP2c86r5VUbVAH6hom1GsSVkouWKT5P1uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728d571d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136582.jpg
104.21.233.196200 OK 316 kB URL HTTP/2 www.javjap.com/thumbs/13/136582.jpg
IP 104.21.233.196:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 840x472, components 3\012- data
Size 316 kB (316364 bytes)
Hash 38352418e2a039bb53d81cc7d010f4d2
3e709a41535bd5cddb60780de20a6f2335ed24b9
8f2633fe7584f4d46906054583d2a76ddf5638ed9b51e42992e4533c74332402
GET /thumbs/13/136582.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: image/jpeg
content-length: 316364
last-modified: Tue, 20 Sep 2022 09:59:58 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 3138
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OuoYUPmRfteCs9xqXzCeXljgyavzniOF475RSmCLeNUHemA%2FMuMEuOoe5pLfab7V%2BWlhsnT5PAk0NUJCblGo%2FZOsO%2BNgUWyTD%2BAdynFcaiYEDNXx6l%2BEppURVqbxa%2BgIXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f7491771d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
charmshoist.com/1e/3e/5c/1e3e5cbc6316425910e282303226c292.js
192.243.59.20200 OK 20 kB URL HTTP/1.1 charmshoist.com/1e/3e/5c/1e3e5cbc6316425910e282303226c292.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59406), with no line terminators
Hash 3152ff61078e35c9158c23a2d04ac5ea
da5e8262573c06c79b689e8c7f2764223c4fce4e
772b00072398d61d84ecc19255347e95191d8764c292da3f483e5ae9a0a0af50
Analyzer Verdict Alert quad9 Sinkholed
GET /1e/3e/5c/1e3e5cbc6316425910e282303226c292.js HTTP/1.1
Host: charmshoist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f9aa10752210ceedaad707e912f8aa78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
205.185.216.10200 OK 1.3 kB URL HTTP/1.1 ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
IP 205.185.216.10:0
File type HTML document, ASCII text
Hash 371af2bc89c21825bba238b107811553
f8c6878b1bf8cc4f2df07a109fd24e3bb2624ebc
2d8a3ddc4ce3b0eac0b4bece3e3d9feea506bab846984213ede34b025a80aece
GET /iframe.php?idzone=2854470&size=300x250 HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1346
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871356.dop207.sk1.t,1664871356.cds249.sk1.shn,1664871356.dop207.sk1.t,1664871356.cds223.sk1.c
Access-Control-Allow-Origin: *, *
ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
205.185.216.10200 OK 1.3 kB URL HTTP/1.1 ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
IP 205.185.216.10:0
File type HTML document, ASCII text
Hash 371af2bc89c21825bba238b107811553
f8c6878b1bf8cc4f2df07a109fd24e3bb2624ebc
2d8a3ddc4ce3b0eac0b4bece3e3d9feea506bab846984213ede34b025a80aece
GET /iframe.php?idzone=2854470&size=300x250 HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1346
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871356.dop207.sk1.t,1664871356.cds249.sk1.shn,1664871356.dop207.sk1.t,1664871356.cds223.sk1.c
Access-Control-Allow-Origin: *, *
ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
205.185.216.10200 OK 1.3 kB URL HTTP/1.1 ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
IP 205.185.216.10:0
File type HTML document, ASCII text
Hash 371af2bc89c21825bba238b107811553
f8c6878b1bf8cc4f2df07a109fd24e3bb2624ebc
2d8a3ddc4ce3b0eac0b4bece3e3d9feea506bab846984213ede34b025a80aece
GET /iframe.php?idzone=2854470&size=300x250 HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1346
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871356.dop218.sk1.t,1664871356.cds259.sk1.shn,1664871356.dop218.sk1.t,1664871356.cds223.sk1.c
Access-Control-Allow-Origin: *, *
ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
205.185.216.10200 OK 1.3 kB URL HTTP/1.1 ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
IP 205.185.216.10:0
File type HTML document, ASCII text
Hash 371af2bc89c21825bba238b107811553
f8c6878b1bf8cc4f2df07a109fd24e3bb2624ebc
2d8a3ddc4ce3b0eac0b4bece3e3d9feea506bab846984213ede34b025a80aece
GET /iframe.php?idzone=2854470&size=300x250 HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1346
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871356.dop221.sk1.t,1664871356.cds215.sk1.shn,1664871356.dop221.sk1.t,1664871356.cds223.sk1.c
Access-Control-Allow-Origin: *, *
ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
205.185.216.10200 OK 13 kB URL HTTP/1.1 ads.exosrv.com/iframe.php?idzone=2854470&size=300x250
IP 205.185.216.10:0
Hash d059064add1753d9c4c94e015fc7fde8
a90ac52495a6386d861b39edb7056ae168cf9e62
50eb81fdf2ce6500675723ef601a0ff2b84f1a3f6d2fc038f610d2e6c1cce485
GET /iframe.php?idzone=2854470&size=300x250 HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:56 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1346
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871356.dop223.sk1.t,1664871356.cds257.sk1.shn,1664871356.dop223.sk1.t,1664871356.cds223.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 17 kB IP 142.250.74.3:0
Hash c2977ee389af3ddd101bfaad9025e17a
aad6ac427a33e8bd58bcfc9d578223dcbe702003
4399fe0501f286079f7caf2cc5b6f720e561427fe50b55459e0f9ce3fa77426d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 715 B IP 142.250.74.3:0
Hash ee5a68c39112918d991111bd0aef29ed
2352fde435dbb3be7f1e841fedce5dc2c32d1848
b29b01934f63bf88ae5bee9102e2c50be7df379807ead7a403bf369db54e5e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://av28.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:55 GMT
expires: Sun, 01 Oct 2023 03:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 277621
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
av28.com/video/90452/test
172.67.166.129200 OK 346 B URL HTTP/2 av28.com/video/90452/test
IP 172.67.166.129:0
Hash ce3fb5d49960804116950311b4b8eb7d
ac27d1b4c62eb74fd793b31f9fa7f596d7340ff9
cd212b572ab47332db014243791147cf29ad81235a987bb40d528924230327e0
GET /video/90452/test HTTP/1.1
Host: av28.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:54 GMT
content-type: text/html
last-modified: Tue, 04 Oct 2022 08:15:52 GMT
set-cookie: AVS=rlql3ibo7q0n0i05laohp6nih5; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DWF6ZqkATH%2BRrghoVrgtxoaFxyP%2F7DcgHLyR04LPe2fkBjkRRUC1NrhqpmcpwytsKt2KY%2ByMXFOa0plIUV55TFo6TO5EiLqa15BJLhW1HfMhNQHIUZvTh4xag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754c78de2aa5b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Tue, 04 Oct 2022 08:15:57 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 5051734aa47e871f30936254a98cebee
38ecb55e50d18f22f54e1ebc0bf5d70f6912cc97
45727a8f22a365165d5bfd7b562ee3fe43cb02f918228bcd6441deb4a33bd421
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 08:15:56 GMT
Last-Modified: Tue, 04 Oct 2022 06:39:48 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9J5o7Ck6bjJNvZQy9BoHAOaKEY641-F-lWnNuMCs-SIHc7g_oUSLng==
Age: 5768
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 5051734aa47e871f30936254a98cebee
38ecb55e50d18f22f54e1ebc0bf5d70f6912cc97
45727a8f22a365165d5bfd7b562ee3fe43cb02f918228bcd6441deb4a33bd421
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 08:15:56 GMT
Last-Modified: Tue, 04 Oct 2022 07:07:33 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SjF-f-2dLbJQfyMw9z9TmJQFMbJGGte8DIw77K8iMMLecIXke-3CGA==
Age: 4103
a.exosrv.com/ad-provider.js
205.185.216.42200 OK 24 kB URL HTTP/1.1 a.exosrv.com/ad-provider.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b55852e326007370e012228786b6b4ef
3516bec087a6a82ff78f65150e99b422bb045921
6d6118076143bd2bb5f5b6788030cf8f012f71131d80e0f4beb8e47ebbf02394
GET /ad-provider.js HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23723
Content-Type: application/javascript
Accept-Ranges: bytes
Server: nginx
etag: W/"dcaa2303e7bb0e0edcfd056a9ad"
Cache-Control: max-age=10800
X-HW: 1664871356.dop222.sk1.t,1664871357.cds208.sk1.shn,1664871357.dop222.sk1.t,1664871357.cds207.sk1.c
