Report - kagabei.xyz/

Report Overview

Submitted URL
kagabei.xyz/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-05 04:09:28
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	5.4 kB	14 kB	23.33.119.27
js.wpadmngr.com	25762	2021-06-02T16:43:46Z	2023-03-13T09:03:13Z	368 B	374 B	45.133.44.24
1ec994c645.369c83119d.com	unknown	2023-02-02T04:33:10Z	2023-02-13T12:45:22Z	804 B	320 B	45.133.44.25
048a2da360.3819544f76.com	unknown	2023-02-02T04:22:13Z	2023-02-13T12:45:08Z	1.7 kB	39 kB	45.133.44.25
fp.metricswpsh.com	unknown	2022-04-22T13:20:32Z	2023-03-13T06:42:46Z	937 B	779 B	157.90.84.242
notification.tubecup.net	8210	2019-08-30T11:36:01Z	2023-03-13T08:28:58Z	483 B	320 B	94.130.197.140
i.cdnkimg.com	8049	2020-08-20T08:43:50Z	2023-03-13T07:28:10Z	405 B	82 kB	45.133.44.37
kagabei.xyz	unknown	2022-01-30T02:02:12Z	2022-11-21T01:33:22Z	784 B	34 kB	172.67.147.232
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-13T05:21:46Z	676 B	1.5 kB	95.101.11.115
s.viitodut.com	unknown	2023-01-26T10:45:04Z	2023-02-09T02:09:26Z	1.1 kB	220 B	185.196.197.130
nereserv.com	40015	2020-12-21T12:07:56Z	2023-03-13T07:28:09Z	544 B	320 B	157.90.84.246
0f6e7d3222.ba33938e50.com	unknown			6.9 kB	30 kB	94.130.198.6
sw.wpush.org	78308	2020-02-15T08:54:44Z	2023-03-13T07:47:43Z	740 B	2.5 kB	45.133.44.24
js.wpshsdk.com	12130	2021-06-04T15:50:00Z	2023-03-13T08:00:13Z	1.6 kB	28 kB	45.133.44.24
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	56 kB	34.120.237.76
static.bookmsg.com	47495	2020-11-24T15:56:32Z	2023-03-13T07:28:10Z	961 B	1.7 kB	88.198.209.34
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
js.nextpsh.top	unknown	2022-04-12T07:49:09Z	2023-03-13T07:47:42Z	380 B	416 B	46.148.125.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-05 04:09:56	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	nextpsh.top	Sinkholed
2023-02-05	medium	3819544f76.com	Sinkholed
2023-02-05	medium	3819544f76.com	Sinkholed
2023-02-05	medium	3819544f76.com	Sinkholed
2023-02-05	medium	3819544f76.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	kagabei.xyz/	6.4 kB	2023-03-07	2024-03-03
Pretty URL kagabei.xyz/ IP 172.67.147.232 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:58 Last Seen2024-03-03 15:50:46 Times Seen4457 Hash e87e4308d48d05127078c287669f5ede 557ee8a904bdc1844739bc6b54b07cedc8efdd0a 5ab295c85afa4adc7ef732fbd9253e3dbc56f4b063991d0c901ea3d6ec6a3c50 Loading...

	048a2da360.3819544f76.com/4fb911ef80cd13b9a4b144d0c0155e41.js	90 kB	2023-03-08	2024-04-22
Pretty URL 048a2da360.3819544f76.com/4fb911ef80cd13b9a4b144d0c0155e41.js IP 45.133.44.25 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:49:59 Last Seen2024-04-22 00:39:01 Times Seen4685 Hash e8cc8668a6709d2fff8f8ce714b7bcca 9495fd5fc854ac6ee32fedc0038cc67f26b7e4ff 3f881ab7cc56a0d1102cd0430c6d4b03f79a10c86d71d08a6e733fce6cc2fb32 Loading...

