12.rokedon.com/l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.76.191301 Moved Permanently 0 B URL HTTP/1.1 12.rokedon.com/l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.76.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 12.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Dec 2022 18:12:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Dec 2022 19:12:12 GMT
Location: https://12.rokedon.com/l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772dca26f9f915dc-ARN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6223
Expires: Thu, 01 Dec 2022 19:55:55 GMT
Date: Thu, 01 Dec 2022 18:12:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4229
Cache-Control: max-age=149369
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:12:12 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:41:41 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2433
Expires: Thu, 01 Dec 2022 18:52:45 GMT
Date: Thu, 01 Dec 2022 18:12:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 17:18:08 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3244
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DACa23VMWdoG5wTS4gQ6niRTPRrwLUvl4azW2AOJB64xOpseSQZ1gPp2F4X6NFUa0unl+OCqh/o=
x-amz-request-id: 7YN1KTPBJQFMBP0D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 17:45:45 GMT
age: 1587
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 858ccc37bb85c2810d29eec05e52d56a
04dd96e5f377cc33458fcd826d3a32b727db57cb
554df4b6886756d4db260b4def9388ef79f83ad23b9760c90465e8643c2dd3b4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "554DF4B6886756D4DB260B4DEF9388EF79F83AD23B9760C90465E8643C2DD3B4"
Last-Modified: Thu, 01 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3637
Expires: Thu, 01 Dec 2022 19:12:49 GMT
Date: Thu, 01 Dec 2022 18:12:12 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c62523ca30605920594218fb706490c5
cac65b3ac81c635ddbd784393c84fa5f297db5c2
bc07280715717ebf0c72d05d018bd84837d26c4f89935e8598345f5f92f602b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC07280715717EBF0C72D05D018BD84837D26C4F89935E8598345F5F92F602B4"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3679
Expires: Thu, 01 Dec 2022 19:13:31 GMT
Date: Thu, 01 Dec 2022 18:12:12 GMT
Connection: keep-alive
15.rokedon.com/l/PA/12/skip-button.webp
104.22.77.191200 OK 5.0 kB URL HTTP/2 15.rokedon.com/l/PA/12/skip-button.webp
IP 104.22.77.191:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 15.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://15.rokedon.com/l/PA/12/?resubscription=85&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: image/webp
content-length: 5006
cf-ray: 772dca2ceb2d98f0-ARN
accept-ranges: bytes
age: 35969
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 18:08:56 GMT
cache-control: public,max-age=3600
age: 197
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4211
Cache-Control: max-age=144287
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 18:12:13 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:17:00 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9caeefc49be26de4b50c14df1aace81f
ef836496e49f843f0e4c2dc991c314aad13f0f2e
83203278dadec9319a72ccb142c413696d8bd09a25f1b6c8d1edef20405e90f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83203278DADEC9319A72CCB142C413696D8BD09A25F1B6C8D1EDEF20405E90F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3591
Expires: Thu, 01 Dec 2022 19:12:04 GMT
Date: Thu, 01 Dec 2022 18:12:13 GMT
Connection: keep-alive
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a22be58da2610a637c4b8edcea1fa1c6
8b69a4a179983cfd6bdeaa9e4ba2ec6ef07eeb5d
f58d6bb6931e72d16736d9e3e67c5e7b0a51d76149313c693c0b690af16ae924
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12.rokedon.com/
Origin: https://12.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://12.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7ab34e10559f4f3eb4e892d71b0325be; expires=Fri, 01 Dec 2023 18:12:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 7899a7ddbb475f17758e0960c5715cae
ae3f8eb4a039df1ec22b78adc3786a75133fe094
62fae9d6827ba67ffa4106462238cb5184f184adaf9ddc0cc058c62e9fe6d0ef
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13.rokedon.com/
Origin: https://13.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://13.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=bf10f9be08de44499ecab898d326a6e1; expires=Fri, 01 Dec 2023 18:12:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://14.rokedon.com/
Origin: https://14.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://14.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
18.rokedon.com/l/PA/12/skip-button.webp
104.22.77.191200 OK 5.0 kB URL HTTP/2 18.rokedon.com/l/PA/12/skip-button.webp
IP 104.22.77.191:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 18.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18.rokedon.com/l/PA/12/?resubscription=82&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: image/webp
content-length: 5006
cf-ray: 772dca30e86898f0-ARN
accept-ranges: bytes
age: 34965
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.43.253.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.253.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DGdcvbXlHBMHz/8INVplKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AXj/BdDaH+UDuwsBuusOQBsWEdo=
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://12.rokedon.com/
Origin: https://12.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://12.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://13.rokedon.com/
Origin: https://13.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://13.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 38 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
Hash 7b223151e6e0a3c92e8218264840aeee