Access-Control-Allow-Origin: *, *
simplewebanalysis.com/stats
52.29.95.124200 OK 375 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
Hash 77fe5d2dbc5b8e4cc27c89294fa9009c
f79214eadb103671610d2ade0be0e652cde1e3dd
dd629e62eeff726c2e62a083b219945409ca7901594b7385b40f562b27325cbb
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:57 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
set-cookie: uid_id2=66792d05-7001-4ffc-9506-adc74facbdc5:1:1; expires=Fri, 01 Oct 2032 08:15:57 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 44c688e135bb8379cb2ec4cd2040ced7
4dd7184c873164b609586b6e66f4c9d8f487ebbd
11d998b003879bc9e3356cb24465b8e7c018307a8c30452f1a1a3f7dc92b7517
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:57 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
set-cookie: uid_id2=bf148387-00b5-4c64-bb0a-cec2ef002f1b:2:1; expires=Fri, 01 Oct 2032 08:15:57 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5219cf809ecf573bc908bcd5ea36f708
f3caef0b896d3e9e9c497de42225135e553299c9
667db7a88235080c333a2f0f17da4afb102912b9518718c19ce6f9e904326f4c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 14:19:23 GMT
Expires: Sat, 08 Oct 2022 14:19:22 GMT
Etag: "f3caef0b896d3e9e9c497de42225135e553299c9"
Cache-Control: max-age=366804,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754c78fd6fddb51e-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
142.250.74.34200 OK 13 kB URL HTTP/2 pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (1977)
Hash 64bb7f59803ae6130d8f160e9b5caea8
e9f34d7bf416e6719b9a6da7e6d72804afdeecfd
dd71fb7acce37bb1b1c4a943d3e226ada9df7ab2b7ed93b9d0ed33c8d98c4f8d
GET /omsdk/releases/live/omweb-v1.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-length: 12926
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 07:54:42 GMT
expires: Tue, 04 Oct 2022 08:54:42 GMT
cache-control: public, max-age=3600
age: 1275
last-modified: Tue, 19 Jul 2022 21:40:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=av28.com
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=av28.com
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=av28.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 04 Oct 2022 08:15:57 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
video.ktkjmp.com/adsbygoogle.js
104.18.42.40200 OK 1.7 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.42.40:0
Hash 90836693d2f53ca1c982141e0ad8b5e3
80b9b157cb92c4ec3e5f9c42651b2417b5dce219
da22d23fcf594dc3e682a2d869c46530a9592cc794b4a98647c1d977e5a29bd4
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://av28.com/
Origin: https://av28.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:57 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: jMnUr0DnexKiCIUVYfGtAFFJZKWG8DTfishCAmaoZ8lwH4UwiBa/B68UKSLHmXElSc6ah5zVfvU=
x-amz-request-id: 1JFEDXAKJ5TC1PEB
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 6
expires: Tue, 04 Oct 2022 12:15:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78febb290b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 397ce2b77b5cc535ffc824cb6b1d507a
6e3e939afaeb66f21104e3df1e74eacf9b7d6e61
913fcd956ea43228a54dc461a5f0a6a142e6f37cf9c71fa787966cd3f0c8c9c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "913FCD956EA43228A54DC461A5F0A6A142E6F37CF9C71FA787966CD3F0C8C9C3"
Last-Modified: Sun, 02 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Tue, 04 Oct 2022 08:54:57 GMT
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: keep-alive
creepingbrings.com/sfp.js
172.64.198.30200 OK 28 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.198.30:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash d45b6a48b296659dbe9ba2af5a7748a8
4954ee7687f9603d4a8d19b1ee30438ee0c8bef7
0bd051193fc2a7a1c0f87479429cd68aa6a106ea1952f2564be8ec0f0ffc5eb2
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:57 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7e227934ea85d1a155fdb09c47b51086
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 04 Oct 2022 08:15:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKh3ff5bwFUM0qHvOHjKtnyPTRzRznlYkMym1cPPkGpORxt13v4cVWCF2Nrn%2BhG5j5ww5SRu7kzQXCNVY09SwOHS4RRC2Zx8d%2FGwB07pPv9EvppetCn60ASXsWxZxpcV%2FVnh4go%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78fc9f8576bf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.exosrv.com/v1/api.php
95.211.229.247200 OK 818 B URL HTTP/1.1 syndication.exosrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1067), with no line terminators
Hash 0596e59fa22555d3e5e92f42d5a739c7
b6f8eb643a584d3d81a64075109b79d9c30ff791
b57b628d68091a93c3230c5faba398e0f2a43c81d730e1f0440f09918de94782
POST /v1/api.php HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 279
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbd3ceae5.136413181337468527%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=exosrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/v1/api.php
95.211.229.247200 OK 818 B URL HTTP/1.1 syndication.exosrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1067), with no line terminators
Hash 635abe052fdbda208234f1d316087336
7b71a8f54bfa83d6c58b8b16e4603f2be3d05f5d
04f391393f9ef7c123c3e0fbd7c4062171a973ef664f5ee1de8c89c44e2438b2
POST /v1/api.php HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 279
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbd433f37.601622812507813825%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=exosrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/v1/api.php
95.211.229.247200 OK 816 B URL HTTP/1.1 syndication.exosrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1066), with no line terminators
Hash 398c74a41a5969e01fce26774c91a87d
8a71878b31e4f90f75d24a51008e10e02258b0ac
4c8655fbb1b054d7c3702a56d77807e2c7761fabd5b1edaf5437d2b589916184
POST /v1/api.php HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 279
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbd433c80.289690563598780650%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=exosrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/v1/api.php
95.211.229.247200 OK 822 B URL HTTP/1.1 syndication.exosrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1068), with no line terminators
Hash 9d94653d460229b932c4be85e0368638
8d8e2a21b3640670465137768b9699c303daf090
a3e201c06e311ad0efe65a9685a65dff4dc5177679d0750ff950b97a832744b7
POST /v1/api.php HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 279
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22633bebbd426c94.08063751503372857%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=exosrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/v1/api.php
95.211.229.247200 OK 815 B URL HTTP/1.1 syndication.exosrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1064), with no line terminators
Hash ce2435bcd60130f9abd0d27913c7f1a3
80e354f123f719879e35404a4c9d64639ed653cc
0221026b433985771547e5a656bf3bbe065bb00298859ff5231e104b42152461
POST /v1/api.php HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 279
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbd444b21.983595831074528949%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=exosrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
pursuitnauseousinvalid.com/pixel/purst?dl=0&th=0&sc=0&rs=2315&rd=2315&fd=669&bv=22.8.v.1&tmpl=70
192.243.59.20200 OK 0 B URL HTTP/1.1 pursuitnauseousinvalid.com/pixel/purst?dl=0&th=0&sc=0&rs=2315&rd=2315&fd=669&bv=22.8.v.1&tmpl=70
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2315&rd=2315&fd=669&bv=22.8.v.1&tmpl=70 HTTP/1.1
Host: pursuitnauseousinvalid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c1dc1c291f5b6c021d34553fbbf03587
1b6ec2f3a869105f95b264baac28c5b64bd5d6f1