	048a2da360.3819544f76.com/ea82ffde911566022d15ea9fae99b275.js	326 kB	2023-03-13	2023-03-13
Pretty URL 048a2da360.3819544f76.com/ea82ffde911566022d15ea9fae99b275.js IP 45.133.44.25 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:53:23 Last Seen2023-03-13 19:15:05 Times Seen1 Hash 9a3aba978f20ccdbe23e27c487986313 4332999176de19060a5062ab901edc87cc318c7d c58c172627aeb1e5e7e43f42614a772f6182dce3f2fee750d63033d7e1d33e8c Loading...

	js.wpadmngr.com/npc/sdk/wp-banners.js	0 B	2023-03-07	2024-04-24
Pretty URL js.wpadmngr.com/npc/sdk/wp-banners.js IP 45.133.44.24 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 06:50:01 Times Seen37033251 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	js.nextpsh.top/ps/ps.js?id=obfatWKZNkanZBj4brtLrg	82 B	2023-03-08	2024-03-04
Pretty URL js.nextpsh.top/ps/ps.js?id=obfatWKZNkanZBj4brtLrg IP 46.148.125.182 ASN #35277 Llhost Inc. Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:53 Last Seen2024-03-04 02:50:11 Times Seen8986 Hash 26b99d58eb44fb5bf51098b005b728db dbad6dd9d473fe2836e2abeaa30b5590ce233602 f41597e9109254c277334ce27b4dd5a1b823f2b988b602f3295fc2e8cdfd54a3 Loading...

	kagabei.xyz/	655 B	2023-03-13	2023-03-14
Pretty URL kagabei.xyz/ IP 172.67.147.232 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:51:05 Last Seen2023-03-14 06:13:57 Times Seen1 Hash 819f803576993d8ec588602814d225fc c211be543a4e79232b0c792959167e9d92dc49ca b631002d0f2465c9516c9757e58b1a9c5456ec8e2534af46cf013f4d143a9283 Loading...

	kagabei.xyz/	385 B	2023-03-07	2024-03-04
Pretty URL kagabei.xyz/ IP 172.67.147.232 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:57 Last Seen2024-03-04 02:50:11 Times Seen4456 Hash 485d4fa89e27040ea797d5eafbca25fa 6d1ede4bbf3aad619dcc8706a99de1e98953f76e 13b91f39c3eb14bc114e0cfefb695ceacbc768f46e36374d1c97629c831ddb45 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 27eea290f34428348ba312ac7e6a9427	114 kB	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 07:35:46 Last Seen2023-03-13 18:53:31 Times Seen1 Hash 27eea290f34428348ba312ac7e6a9427 e9b8c68da439db613145885bb162f3717dff72de e8b06ec78125908b8a811fff3d823111ef27d379fbfbc37bb6e9fa338c979b97 Loading...

HTTP Transactions (55)

URL IP Response Size

kagabei.xyz/

172.67.147.232

301 Moved Permanently

0 B

URL HTTP/1.1
kagabei.xyz/
IP
172.67.147.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: kagabei.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 04:09:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 05:09:17 GMT
Location: https://kagabei.xyz/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xgqeTaZVwrK%2FaLlJGE4t95jFoeywacrsBmYkS%2BVixzMVthtzMoeVezpgIOxK48YIBvY6z4%2FfKWLdlWCwwcvqrH2hI7oHj5tC1VOHQAx7czMP5RQf5DoyI64to8R%2BKw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7948ca2ca945b4f9-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19615
Expires: Sun, 05 Feb 2023 09:36:12 GMT
Date: Sun, 05 Feb 2023 04:09:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11010
Expires: Sun, 05 Feb 2023 07:12:47 GMT
Date: Sun, 05 Feb 2023 04:09:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 03:33:54 GMT
content-type: application/json
age: 2123
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7774
Expires: Sun, 05 Feb 2023 06:18:51 GMT
Date: Sun, 05 Feb 2023 04:09:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: KDtLdHTpgaSSzEPOTRMgKS2S6LXJvj06DC18s9azr5NT13owjjuujt0dsgYwfB89A9RZ/Q4YD14=
x-amz-request-id: HKADVRZDYA48SWZN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 03:24:18 GMT
age: 2699
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 04:09:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
3eeb68638f058bf2de81a61f7d0a92fe
42b29b13b6d401eb0152c95ac09b7c7f81d5efe0
eb5e65cbedd8664f3eec9706348b640a4a131dc55f6966ed5d539a596bb482b1