ac76ab61cbac96759c14ee3f424370c699cc4047
5185d37e35cb5528c98e9a9d3f2571f6758d1d5074d50a4fdef13b0cc255b365
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://16.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
17.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 254 B URL HTTP/2 17.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
File type ASCII text, with very long lines (554)
Hash 7d2d8d659c117ab107695ef968149e83
25f1f7fdef89ccd7205fd49c4a303012d3f00a78
84a7f551ad665125a794d2af9b73001c325b4d4a82c57ec30cc6d0b289ae7322
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 17.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2fdf5b98f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash b1be268a9c5d19f12bcdd327cbcd02a1
e9a240c7c959476218e75ec790a0d965aa096e7a
53e214a3e0235b73f1595d9533eab3bb1dd10c4c557e6b855aa8d7a0f396f10d
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12.rokedon.com/
Content-Type: application/json
Origin: https://12.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 1e79d81f6b0c523763b02ddc62d3c002
access-control-allow-origin: https://12.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash b861dfb395c135f05df444830a708e84
ec9f6c20c2d78c834d5abc68712ee12d773311de
7717f104795d84339b65bf3c2c18f93e881db8a2af6bb1cd5189e50d38de3b36
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13.rokedon.com/
Content-Type: application/json
Origin: https://13.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 6ecda3385e54fc2d210c31b482be298a
access-control-allow-origin: https://13.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 38 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
Hash c27565d62c0080a137cdbb33e21ec5fd
3b75c427837a74547dbb42197b8b693c6f87ea6b
d29b9525e71d73cab3d3676be5e1e161276ffc164c285c804e3fd5ac06957383
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://15.rokedon.com/
Origin: https://15.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://15.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash d510e20c279f2ea5a6628300d59a4420
2dc4143a116eafee3ee6f018466974f5bef6d060
197acea9cc71a7cc7b1ee63c77336c44e7c34ff6542e9deed7e9c85e4c4a3300
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://15.rokedon.com/
Content-Type: application/json
Origin: https://15.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: d11b9d002ff8996ba97f64824af4e495
access-control-allow-origin: https://15.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://16.rokedon.com/
Origin: https://16.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://16.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17.rokedon.com/
Origin: https://17.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://17.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://16.rokedon.com/
Origin: https://16.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://16.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://17.rokedon.com/
Origin: https://17.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://17.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://18.rokedon.com/
Origin: https://18.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://18.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 669905119e24b1a2ea45e755a67deb5f
5db5dbc0cfe4ebb3b406a48f5492418cb19eec82
f9a43a9ce0f1d31ca982b1ea58c151052571336733ed11a247cd2ad080d51f06
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://16.rokedon.com/
Content-Type: application/json
Origin: https://16.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: dc10e0d78cd1223cef5bf8456201ffd7
access-control-allow-origin: https://16.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 3b29041953d1d561d137a48c6c0196d1
8cf8f10bfed70c26252f8b8064c8c09271d4ebc9
eb3aebb158745acdb9d76870e25f83abda174254d217f96c4fa409bdf456d345
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17.rokedon.com/
Content-Type: application/json
Origin: https://17.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 76a685d044324fc5c220b05cda821a59
access-control-allow-origin: https://17.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
22.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 255 B URL HTTP/2 22.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
File type ASCII text, with very long lines (554)
Hash 766cb7f3ba58dafee34a3028bf58374e
e81bd3c2341a2b69f88e26a535e39770538c9823
5926d9c6a56e194d8a5fb32f5de7216e7c086439bcb53db44537221285fc1129
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 22.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca352e1698f0-ARN
age: 33901
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 6e0493b21d4ba3bd35f6e3df5604da3d
3d2b0894ba61b2511eb91a40a6d078430b4cfa3a
aa2850e2eaebbed73eab1a78f66eb91b29b6768f27b27b9a061d3e28cd9f760a
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://18.rokedon.com/
Content-Type: application/json
Origin: https://18.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 4561a2beca01bd513c9192476d82dc5b
access-control-allow-origin: https://18.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://19.rokedon.com/
Origin: https://19.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://19.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
24.rokedon.com/l/PA/12/?resubscription=76&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 12 kB URL HTTP/2 24.rokedon.com/l/PA/12/?resubscription=76&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28864), with no line terminators
Hash dac5b2c6a2e178b411a4c756bb9270f3
3cd82b8cf1dbe55be9dc4cd8f6e6cc81c1bdae06
8487df4f871ac4b23b1325c3612991e88ab9ef702be3988ba62605c5b7937824
GET /l/PA/12/?resubscription=76&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 24.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://23.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca36dfe398f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://19.rokedon.com/