0a3e7473a6467ca59e3aadb9d1ac2bec7c88740f45e8c8cbfaf856e55f62c50a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A3E7473A6467CA59E3AADB9D1AC2BEC7C88740F45E8C8CBFAF856E55F62C50A"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1946
Expires: Tue, 04 Oct 2022 08:48:23 GMT
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: keep-alive
a.realsrv.com/iframe.php?idzone=2837044&size=300x250
205.185.216.10200 OK 1.5 kB URL HTTP/1.1 a.realsrv.com/iframe.php?idzone=2837044&size=300x250
IP 205.185.216.10:0
Hash 9c0539f249a3f55549ea2ef7b277a3e9
fc0a960c0df3cede7b80eb872b40b8cd72d57cfd
fb585ed3db98eee9d865517b268f4dad3f1991fb4a4375d12fd2163b2d416fcc
GET /iframe.php?idzone=2837044&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1347
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1664871357.dop220.sk1.t,1664871357.cds260.sk1.shn,1664871357.dop220.sk1.t,1664871357.cds215.sk1.c
Access-Control-Allow-Origin: *, *
a.realsrv.com/ad-provider.js
205.185.216.10200 OK 24 kB URL HTTP/1.1 a.realsrv.com/ad-provider.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 46504668ecf4671f582f5ba93a2f3c6b
8b165c478da3dd4fd4df3b40745733049b5acb0c
5230c0e2745fedbf038f97e374a5b6ea033434301aa86ec545eae37b29350799
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=2837044&size=300x250
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23726
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"2bf044048f482551901a41a7444"
X-HW: 1664871357.dop220.sk1.t,1664871357.cds260.sk1.shn,1664871357.dop220.sk1.t,1664871357.cds215.sk1.c
Access-Control-Allow-Origin: *, *
banquetunarmedgrater.com/advertisers.js
173.233.137.44200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 505736b49fd15b48f7b5ccd430d6fa33
Strict-Transport-Security: max-age=0; includeSubdomains
syndication.exosrv.com/splash.php?idzone=3348126
95.211.229.247200 OK 2.7 kB URL HTTP/1.1 syndication.exosrv.com/splash.php?idzone=3348126
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1561)
Hash f38e9b8967a281f61d6c3c4ee2d6fc28
d12a48bae875fa22fa0c1d42b93f0d17c91d21e7
33e039ee722555396fa050d69ec372165b62fc1793dea0908ca5a26a4713233d
GET /splash.php?idzone=3348126 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://imasdk.googleapis.com
Connection: keep-alive
Referer: https://imasdk.googleapis.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbdc99446.155725332213035471%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:57 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3348126%7C73446982%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cimasdk.googleapis.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 05 Oct 2022 08:15:57 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
zone-cap-3348126=1; expires=Tue, 04 Oct 2022 08:16:57 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d91d0f0e382af1264b5dea592c5776da
ab3a77c4aff5fcfd898cd2da983296c067689958
04ec0bde837b3e4a25096a580788ec3597096c6a6fa20fef11f2d4d8a42f373a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04EC0BDE837B3E4A25096A580788EC3597096C6A6FA20FEF11F2D4D8A42F373A"
Last-Modified: Mon, 03 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2149
Expires: Tue, 04 Oct 2022 08:51:46 GMT
Date: Tue, 04 Oct 2022 08:15:57 GMT
Connection: keep-alive
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 820 B URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1069), with no line terminators
Hash 91d0ad4f7468a814e6fbf2f3e02a0ac7
a1adaf6da23e673244ed0b2ff6b5911d3eef73be
be6df5b4881ebccd6bd24ad2dae5250b43cab3550090097874b3aca5af6cf62a
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 278
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbdc360d0.522302062998579305%22%3B%7D; expires=Thu, 03-Oct-2024 08:15:57 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
v1.addthisedge.com/live/boost/avsbookmark/_ate.track.config_resp
23.38.200.123200 OK 3.2 kB URL HTTP/2 v1.addthisedge.com/live/boost/avsbookmark/_ate.track.config_resp
IP 23.38.200.123:0
Hash da49666985bac5c08a1dd5957a2b89c7
06a0b86dde451ddc3fefc63975d4186a241932d1
4a9c74a6d61de1ff9611c697da067f254b81d85709f9ee9225b6ef8781015876
GET /live/boost/avsbookmark/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 621
etag: 591922160--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=11, s-maxage=86400
date: Tue, 04 Oct 2022 08:15:58 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 1.3 kB URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
Hash 4f4400cfef1b3dfb6efa0d6d733e25d7
9bc96abb16b8643bea782dfb3390a23281874eb7
b5dca6c348b1faa211615ae977e7f5ee81a6dd7844509b48dc9186fe8385c7bd
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=43022
date: Tue, 04 Oct 2022 08:15:58 GMT
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 21 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
Hash 73593bdc04ddaa980bbd3c25cccd383c
26053783887a4b6259afc719676a51e801b1cd57
d9235d40c48058c03dc3290d51d2b9d99e4f684703596706434b0f02f1c5e84a
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 04 Oct 2022 06:41:09 GMT
expires: Tue, 04 Oct 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 5689
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7fcf68ce4ab8a8c46d949f42f2961759
83dcd143e8516eabdd91670eeb6c2a824d1fcf18
ee14566fcde4411a8290f07bc61c28b02e953fc766c8b450f2419479f49b47f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/instream/video/client.js
142.250.74.70200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Tue, 04 Oct 2022 08:15:58 GMT
expires: Tue, 04 Oct 2022 08:15:58 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7fcf68ce4ab8a8c46d949f42f2961759
83dcd143e8516eabdd91670eeb6c2a824d1fcf18
ee14566fcde4411a8290f07bc61c28b02e953fc766c8b450f2419479f49b47f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pursuitnauseousinvalid.com/pixel/pure
192.243.59.20204 No Content 0 B URL HTTP/1.1 pursuitnauseousinvalid.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: pursuitnauseousinvalid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://av28.com/
Origin: https://av28.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:58 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
m.addthis.com/live/red_lojson/300lo.json?si=633bebbca0efbe2a&bkl=0&bl=1&pdt=1638&sid=633bebbca0efbe2a&pub=avsbookmark&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=av28.com&fp=video%2F90452%2Ftest&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=%E7%9B%97%E6%92%AE%E3%80%80%E7%9D%80%E6%9B%BF%E3%81%88&colc=1664871356582&jsl=1&uvs=633bebbcad84d874000&skipb=1&callback=addthis.cbs.jsonp__82342553332042130
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=633bebbca0efbe2a&bkl=0&bl=1&pdt=1638&sid=633bebbca0efbe2a&pub=avsbookmark&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=av28.com&fp=video%2F90452%2Ftest&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=%E7%9B%97%E6%92%AE%E3%80%80%E7%9D%80%E6%9B%BF%E3%81%88&colc=1664871356582&jsl=1&uvs=633bebbcad84d874000&skipb=1&callback=addthis.cbs.jsonp__82342553332042130
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 7408744c3db00a77f99c77ee17a199c6
8c8f4c7b991f9145bd9dfe8fdc5ae07f5105337e
8fc0c7f2d40c1dff6c9649673e521d65b3193e367c8b7d06ac345aface64b5cd
GET /live/red_lojson/300lo.json?si=633bebbca0efbe2a&bkl=0&bl=1&pdt=1638&sid=633bebbca0efbe2a&pub=avsbookmark&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=av28.com&fp=video%2F90452%2Ftest&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=%E7%9B%97%E6%92%AE%E3%80%80%E7%9D%80%E6%9B%BF%E3%81%88&colc=1664871356582&jsl=1&uvs=633bebbcad84d874000&skipb=1&callback=addthis.cbs.jsonp__82342553332042130 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Tue, 04 Oct 2022 08:15:58 GMT
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Tue, 04 Oct 2022 08:15:58 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
woodbeesdainty.com/sbar.json?key=34613dea521250e599f737448156d052