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EB5E65CBEDD8664F3EEC9706348B640A4A131DC55F6966ED5D539A596BB482B1"
Last-Modified: Sun, 05 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 10:09:17 GMT
Date: Sun, 05 Feb 2023 04:09:17 GMT
Connection: keep-alive

e1.o.lencr.org/

95.101.11.115

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
3eeb68638f058bf2de81a61f7d0a92fe
42b29b13b6d401eb0152c95ac09b7c7f81d5efe0
eb5e65cbedd8664f3eec9706348b640a4a131dc55f6966ed5d539a596bb482b1

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EB5E65CBEDD8664F3EEC9706348B640A4A131DC55F6966ED5D539A596BB482B1"
Last-Modified: Sun, 05 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Sun, 05 Feb 2023 10:09:17 GMT
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 03:49:07 GMT
age: 1211
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

js.nextpsh.top/ps/ps.js?id=obfatWKZNkanZBj4brtLrg

46.148.125.182

200 OK

82 B

URL HTTP/2
js.nextpsh.top/ps/ps.js?id=obfatWKZNkanZBj4brtLrg
IP
46.148.125.182:0
ASN
#35277 Llhost Inc. Srl

File type
ASCII text, with no line terminators
Size
82 B (82 bytes)
Hash
26b99d58eb44fb5bf51098b005b728db
dbad6dd9d473fe2836e2abeaa30b5590ce233602
f41597e9109254c277334ce27b4dd5a1b823f2b988b602f3295fc2e8cdfd54a3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ps/ps.js?id=obfatWKZNkanZBj4brtLrg HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript
content-length: 82
set-cookie: __psu=ff569369-9e38-4c93-ae59-a9db7428911a; expires=Wed, 05 Feb 2025 04:09:18 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5cebeb9670612fd1a5f9178f3aaa801d
ead54f5daf3cf57f8e22ff29c3729c2c8a4cacdd
b4bc56e5e529ff0777389146ecc6233623121a8d1188a0b146d94b050cb5b2a4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4BC56E5E529FF0777389146ECC6233623121A8D1188A0B146D94B050CB5B2A4"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17994
Expires: Sun, 05 Feb 2023 09:09:12 GMT
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16620
Expires: Sun, 05 Feb 2023 08:46:18 GMT
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive

048a2da360.3819544f76.com/c740df26aa77ac7f8a9b3dda3585713b.js

45.133.44.25

200 OK

36 kB

URL HTTP/2
048a2da360.3819544f76.com/c740df26aa77ac7f8a9b3dda3585713b.js
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type
data
Size
36 kB (36074 bytes)
Hash
847208d66e85c242e0473a56c59dd432
863246279835c2042ab38b12d4a496fa680af5e9
c5ff19bbe116f0ce15aee18bafdea9fd45cd7fea9ad4b3e903657797c952283f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /c740df26aa77ac7f8a9b3dda3585713b.js HTTP/1.1
Host: 048a2da360.3819544f76.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 02 Feb 2023 09:20:02 GMT
etag: W/"63db8042-18c39"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

048a2da360.3819544f76.com/9fb2f3d57d3079ae89eab9de8d39a8d7/43957?version_name=d

45.133.44.25

200 OK

1.6 kB

URL HTTP/2
048a2da360.3819544f76.com/9fb2f3d57d3079ae89eab9de8d39a8d7/43957?version_name=d
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (1584), with no line terminators
Size
1.6 kB (1584 bytes)
Hash
8698fdca9b24a79c467981060be0d145
e6f2726d84046ca4a67a5531bcd8010e51142a07
ed3eece874593b359e6445c6f9d3fad054e8f221d399daec17fb0600ac605e20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /9fb2f3d57d3079ae89eab9de8d39a8d7/43957?version_name=d HTTP/1.1
Host: 048a2da360.3819544f76.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/json
content-length: 1584
server: nginx/1.18.0
cache-control: max-age=300
expires: Sun, 05 Feb 2023 04:14:18 GMT
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.wpadmngr.com/npc/sdk/wp-banners.js