Origin: https://19.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://19.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
18.rokedon.com/l/PA/12/?resubscription=82&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 88 kB URL HTTP/2 18.rokedon.com/l/PA/12/?resubscription=82&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28864), with no line terminators
Hash 295602a7d9451bf39bf9d01b1a2e8830
1d5dd6637ddb881a5f72875316a53ace86bd3704
185b83fbd56eafa1211734fa4132f12896db56c283fa60e098115ce00f11a042
GET /l/PA/12/?resubscription=82&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 18.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca300f9b98f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
24.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 349 B URL HTTP/2 24.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
File type ASCII text, with very long lines (554)
Hash b1e7e3efe83232ad0e024de1d6379e1a
7b8b1bedf3f829bada90d6d4bc458f48321a3452
51947b132c81472b9b6fd3a8474d17f137ca23e923d8f0f53d6023aa4bf11bd3
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 24.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca37d8fd98f0-ARN
age: 33899
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash e31947a97b39f78ecb93378832f98cae
077e1d8e9f9c6f0b1850c8975dbbd4339d8eabd7
b7721f9ed923528bce04d51b49969c33aa021049d7974714fc5323b164aab659
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20.rokedon.com/
Content-Type: application/json
Origin: https://20.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: aadae1118d325e1fbb9e5b5560e9fe11
access-control-allow-origin: https://20.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://21.rokedon.com/
Origin: https://21.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://21.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
25.rokedon.com/l/PA/12/skip-button.webp
104.22.77.191200 OK 5.0 kB URL HTTP/2 25.rokedon.com/l/PA/12/skip-button.webp
IP 104.22.77.191:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
Analyzer Verdict Alert fortinet Phishing
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 25.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://25.rokedon.com/l/PA/12/?resubscription=75&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: image/webp
content-length: 5006
cf-ray: 772dca3889c098f0-ARN
accept-ranges: bytes
age: 33899
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://21.rokedon.com/
Origin: https://21.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://21.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 4a26b96be7f2c75890f59e6c8363f28b
7a559af237cdaafe5554b418bd9d713379ca2392
a8793b0078f3f004efdfb3fcefc2e58342793424b837df995c586b49d7425713
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://21.rokedon.com/
Content-Type: application/json
Origin: https://21.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 3517b0af79605191f1b1443743185804
access-control-allow-origin: https://21.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://22.rokedon.com/
Origin: https://22.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://22.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6545
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 18:12:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6545
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 18:12:15 GMT
Connection: keep-alive
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://23.rokedon.com/
Origin: https://23.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://23.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6545
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 18:12:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6545
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 18:12:15 GMT
Connection: keep-alive
20.rokedon.com/l/PA/12/?resubscription=80&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 25 kB URL HTTP/2 20.rokedon.com/l/PA/12/?resubscription=80&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28864), with no line terminators
Hash 4a9ddc607b9b12faa33b22246a77966e
02a802ad4f9279f979ce5a65dfea52ccc08e5d35
8463d8304dc86036fb60fe51db69e52cfb655defe9871f5a006af3cd37b00345
GET /l/PA/12/?resubscription=80&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 20.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://19.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca324a0a98f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
25.rokedon.com/l/PA/12/?resubscription=75&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 22 kB URL HTTP/2 25.rokedon.com/l/PA/12/?resubscription=75&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28864), with no line terminators
Hash 949f8a20b3dd1b918d1fb724a1a2f115
77c121a086106f5ddda35db690096464d652317f
e501511a73180bbe4d71b3af1798105ea18c4074a713bc211f0305b6c55a89a1
GET /l/PA/12/?resubscription=75&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 25.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://24.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca38195798f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 73602
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6545
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 18:12:15 GMT
Connection: keep-alive
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 43 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
Hash 77f2b0dc0fe81848fbcb0c7abb17efcd
aecb8fd0a9c36f14cc3df5c06b55c7ed63d7fe2b
e38d9282e6ca70fb8d9527ea35a12a6bb5588a38ca4dbb7167559141a458ac3c
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://25.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 43 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