192.243.59.12200 OK 3.9 kB URL HTTP/1.1 woodbeesdainty.com/sbar.json?key=34613dea521250e599f737448156d052
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5613), with no line terminators
Hash a119fa68fcd3b6e0c9454b9dd655fe25
43e20930874e568d3e846765c4658e14f1aa369b
3b55380a6c05b2ea8ff5914442ec31f74ec1d69af5497d05ec9c1e2f76447c33
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=34613dea521250e599f737448156d052 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://av28.com
Access-Control-Allow-Origin: https://av28.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17547140; expires=Wed, 05 Oct 2022 08:15:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 05 Oct 2022 08:15:58 GMT; secure; SameSite=None
uncs=1; expires=Wed, 05 Oct 2022 08:15:58 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 05 Oct 2022 08:15:58 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 05 Oct 2022 08:15:58 GMT; secure; SameSite=None
slec34613dea521250e599f737448156d052=[3697448]; expires=Tue, 04 Oct 2022 08:16:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d10f10d3afb87e8a2fa9fb4016afeb1b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pursuitnauseousinvalid.com/pixel/pure
192.243.59.20200 OK 0 B URL HTTP/1.1 pursuitnauseousinvalid.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: pursuitnauseousinvalid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 91ac8a948f178d1fa48f062c888ef03c
85d1f5cc7a37c2d4ac29f92949019e891ef674a6
14161e25fef7607f0120ab3815f547d8c834ad44a4082490f652e56b25ee9d30
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Cookie: uid_id2=66792d05-7001-4ffc-9506-adc74facbdc5:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash 91ac8a948f178d1fa48f062c888ef03c
85d1f5cc7a37c2d4ac29f92949019e891ef674a6
14161e25fef7607f0120ab3815f547d8c834ad44a4082490f652e56b25ee9d30
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Cookie: uid_id2=66792d05-7001-4ffc-9506-adc74facbdc5:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEMBBEr5ILWPRXn1lnnUBCDiDLMmQxDMzA4EUdPrIdRg9BtVTd1UIiE9NE9kZ2Yb94QuFQKJgEdsPH5xeMUZ+SQ7td4cyeDZJT8YhEmjWPys0SwSnDlYxZkNyiDMAOBQ3E1WxXgZgzCuHn+/24PBAo0SZOQ++h4Agbmra918bQol5cKPdGwmVe2LgXVl7nOe1G1OUR+nZ73J/HqnQSyN2OgP8HKJuKCSZ+FYZxCMf373qv1w68/CdnhoPN9h27qjYurUbvOlsrsa/rSjNpbTnW5Q98hzq1WgEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEMBBEr5ILWPRXn1lnnUBCDiDLMmQxDMzA4EUdPrIdRg9BtVTd1UIiE9NE9kZ2Yb94QuFQKJgEdsPH5xeMUZ+SQ7td4cyeDZJT8YhEmjWPys0SwSnDlYxZkNyiDMAOBQ3E1WxXgZgzCuHn+/24PBAo0SZOQ++h4Agbmra918bQol5cKPdGwmVe2LgXVl7nOe1G1OUR+nZ73J/HqnQSyN2OgP8HKJuKCSZ+FYZxCMf373qv1w68/CdnhoPN9h27qjYurUbvOlsrsa/rSjNpbTnW5Q98hzq1WgEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEMBBEr5ILWPRXn1lnnUBCDiDLMmQxDMzA4EUdPrIdRg9BtVTd1UIiE9NE9kZ2Yb94QuFQKJgEdsPH5xeMUZ+SQ7td4cyeDZJT8YhEmjWPys0SwSnDlYxZkNyiDMAOBQ3E1WxXgZgzCuHn+/24PBAo0SZOQ++h4Agbmra918bQol5cKPdGwmVe2LgXVl7nOe1G1OUR+nZ73J/HqnQSyN2OgP8HKJuKCSZ+FYZxCMf373qv1w68/CdnhoPN9h27qjYurUbvOlsrsa/rSjNpbTnW5Q98hzq1WgEAAA== HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbe5eaa73.053433153095756187%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbe5eaa73.053433153095756187%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OTWrDMBCFr9ILWMyvJWXddQstPYBky9BFCCQQvHiHr2SX6EPwRnozb4REJqaJ7I3swn7xiMwhUzAJ7IaPzy8YozwlheV2hTN7MkiK2WdE0qSpV24WCU4JrmTMgug2SwfsUFBHXM2GCsTCyISf7/fjckegRLs4dT1CwTOsa9pHr/WhWT27UGoLCee6snHLrLzVGocRZX2Ett8e9+exKp0E8jQfAf8PUDYVE0z8Kgz9EI7v3+1erg14+U/ODAebjR1j3TZqKkIaU1lLdpW26KK5liqp/QG6MxfEWgEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OTWrDMBCFr9ILWMyvJWXddQstPYBky9BFCCQQvHiHr2SX6EPwRnozb4REJqaJ7I3swn7xiMwhUzAJ7IaPzy8YozwlheV2hTN7MkiK2WdE0qSpV24WCU4JrmTMgug2SwfsUFBHXM2GCsTCyISf7/fjckegRLs4dT1CwTOsa9pHr/WhWT27UGoLCee6snHLrLzVGocRZX2Ett8e9+exKp0E8jQfAf8PUDYVE0z8Kgz9EI7v3+1erg14+U/ODAebjR1j3TZqKkIaU1lLdpW26KK5liqp/QG6MxfEWgEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2OTWrDMBCFr9ILWMyvJWXddQstPYBky9BFCCQQvHiHr2SX6EPwRnozb4REJqaJ7I3swn7xiMwhUzAJ7IaPzy8YozwlheV2hTN7MkiK2WdE0qSpV24WCU4JrmTMgug2SwfsUFBHXM2GCsTCyISf7/fjckegRLs4dT1CwTOsa9pHr/WhWT27UGoLCee6snHLrLzVGocRZX2Ett8e9+exKp0E8jQfAf8PUDYVE0z8Kgz9EI7v3+1erg14+U/ODAebjR1j3TZqKkIaU1lLdpW26KK5liqp/QG6MxfEWgEAAA== HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbe65bc99.550559202480772931%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbe65bc99.550559202480772931%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2QS2rDMBiEr9ILWPxPS8q66xZaegDJtqCLEEggeDGHr2SX6EMwg/7HICGRiWkieyO7sF88InPIFEwCu+Hj8wvGKE9JYbld4cyeDJJi9hmRNGnqzs0iwSnBlYxZEN1m6YAdCuqIq9lQgVgYmfDz/X5c7giUaBenrsdS8AzrmvbRa31oVs8ulLaFhHNd2XjLrNxqjaMQZX2Ebb897s8jKp0E6kHH/H8PZVMxwcQvY+iHcDz/tnu5bsCr/uRc4WCzETFyqpZ6AF/JtM1NtCytWS0rlf5Hf47/PfRZAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2QS2rDMBiEr9ILWPxPS8q66xZaegDJtqCLEEggeDGHr2SX6EMwg/7HICGRiWkieyO7sF88InPIFEwCu+Hj8wvGKE9JYbld4cyeDJJi9hmRNGnqzs0iwSnBlYxZEN1m6YAdCuqIq9lQgVgYmfDz/X5c7giUaBenrsdS8AzrmvbRa31oVs8ulLaFhHNd2XjLrNxqjaMQZX2Ebb897s8jKp0E6kHH/H8PZVMxwcQvY+iHcDz/tnu5bsCr/uRc4WCzETFyqpZ6AF/JtM1NtCytWS0rlf5Hf47/PfRZAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2QS2rDMBiEr9ILWPxPS8q66xZaegDJtqCLEEggeDGHr2SX6EMwg/7HICGRiWkieyO7sF88InPIFEwCu+Hj8wvGKE9JYbld4cyeDJJi9hmRNGnqzs0iwSnBlYxZEN1m6YAdCuqIq9lQgVgYmfDz/X5c7giUaBenrsdS8AzrmvbRa31oVs8ulLaFhHNd2XjLrNxqjaMQZX2Ebb897s8jKp0E6kHH/H8PZVMxwcQvY+iHcDz/tnu5bsCr/uRc4WCzETFyqpZ6AF/JtM1NtCytWS0rlf5Hf47/PfRZAQAA HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbe65d4f4.449310092572901343%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbe65d4f4.449310092572901343%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
172.64.145.216302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
IP 172.64.145.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.exosrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 04 Oct 2022 08:15:58 GMT
content-length: 0
location: https://creative.xlivrdr.com/LPOmega?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249717&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&ruleId=17&smartpopId=432&sourceId=5304112&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29441
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29441; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7n9binEzz59jw2; SameSite=None; Secure; path=/; expires=Wed, 05-Oct-22 07:15:58 GMT; HttpOnly
server: cloudflare
cf-ray: 754c79060ccab518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEQAxEr5ILuFHp4+6eddYJJOQA/kIWw8AMDF7U4dO2w/RDUFJLKqmodpBO/E38grhEZkWqklwTwvnx+UUHh6eWNN2uDCCKU0uu0TOLFSstC/csDCkMEweUObzXBhE0SkPD3HeVBGg2wp/v9yPQUJrIpiFN76ZET29atn3W29JqUUOlLJMo6jjDsVQY1nHMeyOH+ZGW7fa4P49T5SRJFDsM/gs0uKkrO7wSZ3vC4/t3vQ/XhXz1n5weQbjvN47jPA/ei+niua4yDHUeJyzRwpDXP/40s3JaAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEQAxEr5ILuFHp4+6eddYJJOQA/kIWw8AMDF7U4dO2w/RDUFJLKqmodpBO/E38grhEZkWqklwTwvnx+UUHh6eWNN2uDCCKU0uu0TOLFSstC/csDCkMEweUObzXBhE0SkPD3HeVBGg2wp/v9yPQUJrIpiFN76ZET29atn3W29JqUUOlLJMo6jjDsVQY1nHMeyOH+ZGW7fa4P49T5SRJFDsM/gs0uKkrO7wSZ3vC4/t3vQ/XhXz1n5weQbjvN47jPA/ei+niua4yDHUeJyzRwpDXP/40s3JaAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2OS2rEQAxEr5ILuFHp4+6eddYJJOQA/kIWw8AMDF7U4dO2w/RDUFJLKqmodpBO/E38grhEZkWqklwTwvnx+UUHh6eWNN2uDCCKU0uu0TOLFSstC/csDCkMEweUObzXBhE0SkPD3HeVBGg2wp/v9yPQUJrIpiFN76ZET29atn3W29JqUUOlLJMo6jjDsVQY1nHMeyOH+ZGW7fa4P49T5SRJFDsM/gs0uKkrO7wSZ3vC4/t3vQ/XhXz1n5weQbjvN47jPA/ei+niua4yDHUeJyzRwpDXP/40s3JaAQAA HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbe6ace38.326360921143001927%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbe6ace38.326360921143001927%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OSWrDQBREr5ILqPn1hx68zjqBhBxAkmXIwhhsMFrU4dOSgvvRUH/orlJRHSCD+Jv4CXGKwobUJLkmhPPj84sOjk+tab5dGUBUp9bSIrOIVau9CvciDKkMEweUJTxrhwgapaNh7ptKAnQb4c/3+37RUZrIqiFdb6ZEpnct6/bW+6fNooVKXWZRtOkMx9JguExT2RY5nh9pWW+P+3OPKgdJsh4G/w0a3NSVA16Fsx/hPv693MfrQr72Dw6PINy3jHmUFqJlcrdyxoS55rnaOPdoo5n8Adf7NIVaAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.exosrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OSWrDQBREr5ILqPn1hx68zjqBhBxAkmXIwhhsMFrU4dOSgvvRUH/orlJRHSCD+Jv4CXGKwobUJLkmhPPj84sOjk+tab5dGUBUp9bSIrOIVau9CvciDKkMEweUJTxrhwgapaNh7ptKAnQb4c/3+37RUZrIqiFdb6ZEpnct6/bW+6fNooVKXWZRtOkMx9JguExT2RY5nh9pWW+P+3OPKgdJsh4G/w0a3NSVA16Fsx/hPv693MfrQr72Dw6PINy3jHmUFqJlcrdyxoS55rnaOPdoo5n8Adf7NIVaAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2OSWrDQBREr5ILqPn1hx68zjqBhBxAkmXIwhhsMFrU4dOSgvvRUH/orlJRHSCD+Jv4CXGKwobUJLkmhPPj84sOjk+tab5dGUBUp9bSIrOIVau9CvciDKkMEweUJTxrhwgapaNh7ptKAnQb4c/3+37RUZrIqiFdb6ZEpnct6/bW+6fNooVKXWZRtOkMx9JguExT2RY5nh9pWW+P+3OPKgdJsh4G/w0a3NSVA16Fsx/hPv693MfrQr72Dw6PINy3jHmUFqJlcrdyxoS55rnaOPdoo5n8Adf7NIVaAQAA HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads.exosrv.com