45.133.44.24

200 OK

0 B

URL HTTP/2
js.wpadmngr.com/npc/sdk/wp-banners.js
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sun, 05 Feb 2023 04:14:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b99bdf44f7105810de8d7e83da015e3b
5c91079cc1299a15ffbc103c13157acdb11c80a3
37c215e567429665010536f6a8c8f18805dbc4b8d4541ea7255aa8f07873a869

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37C215E567429665010536F6A8C8F18805DBC4B8D4541EA7255AA8F07873A869"
Last-Modified: Sat, 04 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16485
Expires: Sun, 05 Feb 2023 08:44:03 GMT
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive

kagabei.xyz/

104.21.28.242

200 OK

32 kB

URL HTTP/2
kagabei.xyz/
IP
104.21.28.242:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10521), with CRLF line terminators
Size
32 kB (32294 bytes)
Hash
3ee2c47b32df3e079a54628bebf874e8
aaa83e0ffe3230abb5b730a3ccaa2c7facfe6b2d
0392c399960f91ddf9aec55ebad027b7407b4964fab0272fea5b6d8837004c73

HTTP Headers

GET / HTTP/1.1
Host: kagabei.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.8
set-cookie: ab_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wabQExSxAfj3o0ZqTWWTUIj9%2BCY%2Ba09WytVjx5N0vq6AP%2B5Pm2bLfIXqGEvnTCEsvycXjxwUayS%2BlwL04acQ6Dp0wQzcTSMtVKi74MlnqgP41AHwsbBQyECte5Y8AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7948ca2f0a25b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
155f081f99e1dc4e00b79a472e76147a
93a8482624b9073c51eaca18cdf29fa7ed319b7d
d2a5d0845888419c6beb687453c6dec89883ea90bd7baf7c18061eed679e7ea1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2A5D0845888419C6BEB687453C6DEC89883EA90BD7BAF7C18061EED679E7EA1"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5536
Expires: Sun, 05 Feb 2023 05:41:34 GMT
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive

fp.metricswpsh.com/fp?tag_id=43957

157.90.84.242

204 No Content

0 B

URL HTTP/1.1
fp.metricswpsh.com/fp?tag_id=43957
IP
157.90.84.242:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://kagabei.xyz/
Origin: https://kagabei.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 04:09:18 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://kagabei.xyz
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

1ec994c645.369c83119d.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQyMzk0ODY4OTQwODEiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4yMi4wIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJQbGF5In0=

45.133.44.25

200 OK

0 B

URL HTTP/2
1ec994c645.369c83119d.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQyMzk0ODY4OTQwODEiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4yMi4wIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJQbGF5In0=
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4MjQyMzk0ODY4OTQwODEiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4yMi4wIiwidGFnX2lkIjo0Mzk1Nywic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJQbGF5In0= HTTP/1.1
Host: 1ec994c645.369c83119d.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-length: 0
server: nginx/1.20.2
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.24

200 OK

26 kB

URL HTTP/2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (63672), with no line terminators
Size
26 kB (26363 bytes)
Hash
b7ba997d979c1e6ad2de8d8151b36b4a
7ddfda9ce241cbdead8db88099fecf6a55d5343d
4b8c80b44a8b9096eb319ef262ef28a2c032aeb93a2dbe0495401f89d6b6746d

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=43957

157.90.84.242

200 OK

28 B

URL HTTP/1.1
fp.metricswpsh.com/fp?tag_id=43957
IP
157.90.84.242:0
ASN
#24940 Hetzner Online GmbH

File type
JSON data\012- , ASCII text
Size
28 B (28 bytes)
Hash
e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a

HTTP Headers

POST /fp?tag_id=43957 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22285
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 05 Feb 2023 04:09:18 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://kagabei.xyz
Set-Cookie: id=16814302045404799974; Expires=Mon, 05 Feb 2024 04:09:18 GMT; Secure; SameSite=None
Vary: Origin

nereserv.com/in/dip?site=native-push&wl=0&event_id=de410841-40b6-4d68-aa63-4b204db7903a&subid=416473681&sid=2517504367&spot_id=26103&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1