Hash eb9206bc0b5a8c41b724b7ccc4f292de
7589734e48339752225f0cccc777ed01d8ac3297
bd5f8a2915a76989c750fdf6c5b6b7aded98f896060c3d6b230d0ae7b820faf4
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://23.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 12:31:43 GMT
age: 20432
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 48 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
Hash 6bbc1086a2a950d134075335bcbf43d5
ceb09710efef511a0966d818293e37e79b186795
904836975d97436bfc7cc6010a23bdaf7a357cb130aa81b55c6102dbee3bbdfc
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://15.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://22.rokedon.com/
Origin: https://22.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://22.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://23.rokedon.com/
Origin: https://23.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://23.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://24.rokedon.com/
Origin: https://24.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://24.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash e270f7eb67441dbafe6b6bc590d094df
da1abf516809a9dbc766d27f97fad201f908de15
ff2cbcdbfa886b92ad640aa746add9c88edd154d5ddf814c253b92662995aa27
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://22.rokedon.com/
Content-Type: application/json
Origin: https://22.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 7ac2f59457e130c3839645b6620ead88
access-control-allow-origin: https://22.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash e6bfb3629366699e04dd107a7f95617a
f8b448452e08c1e3dedc0468f096446cc517e98d
50dce14df862671768ab1e9ba153efc262d3c7457822ea673c68ed171daaf73a
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://23.rokedon.com/
Content-Type: application/json
Origin: https://23.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: e49a4c42c62463f04f2678eb0e314cb1
access-control-allow-origin: https://23.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://24.rokedon.com/
Origin: https://24.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://24.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash a2f8a032882407e1eef432ad2562fe6f
1997ab6f41ea102ca8d642baf430805e1ed73f2c
08e94cdbe4436219070fe2693126c2f4133a31d25b0292c5faa8c4a88028f191
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://24.rokedon.com/
Content-Type: application/json
Origin: https://24.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: de46ea47b6dde3e759d6aefc1426aecf
access-control-allow-origin: https://24.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
27.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 38 kB URL HTTP/2 27.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
File type ASCII text, with very long lines (554)
Hash 4c55305e56b62f8feb72c5efa175acc7
1d667a236fc301a8f81e6330ad9f4fdd4de7da60
5cea3efd8623bfaf228af98fcbbf6a995e88eea5f8dd1221be3c2d018f700ce6
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 27.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca3afc6298f0-ARN
age: 33898
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26.rokedon.com/
Origin: https://26.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://26.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
29.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 254 B URL HTTP/2 29.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
File type ASCII text, with very long lines (554)
Hash 7d2d8d659c117ab107695ef968149e83
25f1f7fdef89ccd7205fd49c4a303012d3f00a78
84a7f551ad665125a794d2af9b73001c325b4d4a82c57ec30cc6d0b289ae7322
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 29.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca3d2f3a98f0-ARN
age: 33896
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
29.rokedon.com/l/PA/12/?resubscription=71&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 17 kB URL HTTP/2 29.rokedon.com/l/PA/12/?resubscription=71&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28864), with no line terminators
Hash 69fd23d2caaf59e80310fa416c8a7f0b
059e013c44266680e3c741af0d0d5e51b6fb1f01
154b920d68f8ddeb2024e02a8e7a2c1a586eaec9922aae0ea7dbfb5c029e8710
GET /l/PA/12/?resubscription=71&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 29.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://28.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca3c3e5b98f0-ARN
age: 28814
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 469fe68a9a35ac01350e49b29ee0357b
406b1ca65f3c088ee702e7c53b48e8c64a62ed1b
573c8521ec0cb02471f00f2c8e6834b1333beab19095bb690b5aeb452a4bc710
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25.rokedon.com/
Content-Type: application/json
Origin: https://25.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: ddb0e0ff32d08c7ea916d9977c157989
access-control-allow-origin: https://25.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
30.rokedon.com/l/PA/12/rnd.jpg
104.22.77.191200 OK 61 kB URL HTTP/2 30.rokedon.com/l/PA/12/rnd.jpg
IP 104.22.77.191:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 297x668, components 3\012- data
Hash 267ebadd2b686bdc1f52a5f502e8c093
ca9892a0b64fb44d9d779c9d34244b7641e89473
891dab1fc5b524854de645a1084f37dc8156cb59516808bd18559b4865dada65
GET /l/PA/12/rnd.jpg HTTP/1.1
Host: 30.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://30.rokedon.com/l/PA/12/?resubscription=70&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: image/jpeg
content-length: 60612
cf-ray: 772dca3ddfeb98f0-ARN
accept-ranges: bytes
age: 33895
etag: "l/PA/12/rnd.913476f985.jpg"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://26.rokedon.com/