Connection: keep-alive
Referer: https://ads.exosrv.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://ads.exosrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22633bebbe6f7ff1.12147864305309016%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbe6f7ff1.12147864305309016%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
172.64.145.216302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
IP 172.64.145.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.exosrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 08:15:58 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249717&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&ruleId=17&smartpopId=432&sourceId=5304112&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29440
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29440; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8QNQopd3bP2Gk; SameSite=None; Secure; path=/; expires=Wed, 05-Oct-22 07:15:58 GMT; HttpOnly
server: cloudflare
cf-ray: 754c79064cfeb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
172.64.145.216302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
IP 172.64.145.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.exosrv.com/
Cookie: __cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7n9binEzz59jw2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 08:15:58 GMT
content-length: 0
location: https://creative.xlivrdr.com/LPOmega?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=193e01b6441b8809a16431953d3bb8a77d1bf56f2035eab90cc033ab48b5e3fa&iterationId=249717&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&ruleId=17&smartpopId=432&sourceId=5304112&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29441
set-cookie: _var=732574.29441; Path=/; HttpOnly; SameSite=Strict
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754c79064d05b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
172.64.145.216302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1
IP 172.64.145.216:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304112&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.exosrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Tue, 04 Oct 2022 08:15:58 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=519fe30cdea876d1b02b3e92894492ca6c8136dabaff4c3273c5dd7492202a01&campaignType=smartpop&creativeId=72d4f9afc2f0f1b08aa025ab05e9b36e3df0ba66c7200f29e663fb52e95b1e9d&iterationId=249717&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOntqppsldZVTXPXPW6V1Esqp6pXVS2upmdQ6ap0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc6mWma6iq6qeW3fWWea7Taambe6aibjTSx0rs9ix7qCUiI9Q_uc6V0rpXSuldK6V0rpXB9g&p1=5304112&ruleId=17&smartpopId=432&sourceId=5304112&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29440
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=732574.29440; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1u9iAwwBfboBLDkw2X1rw81oKA; SameSite=None; Secure; path=/; expires=Wed, 05-Oct-22 07:15:58 GMT; HttpOnly
server: cloudflare
cf-ray: 754c79064cfdb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pursuitnauseousinvalid.com/pixel/pure
192.243.59.20200 OK 0 B URL HTTP/1.1 pursuitnauseousinvalid.com/pixel/pure
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: pursuitnauseousinvalid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OQWoDMQxFr9ILjJFkyZaz7rqFlh7A49hQaChMIGTxD1/PpEQPwZf0bUlIZGFaSF9IT2wnyygcCgWVwKZ4e/+AMupNPLTfC4zZXCGeiyVkih59VjGTKkqBRVJmQTZNMgEbImgiFqdlqkDMjkL4+nw9kieCSHQXo6n3neAEnZru+1vz1shyKtzO6yjcPVJdRajq6C59N6KGrdef63Y7DqUHgRLp8f9/A5E1igoWfhaKGYRj/D22eunA0/8gHysMrLqf6GPkNffSSM9uKzmn3qOPlPsoTfMf1Db7wlgBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2OQWoDMQxFr9ILjJFkyZaz7rqFlh7A49hQaChMIGTxD1/PpEQPwZf0bUlIZGFaSF9IT2wnyygcCgWVwKZ4e/+AMupNPLTfC4zZXCGeiyVkih59VjGTKkqBRVJmQTZNMgEbImgiFqdlqkDMjkL4+nw9kieCSHQXo6n3neAEnZru+1vz1shyKtzO6yjcPVJdRajq6C59N6KGrdef63Y7DqUHgRLp8f9/A5E1igoWfhaKGYRj/D22eunA0/8gHysMrLqf6GPkNffSSM9uKzmn3qOPlPsoTfMf1Db7wlgBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz2OQWoDMQxFr9ILjJFkyZaz7rqFlh7A49hQaChMIGTxD1/PpEQPwZf0bUlIZGFaSF9IT2wnyygcCgWVwKZ4e/+AMupNPLTfC4zZXCGeiyVkih59VjGTKkqBRVJmQTZNMgEbImgiFqdlqkDMjkL4+nw9kieCSHQXo6n3neAEnZru+1vz1shyKtzO6yjcPVJdRajq6C59N6KGrdef63Y7DqUHgRLp8f9/A5E1igoWfhaKGYRj/D22eunA0/8gHysMrLqf6GPkNffSSM9uKzmn3qOPlPsoTfMf1Db7wlgBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbdc360d0.522302062998579305%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633bebbdc360d0.522302062998579305%22%3B%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633bebbdc360d0.522302062998579305%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%2299.0199%22%7D; expires=Thu, 03 Oct 2024 08:15:58 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4d83583e4f1b740f60dcd039fd3f2c64
363eb7b990bc90dd0b010d2c669eb0b90c973468
0ab3415b85ab26ed41fdc54b3b8a73cc0dc3b542ff393b7b02d581575403097c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AB3415B85AB26ED41FDC54B3B8A73CC0DC3B542FF393B7B02D581575403097C"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2900
Expires: Tue, 04 Oct 2022 09:04:18 GMT
Date: Tue, 04 Oct 2022 08:15:58 GMT
Connection: keep-alive
woodbeesdainty.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2wbRRTGZ9tcoAcK9MKhyMeCkLO7ttc2PUSEkCoiNKUFwQ3N7oydwbM7q5mdXScSUkQR6tE9c2DzOWkErfgjcSUguxISkZDinnIgt544cKjUM7JrEXjS6r2d7430%2B96bL3ftKXFh6cnKe2pbSEkXG1W3cuVjz7taWReJ7Vf6reCToH61ovM320HVfa1yjUc9tei7nut6rldZFZp3VH9xKkKkD9pete1W637Va9TR1%2F%2F%2FN9aBoQ5YfkpegmCThYfOJYhohCT%2BYYWbXqbSN96JraSZ0sjZwYdJL1FFgvis7GgHneRg3g1ljlcPoZL9GS5U%2Fm9jKCbE%2Be0QYXIwh0SY7804QwmeIGQXUOQjcDmCoCNE6jYEOyZAxHB9A0l877rSBd16ptKpOiELT59AFBOy8OclJPF3y1L0K7eUtJlQiUG%2FU0L0RxDdEVI7RrZ9DqIYI8o%2Bh2B%2FkMWn60jivQ0jFQQrZ96FGEF0RpB8AGoc2OknHNiOA5s6iNlJJfI8r%2BmyiLqtdhTVWJOHAXM92ux41HODFmw0xRsgSweI5ACR3kGqd9ATdyeE%2FP0Y2v4Ks1nCMAcmmxDn%2FR3krETBCQpDUFCCQhAUGUGRl%2FtMGt%2BU95g0NvTm2Z%2FnWjlUWXeX7qusyxOym56SF6fDcS788gV6%2FKRSqwdejXHa8D2%2F4fJGu91p1pr1estrBMxt%2BDCihDDnZn63xYS8vPEIqTh%2B4RpCOoaRY0TiIqi9DFoMm74Lujmst1xsJ%2Fe9upfZkFcjFYOpEmm2gGzL2ZWn5JXZhlq9K%2BDR0dK4NgtEukSqS3wqHhJ05Z3hTVWQvZuqMOTHjTQTsdim0%2B3dymjGz3%2F7Lt8qlGZrK2bwzVvRVJiWDz7gJlunCRNJ15D7y4IxrleVjjj5ec18xMMb1mwuW53YdP3G26trcaq5MUIlI1BxvDz1MyHPP5fPnuXlx69D6BG0LRHbIzIPCDVGlO7ApGf0Rp2Hlmc9YeqgsOVQ%2B%2BHZoRQT4j%2F5HZIfLX3%2F01effb15ETQsYfh%2FLp7Vu%2BYOuvpV0Ow2krhErkvksgSVAxh7fpil%2Bmjp0RwglM4wlNrZC6WWd5%2BN14iTSrNWc2nQbnjNJuXNsO63OoHHKPXrgR8EtIbMTKKrfx3%2BAwAA%2F%2F8BAAD%2F%2F7JvA2dlBAAA