157.90.84.246

200 OK

0 B

URL HTTP/2
nereserv.com/in/dip?site=native-push&wl=0&event_id=de410841-40b6-4d68-aa63-4b204db7903a&subid=416473681&sid=2517504367&spot_id=26103&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1
IP
157.90.84.246:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=0&event_id=de410841-40b6-4d68-aa63-4b204db7903a&subid=416473681&sid=2517504367&spot_id=26103&created_at=2023-02-05&timezone=0&ver=8.24.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 04:09:19 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f47220936601fbaad86b28337c2d7cad
9bdeb7f26c0f25714ed2c281a83c2a4241d3b74b
302bbb4d751ebd8f04b229f3b06e98ab3f083dccf53f7c598991c4ed712e100c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "302BBB4D751EBD8F04B229F3B06E98AB3F083DCCF53F7C598991C4ED712E100C"
Last-Modified: Sat, 04 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17779
Expires: Sun, 05 Feb 2023 09:05:38 GMT
Date: Sun, 05 Feb 2023 04:09:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
15dfef7f063604efdea29b5089472ca6
9dcbf7a72e2d8c83191d17bab4acdb568a0bd02b
6a20b074c80868f5e71a2798abbd7e67d75cab0bd2f2d2181b0a91d06f99848c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A20B074C80868F5E71A2798ABBD7E67D75CAB0BD2F2D2181B0A91D06F99848C"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18815
Expires: Sun, 05 Feb 2023 09:22:54 GMT
Date: Sun, 05 Feb 2023 04:09:19 GMT
Connection: keep-alive

0f6e7d3222.ba33938e50.com/in/multy

94.130.198.6

204 No Content

0 B

URL HTTP/2
0f6e7d3222.ba33938e50.com/in/multy
IP
94.130.198.6:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://kagabei.xyz/
Origin: https://kagabei.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx/1.20.1
date: Sun, 05 Feb 2023 04:09:19 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/common/config.js

45.133.44.24

200 OK

19 B

URL HTTP/2
js.wpshsdk.com/npc/sdk/common/config.js
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
19 B (19 bytes)
Hash
67fc2c9421e21f4a3707c7fabc8e9f33
0d311fbfaea3d64122b4c5e575a5c3fbea11f718
b93ed3f9c6f2c27004ef57a9fa8f11248af5bd9848cc56a1c215db36d4ecc1bb