Origin: https://26.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://26.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.rokedon.com/
Origin: https://27.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://27.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash cea16152e3a3f27cb99b33f4ab6c4d9e
16190775cd84d87342f3cb441a58aed87a1b667f
98c3c5b197d6b25ce0faa5aec6e243e369ddc479d4491b1ed1d5efdc9dba824b
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26.rokedon.com/
Content-Type: application/json
Origin: https://26.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 8d18d83f902099424def6e010c6e91a6
access-control-allow-origin: https://26.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 76 kB URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5aaefa43c38d57062fa1766f5d244458
2228144787657fd9a3513f64b8da027508925c18
79e301ed6c20f2b6b459ce75ec55a5ee401526823b6e7e022d708b5d763dcf95
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://24.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 3b6192bdd535475952f4fbb186148c2b
58c05bf4eae4d026188588d3d17854d65b07cc66
fa16a34d64ba055c7647ba5ee3208494c48f1d192171cd1600923364d1049937
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.rokedon.com/
Content-Type: application/json
Origin: https://27.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 8d6d05ded75ea5bc1ca61bc7e043ab35
access-control-allow-origin: https://27.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=true&ymid=166991829530703a068p9q&var=163_PH
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=true&ymid=166991829530703a068p9q&var=163_PH
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=true&ymid=166991829530703a068p9q&var=163_PH HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.rokedon.com/
Origin: https://30.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://30.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28.rokedon.com/
Origin: https://28.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://28.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 8ccc8e756ab6b66d77cf7cad133b8a4d
0687633ee5fdb8a562b42084a8e5990a71acfe85
87bb5cd578f672c49ce2b412c6cb6bd6667b83a0dace029d22c4ed5cb1b5825c
GET /gid.js?pub=0&userId=&zoneId=4789821&checkDuplicate=false&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29.rokedon.com/
Origin: https://29.rokedon.com
Connection: keep-alive
Cookie: ID=9e0536b6d23a4d658cb565c608cfe84e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://29.rokedon.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e0536b6d23a4d658cb565c608cfe84e; expires=Fri, 01 Dec 2023 18:12:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://30.rokedon.com/
Origin: https://30.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5bd7cc049c5c691a84e8a11ce3ab8ae0
861ae3a2e77806761d1ab78c09f1297124cb6b1f
f4613783b800770734db2c8237665ee9b3bfeb9e58ac0df5273d4cf5fb639988
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4613783B800770734DB2C8237665EE9B3BFEB9E58AC0DF5273D4CF5FB639988"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Thu, 01 Dec 2022 21:21:28 GMT
Date: Thu, 01 Dec 2022 18:12:16 GMT
Connection: keep-alive
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://28.rokedon.com/
Origin: https://28.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://28.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://29.rokedon.com/
Origin: https://29.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://29.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 51e2a0729c0fed2db53a25c24e487b88
6f66ad9689ba391bd01890c77e3864342e08bf6f
8e7c691e5083f749c4548f556ec28e960cae63031ad82ba79d9f8d4ccf3e42dd
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.rokedon.com/
Content-Type: application/json
Origin: https://30.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: f7f4c737373bafb2e8d388b49a2329e5
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 2b9ca2d063c03314ee6dbff4ae398cc6
c663232a37049a49f47263c8e31a7e691ef4ac49
116f9b37aa87d452bfa311ee744ab7264439fead40920dc6e5f1442d57934c1b
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28.rokedon.com/
Content-Type: application/json
Origin: https://28.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 4fe0985412ac60bc78b1054b054d5a43
access-control-allow-origin: https://28.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
choupsee.com/zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 choupsee.com/zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=prerequest HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.rokedon.com/
Origin: https://30.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-length: 0
x-trace-id: 59c0be4d27a1f7f4d5b5e6b346853182
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
foapsovi.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 074800adef1a7a2385b4cf84fbd21637
312786e8eab604e02acf9b6c851203eef93beb7c
a441acdcaeabe958d42ffa2345fa1bcbdcabb611e4cc910b969b3cd63b8219b2
POST /event HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29.rokedon.com/
Content-Type: application/json
Origin: https://29.rokedon.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: c6efee8827359c21ca67097bb14024ef
access-control-allow-origin: https://29.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
choupsee.com/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /event HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://30.rokedon.com/
Origin: https://30.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
choupsee.com/zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=settings
139.45.197.251200 OK 693 B URL HTTP/2 choupsee.com/zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (692)
Hash da5f93dde67263d753ca7508e89e4048
7c3a89017cde2422b1f840bb2e67bddc26d7d98c
f7242fa92beb69973bd122ad7c91becd07738a1a8a7f2678d2af829797e26e18