192.243.59.12200 OK 7 B URL HTTP/1.1 woodbeesdainty.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST2wbRRTGZ9tcoAcK9MKhyMeCkLO7ttc2PUSEkCoiNKUFwQ3N7oydwbM7q5mdXScSUkQR6tE9c2DzOWkErfgjcSUguxISkZDinnIgt544cKjUM7JrEXjS6r2d7430%2B96bL3ftKXFh6cnKe2pbSEkXG1W3cuVjz7taWReJ7Vf6reCToH61ovM320HVfa1yjUc9tei7nut6rldZFZp3VH9xKkKkD9pete1W637Va9TR1%2F%2F%2FN9aBoQ5YfkpegmCThYfOJYhohCT%2BYYWbXqbSN96JraSZ0sjZwYdJL1FFgvis7GgHneRg3g1ljlcPoZL9GS5U%2Fm9jKCbE%2Be0QYXIwh0SY7804QwmeIGQXUOQjcDmCoCNE6jYEOyZAxHB9A0l877rSBd16ptKpOiELT59AFBOy8OclJPF3y1L0K7eUtJlQiUG%2FU0L0RxDdEVI7RrZ9DqIYI8o%2Bh2B%2FkMWn60jivQ0jFQQrZ96FGEF0RpB8AGoc2OknHNiOA5s6iNlJJfI8r%2BmyiLqtdhTVWJOHAXM92ux41HODFmw0xRsgSweI5ACR3kGqd9ATdyeE%2FP0Y2v4Ks1nCMAcmmxDn%2FR3krETBCQpDUFCCQhAUGUGRl%2FtMGt%2BU95g0NvTm2Z%2FnWjlUWXeX7qusyxOym56SF6fDcS788gV6%2FKRSqwdejXHa8D2%2F4fJGu91p1pr1estrBMxt%2BDCihDDnZn63xYS8vPEIqTh%2B4RpCOoaRY0TiIqi9DFoMm74Lujmst1xsJ%2Fe9upfZkFcjFYOpEmm2gGzL2ZWn5JXZhlq9K%2BDR0dK4NgtEukSqS3wqHhJ05Z3hTVWQvZuqMOTHjTQTsdim0%2B3dymjGz3%2F7Lt8qlGZrK2bwzVvRVJiWDz7gJlunCRNJ15D7y4IxrleVjjj5ec18xMMb1mwuW53YdP3G26trcaq5MUIlI1BxvDz1MyHPP5fPnuXlx69D6BG0LRHbIzIPCDVGlO7ApGf0Rp2Hlmc9YeqgsOVQ%2B%2BHZoRQT4j%2F5HZIfLX3%2F01effb15ETQsYfh%2FLp7Vu%2BYOuvpV0Ow2krhErkvksgSVAxh7fpil%2Bmjp0RwglM4wlNrZC6WWd5%2BN14iTSrNWc2nQbnjNJuXNsO63OoHHKPXrgR8EtIbMTKKrfx3%2BAwAA%2F%2F8BAAD%2F%2F7JvA2dlBAAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2wbRRTGZ9tcoAcK9MKhyMeCkLO7ttc2PUSEkCoiNKUFwQ3N7oydwbM7q5mdXScSUkQR6tE9c2DzOWkErfgjcSUguxISkZDinnIgt544cKjUM7JrEXjS6r2d7430%2B96bL3ftKXFh6cnKe2pbSEkXG1W3cuVjz7taWReJ7Vf6reCToH61ovM320HVfa1yjUc9tei7nut6rldZFZp3VH9xKkKkD9pete1W637Va9TR1%2F%2F%2FN9aBoQ5YfkpegmCThYfOJYhohCT%2BYYWbXqbSN96JraSZ0sjZwYdJL1FFgvis7GgHneRg3g1ljlcPoZL9GS5U%2Fm9jKCbE%2Be0QYXIwh0SY7804QwmeIGQXUOQjcDmCoCNE6jYEOyZAxHB9A0l877rSBd16ptKpOiELT59AFBOy8OclJPF3y1L0K7eUtJlQiUG%2FU0L0RxDdEVI7RrZ9DqIYI8o%2Bh2B%2FkMWn60jivQ0jFQQrZ96FGEF0RpB8AGoc2OknHNiOA5s6iNlJJfI8r%2BmyiLqtdhTVWJOHAXM92ux41HODFmw0xRsgSweI5ACR3kGqd9ATdyeE%2FP0Y2v4Ks1nCMAcmmxDn%2FR3krETBCQpDUFCCQhAUGUGRl%2FtMGt%2BU95g0NvTm2Z%2FnWjlUWXeX7qusyxOym56SF6fDcS788gV6%2FKRSqwdejXHa8D2%2F4fJGu91p1pr1estrBMxt%2BDCihDDnZn63xYS8vPEIqTh%2B4RpCOoaRY0TiIqi9DFoMm74Lujmst1xsJ%2Fe9upfZkFcjFYOpEmm2gGzL2ZWn5JXZhlq9K%2BDR0dK4NgtEukSqS3wqHhJ05Z3hTVWQvZuqMOTHjTQTsdim0%2B3dymjGz3%2F7Lt8qlGZrK2bwzVvRVJiWDz7gJlunCRNJ15D7y4IxrleVjjj5ec18xMMb1mwuW53YdP3G26trcaq5MUIlI1BxvDz1MyHPP5fPnuXlx69D6BG0LRHbIzIPCDVGlO7ApGf0Rp2Hlmc9YeqgsOVQ%2B%2BHZoRQT4j%2F5HZIfLX3%2F01effb15ETQsYfh%2FLp7Vu%2BYOuvpV0Ow2krhErkvksgSVAxh7fpil%2Bmjp0RwglM4wlNrZC6WWd5%2BN14iTSrNWc2nQbnjNJuXNsO63OoHHKPXrgR8EtIbMTKKrfx3%2BAwAA%2F%2F8BAAD%2F%2F7JvA2dlBAAA HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a08a74bcf28e57546dbe4dd4267e99cd
Strict-Transport-Security: max-age=0; includeSubdomains
api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_i5us0
23.38.200.123200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_i5us0
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash af4194ccdde078892dabd4c00acf03e3
c75a39cc4ad5ddf170c958783170c8404627baa1
dd128196ce82e31581ca2902edfe672753cebe5a4b44e981c3daddf9c4a8d32e
GET /url/shares.json?url=http%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_i5us0 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: av28.com/video/90452/test
last-modified: Tue, 04 Oct 2022 08:15:58 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Tue, 04 Oct 2022 08:15:58 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest
23.38.200.123200 OK 2 B URL HTTP/2 api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest
IP 23.38.200.123:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://av28.com/video/90452/test
last-modified: Tue, 04 Oct 2022 08:00:00 GMT
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 04 Oct 2022 08:15:58 GMT
X-Firefox-Spdy: h2
api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_3vil0
23.38.200.123200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_3vil0
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash 347e7daeb49169f034737de6ad55242a
938c23f7ca4ab7d084526f29ee50e7c5dc501044
c62ed869584bf37a6e11ac28b0aadb66d026db975c5fcb9176541d950de39d3b
GET /url/shares.json?url=https%3A%2F%2Fav28.com%2Fvideo%2F90452%2Ftest&callback=_ate.cbs.rcb_3vil0 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: av28.com/video/90452/test
last-modified: Tue, 04 Oct 2022 08:15:58 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Tue, 04 Oct 2022 08:15:58 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 78 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff51809bd023db7ef0b0e800f7d7657b
76d36240b5ebe838115b99d98bd41f917fd03ef8
e2b07ad9ba2dc2480a239f63be39ec55606d83469ab3da5518aa64cf72841a24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B525DB57340AC0C9AC960F9E711431B1992008B5B1506D72E8260AD3743B8F3B"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14003
Expires: Tue, 04 Oct 2022 12:09:21 GMT
Date: Tue, 04 Oct 2022 08:15:58 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 66909c9078632d44ebf4a15cd12a5595
c11a63fa7f302a0bafc7f20821d0e9ca9328f9d2
b525db57340ac0c9ac960f9e711431b1992008b5b1506d72e8260ad3743b8f3b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B525DB57340AC0C9AC960F9E711431B1992008B5B1506D72E8260AD3743B8F3B"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14003
Expires: Tue, 04 Oct 2022 12:09:21 GMT
Date: Tue, 04 Oct 2022 08:15:58 GMT
Connection: keep-alive
woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=144
192.243.59.12200 OK 0 B URL HTTP/1.1 woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=144
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fe6%2Fd7%2F97%2Fe6d797a3a7be0e7ec1877d1b33146dfa%2F1657714258.html&l=1190&fd=144 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img.strpst.com/thumbs/1664871046/91442094
104.16.62.52200 OK 43 kB URL HTTP/2 img.strpst.com/thumbs/1664871046/91442094
IP 104.16.62.52:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 5f9212c3ce49485a469df845838b688c
109bd49fe6daf4b2a0cf29c48d115711f05b668d
38f0f90885bdf3fa9cbf1a2250b23aa1abe7d8b98cc9f2274ab7bee72dcc383b
GET /thumbs/1664871046/91442094 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:58 GMT
content-type: image/jpeg
content-length: 42826
cf-bgj: imgq:100,h2pri
cf-polished: origSize=44154, status=webp_bigger
etag: "bfe4378479b27d41b7a7e96cb6412e5b"
last-modified: Tue, 04 Oct 2022 08:10:33 GMT
cf-cache-status: HIT
age: 212
expires: Tue, 04 Oct 2022 08:20:58 GMT
cache-control: public, max-age=300
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c79093b36b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 66909c9078632d44ebf4a15cd12a5595
c11a63fa7f302a0bafc7f20821d0e9ca9328f9d2
b525db57340ac0c9ac960f9e711431b1992008b5b1506d72e8260ad3743b8f3b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B525DB57340AC0C9AC960F9E711431B1992008B5B1506D72E8260AD3743B8F3B"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14002
Expires: Tue, 04 Oct 2022 12:09:21 GMT
Date: Tue, 04 Oct 2022 08:15:59 GMT
Connection: keep-alive
woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=374
192.243.59.12200 OK 0 B URL HTTP/1.1 woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=374
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fstyle.css&l=4649&fd=374 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=380
192.243.59.12200 OK 3.4 kB URL HTTP/1.1 woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=380
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash fc4dcef4a598c3dd3f21fc376fb200f1
22926bf3a6bf0a1e141677cb4745138ca0c391b0
e069fbb008b869834591a0528bdefefe809abe125c0e4d4da1f5af2ed48b0b3d
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fcss%2Fanimate.css&l=79313&fd=380 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a81efbd7f92e8ab877070b2f9cd6247
389efbc67268d7460da1c041ecd8bd3de503bced
08f20e6c48dc1f16fb405a6e21df212677b34c1dcaf75335d163a3d1e18c40bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08F20E6C48DC1F16FB405A6E21DF212677B34C1DCAF75335D163A3D1E18C40BC"
Last-Modified: Sun, 02 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2800