HTTP Headers

GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kagabei.xyz/
Origin: https://kagabei.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: "63d270a1-13"
expires: Sun, 05 Feb 2023 04:14:19 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2152
Expires: Sun, 05 Feb 2023 04:45:11 GMT
Date: Sun, 05 Feb 2023 04:09:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2152
Expires: Sun, 05 Feb 2023 04:45:11 GMT
Date: Sun, 05 Feb 2023 04:09:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
data
Size
7.1 kB (7110 bytes)
Hash
b863eddcc46d634f41f68dde575be0c7
0f096702a1533307b4d5bc0f1d3e375c20dabd82
eee81a5164207d380b6b604cd4fd6426ff30c6bcb05abbdff932ad28721ac22b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7060
x-amzn-requestid: 9379b64e-3a3f-4b8d-aba2-bc3cd7dab98f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3cgFCkIAMFrhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c4f-6ac6da215407497043249929;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:51 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75uKxGlJDSXzIUgR5Rm4f13SClTT1UIDLgbkTrFDEDvKmGmViQ3Djg==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:25:50 GMT
age: 20609
etag: "e8391e4046acb91cd4a6113974fda1c44dcd3865"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6434 bytes)
Hash
0d632f8be93820b9746f76146fe3ff0e
7e5e9b16819af678ba84ddb6f45c073e659e2f4e
26ad66cf5e4fe4de99ad31b5c4f0fa3d05c085be04610de8ad80989528c100bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6434
x-amzn-requestid: ccf74c35-c654-4a9a-8121-ab27fc4cd862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WWYFbJoAMFgSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f5-10dedb6a287acd2b10cdfdb4;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3bv0yNuzTWh742AZFesuU0caKmg0nMFc3P0bLYkhGd-TAeg5R9W_vQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:28 GMT
age: 22671
etag: "7e5e9b16819af678ba84ddb6f45c073e659e2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8691 bytes)
Hash
bbb38d805862a1b3081eebf256e0dae0
4a5cb01390d897be8721cd4551c74d0452aff640
02443891d0533f37fe38b16febafc86fa64c457dc1827b97ec535d623486d549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: 51bb839e-c32c-4be9-9f38-7f8044160e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLgFPqIAMFfww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22716-3794126b47a79aed27e1aac4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9du1ien5j1WSLplBzT5AAV-xIPKNgg4-8tdjux_iEGXNGaCcj29Xog==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 10:04:17 GMT
age: 65102
etag: "4a5cb01390d897be8721cd4551c74d0452aff640"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12256 bytes)
Hash
062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dvxlk1iSyNfjmNRI_8HcmhG9_xe0ZlaZ0Pzj0H9EBR6wwXKg0L7YVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 04:43:21 GMT
age: 84358
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6e4dfe8-8de0-4ffd-85a4-544a7e82f052.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5652 bytes)
Hash
5d907b978dc107f6e95182eee954462a
29a73442173f75b4f3413e2c6459e8448b1cc33f
8268fb8aa86182e7c2113709cce8f559ac8cc831e12cfd7a75c67f30c69808a5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6e4dfe8-8de0-4ffd-85a4-544a7e82f052.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: a9d8e72b-b943-4c6d-a01c-7b7b65da6ee4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzXDqG-eIAMFbTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de054a-778199ce1db9fa1b73a9d4ec;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:12:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CyZUnEQ1l6j1CZCVM63GYbV6mAnhjW3kh4E5M07jH6d3t4mwhSK4hw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:07:48 GMT
age: 21691
etag: "29a73442173f75b4f3413e2c6459e8448b1cc33f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F626efb39-4b90-4979-bc7d-1a1ba9e7fc73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9290 bytes)
Hash
eaca60722d35484e7cad5e6521465c75
470c81f1cab13436da9f94e97bb152fc9d01ad04
8c75170cdf9f6b97aef972568348aa4e6d67486ad1fdb7aa9d346e1cc8ae9df7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F626efb39-4b90-4979-bc7d-1a1ba9e7fc73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9290
x-amzn-requestid: 5ed93026-d87a-4c82-81ce-8faa9e8dba60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsnFtFVUoAMF6Bw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db5224-0e5fea32709d6f665f6b09db;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 06:03:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AD5rpaPGI6jezDtJBS7-XTUoJQetiG6yyo6VbDfBYzk9RwPNYN5h2Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 20:04:29 GMT
age: 29090
etag: "470c81f1cab13436da9f94e97bb152fc9d01ad04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
15dfef7f063604efdea29b5089472ca6
9dcbf7a72e2d8c83191d17bab4acdb568a0bd02b
6a20b074c80868f5e71a2798abbd7e67d75cab0bd2f2d2181b0a91d06f99848c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A20B074C80868F5E71A2798ABBD7E67D75CAB0BD2F2D2181B0A91D06F99848C"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18814
Expires: Sun, 05 Feb 2023 09:22:54 GMT
Date: Sun, 05 Feb 2023 04:09:20 GMT
Connection: keep-alive

0f6e7d3222.ba33938e50.com/in/multy

94.130.198.6

200 OK

28 kB

URL HTTP/2
0f6e7d3222.ba33938e50.com/in/multy
IP
94.130.198.6:0
ASN
#24940 Hetzner Online GmbH

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (28368), with no line terminators
Size
28 kB (28377 bytes)
Hash
f2aff30c641cf55a80d786407acd251c
a9b50bb7b27aacd11eab923117d96485d9e6db86
915b2249bf725447a69d02d07c525b995bf6aee63509ddc76e0f2d1f3157f7e2

HTTP Headers

POST /in/multy HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1191
Origin: https://kagabei.xyz
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: application/json
content-length: 28377
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