GET /zone?&pub=0&zone_id=4789821&is_mobile=false&domain=30.rokedon.com&var=163_PH&ymid=166991829530703a068p9q&var_3=&dsig=&nt=true&action=settings HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.rokedon.com/
Origin: https://30.rokedon.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 2b520da4b63bfd8d27a23edf793fd9d5
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
choupsee.com/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 51e2a0729c0fed2db53a25c24e487b88
6f66ad9689ba391bd01890c77e3864342e08bf6f
8e7c691e5083f749c4548f556ec28e960cae63031ad82ba79d9f8d4ccf3e42dd
Analyzer Verdict Alert fortinet Malware
POST /event HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.rokedon.com/
Content-Type: application/json
Origin: https://30.rokedon.com
Content-Length: 492
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 769c83bbbfbc6e426c04d8e3d1b6b1c1
access-control-allow-origin: https://30.rokedon.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
13.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 13.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 13.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2b690b98f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
26.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 26.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 26.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca39db2898f0-ARN
age: 33899
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
31.rokedon.com/l/PA/12/?resubscription=69&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 31.rokedon.com/l/PA/12/?resubscription=69&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=69&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 31.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://30.rokedon.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca3e384598f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
27.rokedon.com/l/PA/12/?resubscription=73&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 27.rokedon.com/l/PA/12/?resubscription=73&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=73&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 27.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://26.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca3a1b5b98f0-ARN
age: 28814
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
15.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 15.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 15.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2d2b8a98f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
21.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 21.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 21.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca343d0f98f0-ARN
age: 33901
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
16.rokedon.com/l/PA/12/?resubscription=84&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 16.rokedon.com/l/PA/12/?resubscription=84&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=84&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 16.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://15.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca2d6bce98f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
19.rokedon.com/l/PA/12/?resubscription=81&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 19.rokedon.com/l/PA/12/?resubscription=81&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=81&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 19.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca3148d798f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
26.rokedon.com/l/PA/12/?resubscription=74&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 26.rokedon.com/l/PA/12/?resubscription=74&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=74&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 26.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://25.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca392a7b98f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
12.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 12.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 12.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2a5ff198f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
15.rokedon.com/l/PA/12/?resubscription=85&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 15.rokedon.com/l/PA/12/?resubscription=85&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=85&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 15.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://14.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca2c8ab498f0-ARN
age: 28812
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
16.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 16.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 16.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2eddea98f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
19.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 19.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 19.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca3219b798f0-ARN
age: 34964
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
28.rokedon.com/l/PA/12/?resubscription=72&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 28.rokedon.com/l/PA/12/?resubscription=72&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=72&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 28.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca3b4cd398f0-ARN
age: 28814
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
14.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 14.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 14.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca2c5a8598f0-ARN