Expires: Tue, 04 Oct 2022 09:02:39 GMT
Date: Tue, 04 Oct 2022 08:15:59 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/d9/eb/44/d9eb4466ecf73bf5bb25aa07d3950784/1664458699.jpg
45.133.44.9200 OK 11 kB URL HTTP/2 cdn.cloudimagesb.com/si/d9/eb/44/d9eb4466ecf73bf5bb25aa07d3950784/1664458699.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
Hash 80015a947d9aa33bf32a5de6e5a350aa
139feba82a97d31e2486c0ef0d71613f94190046
8ba0e5ce5f576d03edb98de4309a8a9bdf6510e45834fb4b3b94294af2ebd095
GET /si/d9/eb/44/d9eb4466ecf73bf5bb25aa07d3950784/1664458699.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:59 GMT
content-type: image/jpeg
content-length: 9349
server: nginx/1.17.6
last-modified: Thu, 29 Sep 2022 13:38:28 GMT
etag: "63359fd4-2485"
expires: Thu, 06 Oct 2022 08:15:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.200.2200 OK 125 kB URL HTTP/2 cdn.sb4you1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.200.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 125 kB (124983 bytes)
Hash 7cc9db6d71d56243ca98d5a6257b305d
b56ae1166a444e2867740b8e018ca2a146cdca43
684ee00cc6fd4d27928f2e40c49c0660ff741a29338451ca30175f3112608278
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:59 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZefgXkxkXm%2FZZqs3Dw2Z9rv5pbGamXIkU1M0IdCicxxO4v83aBKTIVF1wEAvbPcSWjUfyFIlsjVnSKjRV%2BrPEWI7pxe68xfhGNzAYtgSccNJH0LN%2BHn3WazWtEjpzKi5CBo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c7909190575e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stripchat.com/api/front/v2/models/username/layla_juice/chat
104.19.182.41200 OK 3.2 kB URL HTTP/2 stripchat.com/api/front/v2/models/username/layla_juice/chat
IP 104.19.182.41:0
File type JSON data\012- , ASCII text, with very long lines (2581), with no line terminators
Hash a234726cf01b0c27c6951e1a007c9764
de2d4c6fc5740cdba09bff066b659c6a904c912e
a18bb89936eda47c64aafb0fe7e4bda64f25b9de8623c81e2391e223c2eac8c4
GET /api/front/v2/models/username/layla_juice/chat HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:59 GMT
content-type: application/json
vary: Accept-Encoding
x-api-version: 10.42.19
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-backend: sc-backend-delta-yellow-01.novalocal
x-cache-status: HIT
access-control-allow-origin: https://creative.xlivrdr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFntVtrkFMde1dj4D9CxNaLvjfJ7eTZXkXYnNC7Kr; SameSite=None; Secure; path=/; expires=Wed, 05-Oct-22 07:15:59 GMT; HttpOnly
server: cloudflare
cf-ray: 754c790d3e77b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://av28.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 477711
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://av28.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 477711
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=32
192.243.59.12200 OK 0 B URL HTTP/1.1 woodbeesdainty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=32
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fchat%2Fmob%2Fssp%2Fv2%2Fnew%2F3%2Fjs%2Fscript.js&l=383&fd=32 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
woodbeesdainty.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wcRRTGZxM3kIIAaSiCrgwInXfv%2F5HCwhhHFiYOCQg6NDszdx5udmc1s7N7toRkEYRSXmoK1t%2FZsSARfyRaDLqLhIQlJF8qF7hLRUERKTW6ywnDk1bv7XxvpN%2F33ny5606JD0dPVt7T21Ipulgv%2B6UrHwfB1dK6jF2%2F1G81PmnUrpZM9ma7UfZfK10TrKcXK37g%2B4EflFalER3dX5yKkMmDdlBu%2B%2BVapRzUa%2Bib%2F%2F9b58FSDzw7JS9B8snCQ%2B8SJBshjn5YEbaX6uSNdyKnaKoNMn7wYdyLdR4jOis7xkMnPph3Q9vj1UPoeH%2BGC5392xjKCfF%2BO0QYH8whEWZ7M85QQcQI%2BQXk2QhCjSDpCEzfhuTHBGAc1zcQR%2Feua5PTrWcqnaoTsvD0CWQ%2BIQt%2FXkIcfbesZL90SyuXSh1b9DsFZH8E2R0hcWOk2%2Bcg8zFY%2Bjkk%2F4MsPl1HHO1tWKUheTHzLuUIsjOCEgNQ68FNP%2BnBdTy4xEPET0osCIKmzxn1W23Gqrwpwgb3A9rsBDTwGy04NsUbIE0GYGoAZnaQmB305N0JIX8%2FhnG%2Fwm4WsNyDTSfEe38HGS%2BQC4LcEuSUIJcEeUqQZ8U%2BV7Zii3tcWRcG81yZ52ox1Gl3l%2B7rtCtispuckhenw%2FEu%2FPIFeuKkVK01gioXtF4JKnVf1NvtTrParNVaQb3B%2FXoFVhaQ9tzM77ackJc3HiGRxy9cQ0jHsGoMJi%2BCusug%2BbBZ8UE3h7WWj%2B34flALUheKMtMRuC6QpAtIt7xddUpemW2o1bsCwY6WxtVZgJkCiSnwqXxI0FV3hjd1TvZu6tySHzeSVEZym063dyulqTj%2F7btiK9eGr63YwTdvsakwLR98IGy6TmMu464l95cl58KsasME%2BXnNfiTCG85uLjsTu2T9xtura1FihLVSxyNQebw89TMhzz%2BXzZ7l5cevQ5oRjCsQuSMyD0g9Bkt2YJMzeqvPw6iznjDxkLtiaCrh2aGSE1J58juUOFr6%2FqevPvt68yJoWMCK%2F1w8q3ftHXTNq6DpbcRRgcwUyFQBqgaw7vwwTczR0qM5QKi8YaiMtxcqo%2B4%2BG6%2BVJ6Wqz5uh6IhmKGr1WkcwHtbroc86LKzyVoshtRN29a%2FDfwAAAP%2F%2FAQAA%2F%2F8yu9aPZQQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 woodbeesdainty.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wcRRTGZxM3kIIAaSiCrgwInXfv%2F5HCwhhHFiYOCQg6NDszdx5udmc1s7N7toRkEYRSXmoK1t%2FZsSARfyRaDLqLhIQlJF8qF7hLRUERKTW6ywnDk1bv7XxvpN%2F33ny5606JD0dPVt7T21Ipulgv%2B6UrHwfB1dK6jF2%2F1G81PmnUrpZM9ma7UfZfK10TrKcXK37g%2B4EflFalER3dX5yKkMmDdlBu%2B%2BVapRzUa%2Bib%2F%2F9b58FSDzw7JS9B8snCQ%2B8SJBshjn5YEbaX6uSNdyKnaKoNMn7wYdyLdR4jOis7xkMnPph3Q9vj1UPoeH%2BGC5392xjKCfF%2BO0QYH8whEWZ7M85QQcQI%2BQXk2QhCjSDpCEzfhuTHBGAc1zcQR%2Feua5PTrWcqnaoTsvD0CWQ%2BIQt%2FXkIcfbesZL90SyuXSh1b9DsFZH8E2R0hcWOk2%2Bcg8zFY%2Bjkk%2F4MsPl1HHO1tWKUheTHzLuUIsjOCEgNQ68FNP%2BnBdTy4xEPET0osCIKmzxn1W23Gqrwpwgb3A9rsBDTwGy04NsUbIE0GYGoAZnaQmB305N0JIX8%2FhnG%2Fwm4WsNyDTSfEe38HGS%2BQC4LcEuSUIJcEeUqQZ8U%2BV7Zii3tcWRcG81yZ52ox1Gl3l%2B7rtCtispuckhenw%2FEu%2FPIFeuKkVK01gioXtF4JKnVf1NvtTrParNVaQb3B%2FXoFVhaQ9tzM77ackJc3HiGRxy9cQ0jHsGoMJi%2BCusug%2BbBZ8UE3h7WWj%2B34flALUheKMtMRuC6QpAtIt7xddUpemW2o1bsCwY6WxtVZgJkCiSnwqXxI0FV3hjd1TvZu6tySHzeSVEZym063dyulqTj%2F7btiK9eGr63YwTdvsakwLR98IGy6TmMu464l95cl58KsasME%2BXnNfiTCG85uLjsTu2T9xtura1FihLVSxyNQebw89TMhzz%2BXzZ7l5cevQ5oRjCsQuSMyD0g9Bkt2YJMzeqvPw6iznjDxkLtiaCrh2aGSE1J58juUOFr6%2FqevPvt68yJoWMCK%2F1w8q3ftHXTNq6DpbcRRgcwUyFQBqgaw7vwwTczR0qM5QKi8YaiMtxcqo%2B4%2BG6%2BVJ6Wqz5uh6IhmKGr1WkcwHtbroc86LKzyVoshtRN29a%2FDfwAAAP%2F%2FAQAA%2F%2F8yu9aPZQQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wcRRTGZxM3kIIAaSiCrgwInXfv%2F5HCwhhHFiYOCQg6NDszdx5udmc1s7N7toRkEYRSXmoK1t%2FZsSARfyRaDLqLhIQlJF8qF7hLRUERKTW6ywnDk1bv7XxvpN%2F33ny5606JD0dPVt7T21Ipulgv%2B6UrHwfB1dK6jF2%2F1G81PmnUrpZM9ma7UfZfK10TrKcXK37g%2B4EflFalER3dX5yKkMmDdlBu%2B%2BVapRzUa%2Bib%2F%2F9b58FSDzw7JS9B8snCQ%2B8SJBshjn5YEbaX6uSNdyKnaKoNMn7wYdyLdR4jOis7xkMnPph3Q9vj1UPoeH%2BGC5392xjKCfF%2BO0QYH8whEWZ7M85QQcQI%2BQXk2QhCjSDpCEzfhuTHBGAc1zcQR%2Feua5PTrWcqnaoTsvD0CWQ%2BIQt%2FXkIcfbesZL90SyuXSh1b9DsFZH8E2R0hcWOk2%2Bcg8zFY%2Bjkk%2F4MsPl1HHO1tWKUheTHzLuUIsjOCEgNQ68FNP%2BnBdTy4xEPET0osCIKmzxn1W23Gqrwpwgb3A9rsBDTwGy04NsUbIE0GYGoAZnaQmB305N0JIX8%2FhnG%2Fwm4WsNyDTSfEe38HGS%2BQC4LcEuSUIJcEeUqQZ8U%2BV7Zii3tcWRcG81yZ52ox1Gl3l%2B7rtCtispuckhenw%2FEu%2FPIFeuKkVK01gioXtF4JKnVf1NvtTrParNVaQb3B%2FXoFVhaQ9tzM77ackJc3HiGRxy9cQ0jHsGoMJi%2BCusug%2BbBZ8UE3h7WWj%2B34flALUheKMtMRuC6QpAtIt7xddUpemW2o1bsCwY6WxtVZgJkCiSnwqXxI0FV3hjd1TvZu6tySHzeSVEZym063dyulqTj%2F7btiK9eGr63YwTdvsakwLR98IGy6TmMu464l95cl58KsasME%2BXnNfiTCG85uLjsTu2T9xtura1FihLVSxyNQebw89TMhzz%2BXzZ7l5cevQ5oRjCsQuSMyD0g9Bkt2YJMzeqvPw6iznjDxkLtiaCrh2aGSE1J58juUOFr6%2FqevPvt68yJoWMCK%2F1w8q3ftHXTNq6DpbcRRgcwUyFQBqgaw7vwwTczR0qM5QKi8YaiMtxcqo%2B4%2BG6%2BVJ6Wqz5uh6IhmKGr1WkcwHtbroc86LKzyVoshtRN29a%2FDfwAAAP%2F%2FAQAA%2F%2F8yu9aPZQQAAA%3D%3D HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:59 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c8a35be51d19e295c74c9c129f0a80a
Strict-Transport-Security: max-age=0; includeSubdomains
woodbeesdainty.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 woodbeesdainty.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Cookie: u_pl=17547140; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec34613dea521250e599f737448156d052=[3697448]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 04 Oct 2022 08:15:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4bd610954d1cad0675c2010a63e9c018
bd7e8708e02d74c5d7534a48221c9314530917f6