94.130.198.6

200 OK

0 B

URL HTTP/2
0f6e7d3222.ba33938e50.com/in/show/?mid=3919411124075335134&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2517504367&cid=13353&price=0.001959999&is_cpm=0&cpm=0&ecpm=0.023251306239015817&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=kagabei.xyz&hostname=auc-inpage-hz-2-b&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675591759&created_at=2023-02-05&is_native=2&auction_queue=0&burl=VtD4HI5-YOOHlkIyH593SnVBbd-rVxqhZuyGFKz2VsFdQ4vKQRHo5r4HPvcNXDMbdM0gE7EwqO8NsohvgDE7o1j98kXysqE25mqWktF-R_11q-xejQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0008499869288224955&placement_type_id=&skin_test=0&verify_hash=5f82c90e22292d7a453d53319e74d615&score=66.95658281062643&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fkagabei.xyz%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.001959999&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=clod6E0xYWhQKL-kyC_TzUwad3N3zIPdxhZRmLJnubsTmPxKVrzIkjF6s4UO1PVgXe3Ad156buj9V1ZfFq1-BtnnNQo8BUnuxnFCyI5Ljuv1hsVsTgpphr9SYFBoSybojU62Qx5CX6w6idRxdTsUd14tM8StBycdsC_Foe9bJX6TNfj8hw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.001959999&pr=&user_keywords=&auc_type=1&aid=61&ext_cid=0&device_theme=light&keywords=&label_ids=83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=98f57936-0e1e-437d-92da-37aca222d394&mlc=1&format=default-slide_SHQ-b_r-body
IP
94.130.198.6:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?mid=3919411124075335134&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2517504367&cid=13353&price=0.001959999&is_cpm=0&cpm=0&ecpm=0.023251306239015817&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.24.1&ver_c=&refdom=kagabei.xyz&hostname=auc-inpage-hz-2-b&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675591759&created_at=2023-02-05&is_native=2&auction_queue=0&burl=VtD4HI5-YOOHlkIyH593SnVBbd-rVxqhZuyGFKz2VsFdQ4vKQRHo5r4HPvcNXDMbdM0gE7EwqO8NsohvgDE7o1j98kXysqE25mqWktF-R_11q-xejQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=0.0008499869288224955&placement_type_id=&skin_test=0&verify_hash=5f82c90e22292d7a453d53319e74d615&score=66.95658281062643&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fkagabei.xyz%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.001959999&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=clod6E0xYWhQKL-kyC_TzUwad3N3zIPdxhZRmLJnubsTmPxKVrzIkjF6s4UO1PVgXe3Ad156buj9V1ZfFq1-BtnnNQo8BUnuxnFCyI5Ljuv1hsVsTgpphr9SYFBoSybojU62Qx5CX6w6idRxdTsUd14tM8StBycdsC_Foe9bJX6TNfj8hw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.001959999&pr=&user_keywords=&auc_type=1&aid=61&ext_cid=0&device_theme=light&keywords=&label_ids=83,89,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=98f57936-0e1e-437d-92da-37aca222d394&mlc=1&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 04:09:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