age: 35970
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
23.rokedon.com/l/PA/12/?resubscription=77&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 23.rokedon.com/l/PA/12/?resubscription=77&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=77&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 23.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca358e8298f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
25.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 25.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 25.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca38da1898f0-ARN
age: 33898
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://26.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
13.rokedon.com/l/PA/12/?resubscription=87&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 13.rokedon.com/l/PA/12/?resubscription=87&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=87&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 13.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca2aa84198f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
30.rokedon.com/favicon.ico
104.22.77.191200 OK 0 B URL HTTP/2 30.rokedon.com/favicon.ico
IP 104.22.77.191:0
GET /favicon.ico HTTP/1.1
Host: 30.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://30.rokedon.com/l/PA/12/?resubscription=70&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: image/vnd.microsoft.icon
etag: W/"favicon.ff38969f14.ico"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 772dca3e282f98f0-ARN
content-encoding: br
X-Firefox-Spdy: h2
17.rokedon.com/l/PA/12/?resubscription=83&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 17.rokedon.com/l/PA/12/?resubscription=83&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=83&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 17.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://16.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca2efe0c98f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
14.rokedon.com/l/PA/12/?resubscription=86&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 14.rokedon.com/l/PA/12/?resubscription=86&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=86&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 14.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://13.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca2b791f98f0-ARN
age: 28812
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
20.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 20.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 20.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca335c5398f0-ARN
age: 34964
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
21.rokedon.com/l/PA/12/?resubscription=79&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 21.rokedon.com/l/PA/12/?resubscription=79&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=79&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 21.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca337c5f98f0-ARN
age: 28814
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://21.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
12.rokedon.com/l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 12.rokedon.com/l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=88&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 12.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca292ee398f0-ARN
age: 29150
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://13.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:12 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
18.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 18.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 18.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:13 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca3138c098f0-ARN
age: 34965
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
28.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
104.22.77.191200 OK 0 B URL HTTP/2 28.rokedon.com/sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q
IP 104.22.77.191:0
GET /sw-check-permissions-4789821.js?z=4789821&var=163_PH&ymid=166991829530703a068p9q HTTP/1.1
Host: 28.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:15 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 772dca3c1e1498f0-ARN
age: 33897
etag: W/"sw-check-permissions-4789821.3caffe478a.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
22.rokedon.com/l/PA/12/?resubscription=78&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.77.191200 OK 0 B URL HTTP/2 22.rokedon.com/l/PA/12/?resubscription=78&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.77.191:0
GET /l/PA/12/?resubscription=78&clickid=166991829530703a068p9q&source=163&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=PH&partner=PA&language=en-US&unixtime=1669918295&tb={https://oodrampi.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 22.rokedon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://21.rokedon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: text/html; charset=utf-8
cf-ray: 772dca346d3998f0-ARN
age: 28813
etag: W/"l/PA/12/index.f25875168a.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
foapsovi.net/pfe/current/service-worker.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 foapsovi.net/pfe/current/service-worker.min.js?r=sw
IP 139.45.197.251:0
GET /pfe/current/service-worker.min.js?r=sw HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22.rokedon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 18:12:14 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-1c7a1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2