3b51bf349c5fc0841b5ee253093aa1dfabb8271f84bbb0eee07836dec331c1cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B51BF349C5FC0841B5EE253093AA1DFABB8271F84BBB0EEE07836DEC331C1CD"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20924
Expires: Tue, 04 Oct 2022 14:04:44 GMT
Date: Tue, 04 Oct 2022 08:16:00 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=1e3e5cbc6316425910e282303226c292&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=1e3e5cbc6316425910e282303226c292&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=1e3e5cbc6316425910e282303226c292&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 04 Oct 2022 08:16:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a08e0b3da3a2263efa3132a757437b34
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=34613dea521250e599f737448156d052&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.61.225200 OK 77 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=34613dea521250e599f737448156d052&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash 0ccaf9974edc015f5f2a00947ff31b2e
5fc52f3ccc8e7345ef1d2a6d92f163c7cf210057
56204ec96d3525be3065f25e3d50d0b1087f2bbfea11af9c4ee2a0c53c95d9ee
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=66792d05-7001-4ffc-9506-adc74facbdc5&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=34613dea521250e599f737448156d052&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 04 Oct 2022 08:16:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a310d71791b933584d5b4810fe5add76
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.sb4you1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.200.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.200.2:0
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:59 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FH5LMgJcRbMHmcn4WijDnbNAhK6PdzxrDeuGX5W9ND1LJec%2B9vehg5oZNpHgIgXZMuNxeZmcf3oBqaEu7Mav3xCj6uFVWE%2By6jH2AO%2B2ZlEL7ECbV8mEWjTbI0XYZhRl47g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c790918f775e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 08:15:56 GMT
date: Tue, 04 Oct 2022 08:15:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.javjap.com/thumbs/13/136593.jpg
104.21.233.196200 OK 0 B URL HTTP/2 www.javjap.com/thumbs/13/136593.jpg
IP 104.21.233.196:0
GET /thumbs/13/136593.jpg HTTP/1.1
Host: www.javjap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: text/html
cache-control: max-age=7200
cf-cache-status: HIT
age: 5135
last-modified: Tue, 04 Oct 2022 06:50:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FL%2FXZMszrmj39RG1ZMrSDOcQRVynlk7Vq%2B3mZmeS6MhogICJwIc%2FHFbTmPqG8zN3gqoBpdH117BfujE6sUogaEXSyeNA8ekaXLrvKGYsuRhZmsJiuOqKcJmNXlP3hkYryQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78f728d871d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure.statcounter.com/counter/counter.js
104.20.229.67200 OK 0 B URL HTTP/2 secure.statcounter.com/counter/counter.js
IP 104.20.229.67:0
GET /counter/counter.js HTTP/1.1
Host: secure.statcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 03 Oct 2022 14:33:33 GMT
etag: W/"633af2bd-aa70"
expires: Tue, 04 Oct 2022 17:42:50 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 9186
server: cloudflare
cf-ray: 754c78fccdfdb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.101.4200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.101.4:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:57 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 49c940b8babf93cef37bbdd2d8eef5ff
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 04 Oct 2022 08:15:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNQio%2Bo1KYATSWgnEFzCLN70v4Dtis6%2BxXlGSZ0MOAD%2FPzmsXTgMyYN38t4uDKxxkptVHg0tY%2B%2BDolzglbDiZUcfw5SE0yH6DUlKLuAMBEhR64Uwpz0AF%2Fo779R2%2BoIA8VkDo1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754c78fcc82c76fc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media2.drivecdn.com/media/videos/hd/90452.mp4?st=a6Xm_R3vJul136OH-rMbTA&e=1664874955
192.99.91.19206 Partial Content 0 B URL HTTP/1.1 media2.drivecdn.com/media/videos/hd/90452.mp4?st=a6Xm_R3vJul136OH-rMbTA&e=1664874955
IP 192.99.91.19:0
GET /media/videos/hd/90452.mp4?st=a6Xm_R3vJul136OH-rMbTA&e=1664874955 HTTP/1.1
Host: media2.drivecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx/1.10.2
Date: Tue, 04 Oct 2022 08:15:56 GMT
Content-Type: video/mp4
Content-Length: 7309331
Last-Modified: Fri, 08 Jul 2022 10:03:04 GMT
Connection: keep-alive
ETag: "62c800d8-6f8813"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Range: bytes 0-7309330/7309331
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:58 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 04 Oct 2022 09:15:58 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.rawgit.com/MailOnline/videojs-vast-vpaid/master/bin/videojs.vast.vpaid.min.css
194.242.11.186200 OK 0 B URL HTTP/2 cdn.rawgit.com/MailOnline/videojs-vast-vpaid/master/bin/videojs.vast.vpaid.min.css
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /MailOnline/videojs-vast-vpaid/master/bin/videojs.vast.vpaid.min.css HTTP/1.1
Host: cdn.rawgit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:56 GMT
server: BunnyCDN-NO-830
cdn-pullzone: 201235
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: NO
vary: Accept-Encoding
cache-control: public, max-age=2592000
cdn-cachedat: 09/28/2022 16:23:15
cdn-requestpullsuccess: True
cdn-status: 200
cdn-requestpullcode: 200
cdn-edgestorageid: 830
cdn-proxyver: 1.02
cdn-requestid: c13700afcc6bc7c4ae93d42666e37bd3
cdn-cache: HIT
X-Firefox-Spdy: h2
c.statcounter.com/t.php?sc_project=7909113&u1=5ECB80C52ADC4FFE259A8C142E582B82&java=1&security=25495fbb&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//av28.com/video/90452/test&t=test%20-%20AV28&invisible=1&sc_rum_e_s=2762&sc_rum_e_e=2766&sc_rum_f_s=0&sc_rum_f_e=2742&get_config=true
104.20.229.67200 OK 0 B URL HTTP/2 c.statcounter.com/t.php?sc_project=7909113&u1=5ECB80C52ADC4FFE259A8C142E582B82&java=1&security=25495fbb&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//av28.com/video/90452/test&t=test%20-%20AV28&invisible=1&sc_rum_e_s=2762&sc_rum_e_e=2766&sc_rum_f_s=0&sc_rum_f_e=2742&get_config=true
IP 104.20.229.67:0
GET /t.php?sc_project=7909113&u1=5ECB80C52ADC4FFE259A8C142E582B82&java=1&security=25495fbb&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//av28.com/video/90452/test&t=test%20-%20AV28&invisible=1&sc_rum_e_s=2762&sc_rum_e_e=2766&sc_rum_f_s=0&sc_rum_f_e=2742&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://av28.com
Connection: keep-alive
Referer: https://av28.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:58 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc7909113.1664871358.0; SameSite=None; Secure; Expires=Sunday, 03-Oct-2027 16:15:58 HKT; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://av28.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 754c7903ce19b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
stripchat.com/api/front/v2/models/username/layla_juice/chat
104.19.182.41200 OK 0 B URL HTTP/2 stripchat.com/api/front/v2/models/username/layla_juice/chat
IP 104.19.182.41:0
GET /api/front/v2/models/username/layla_juice/chat HTTP/1.1
Host: stripchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:15:59 GMT
content-type: application/json
vary: Accept-Encoding
x-api-version: 10.42.19
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
x-backend: sc-backend-delta-yellow-05.novalocal
x-cache-status: HIT
access-control-allow-origin: https://creative.xlivrdr.com
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuFntVtrkFMde1diFXc6auiQ5NotZmCzx9trbet6cU; SameSite=None; Secure; path=/; expires=Wed, 05-Oct-22 07:15:59 GMT; HttpOnly
server: cloudflare
cf-ray: 754c790d8ee3b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2