0f6e7d3222.ba33938e50.com/in/show/?mid=3919411124075335134&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2517504367&cid=14006&price=0.00047595571260899305&is_cpm=0&cpm=0&ecpm=0.00023966624881891548&crid=&crtid=5e38ae248ad402ffccb830d047480273&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=kagabei.xyz&hostname=auc-inpage-hz-2-b&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675656559&created_at=2023-02-05&is_native=1&auction_queue=0&burl=Q7BcGMUYliX8TFqBEcswNkFSq4ZR2_CgLlPFpPCfmV4_ziExadBynQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.4051755725190836e-05&placement_type_id=&skin_test=0&verify_hash=73d3f37cd622360ea1f6417fbcff1208&score=66.95658281062643&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fkagabei.xyz%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.00047595571260899305&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=0YcJlxJhtLxSavymb81TNNPkltg10ibpFph3j0_Sf-JzJdyXCWs16OS7aWGf8u8yalWUEy6srlZm1_ArkVG2rzcSIe2wig3LPmFfQjJ6JtY_5sb-2DM_CXSES-WJ-BTcJ6MWvgq4QOPbXksb-fPpZqMHsrzzz63APZwX6I0RbVCeGJfa2A6XoDN59n_SH8JRjr8w1Td-0CzA055BjA2vpj7iUFD5w1DLBDHPq3aetv8Z_kXJAUA9aQwPz1lXuhYMPm3rI2PVXMLwLZY3eQIg-NS8CuaFVoiQFiO9tHUo8yEIj_ugnztdQL-tepNzWar-V-aRfZrY8-k1qJp9061QUrjEU7Zvpx0f4VgqAJN89TeDSbRDlgRVM7w53PYmD40b1mOJPGyI3tsbYbRl36xFL-b7O3jlwhNWcTVC1bOXXcY8CbWi3ZGly3S-SfzSnZgvEvZw0FuWhL6DAM3ATdxWhdR8P7ZUzY1xFeMnmd-72ode9CvgxhR5UGeouLf6CfjuLsdVyaCK12Tizx-jaLwZt73qjlfMBdcvaLDSfqBZjA1qIzqr0gxnS2atouVHzBILcWzTeyuUt_inVkdRX-KuduFuK5KCSiHLmNJY0_-3OVUBXEyi8chFK-TOhezyJJeAaOo7LX--a4T3DNnoPCOMFfrRBeWS9DcqvTEGeeivdoCKuBGOU-JjSV_A9FGM1k5zEhahQGiwdCjdvvU3R9uCrscZxsj7cbG5JOC-XSekj0JMqMWQQE69ZBbUAIUEPi69botWAMfUvLZJ9lS8aNaLcgFzGf0Cf9btmyd4zFcZM5hvFT4NENFbYwgwBRH4E7ifq7Sv4EsnTogNSZvzAywIQOTNPcjhNIoMrY8-0dLqBzDrjRklg-bJAkZNBiLUvGN-aAcqVfcS7X26v5Cbe7FEgj6MJc3mn6KlSkPXDA3ju3kiob7nO3vgr_0S7AOBbPwBCygCAywR_vvX3MhNdcwfXI4Ez-pbCirj0l0GPTtF09GwUqs9_9Rtq51_cn8b-Wsg1uHum6chmzKoBUcp_EZtT7p0nmvOtfdmFCRdVtwoYLu14jQKa2Gm57gQnj0oWsLvUT5KrpXs1fHMiefCd2VnlRbKunbeQMtpn1yG_Ks-Ks4kcGQrqrqFXh-txiSxtQNFLQ&image_url=https%3A%2F%2Fs.viitodut.com%2Fn%2F1557%2Fpniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F1189%252F189%252Frect_63dce9a44c73ft1675422116r802.jpg&skin_id=2&vertical_id=40&real_bid=0.00031770043816650283&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=83,90,40&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=6d15dfee-7185-4df3-83e1-4acd6d7cf5da&format=default-slide_SHQ-b_r-body

94.130.198.6

200 OK

0 B

URL HTTP/2
0f6e7d3222.ba33938e50.com/in/show/?mid=3919411124075335134&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2517504367&cid=14006&price=0.00047595571260899305&is_cpm=0&cpm=0&ecpm=0.00023966624881891548&crid=&crtid=5e38ae248ad402ffccb830d047480273&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=kagabei.xyz&hostname=auc-inpage-hz-2-b&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675656559&created_at=2023-02-05&is_native=1&auction_queue=0&burl=Q7BcGMUYliX8TFqBEcswNkFSq4ZR2_CgLlPFpPCfmV4_ziExadBynQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.4051755725190836e-05&placement_type_id=&skin_test=0&verify_hash=73d3f37cd622360ea1f6417fbcff1208&score=66.95658281062643&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fkagabei.xyz%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.00047595571260899305&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=0YcJlxJhtLxSavymb81TNNPkltg10ibpFph3j0_Sf-JzJdyXCWs16OS7aWGf8u8yalWUEy6srlZm1_ArkVG2rzcSIe2wig3LPmFfQjJ6JtY_5sb-2DM_CXSES-WJ-BTcJ6MWvgq4QOPbXksb-fPpZqMHsrzzz63APZwX6I0RbVCeGJfa2A6XoDN59n_SH8JRjr8w1Td-0CzA055BjA2vpj7iUFD5w1DLBDHPq3aetv8Z_kXJAUA9aQwPz1lXuhYMPm3rI2PVXMLwLZY3eQIg-NS8CuaFVoiQFiO9tHUo8yEIj_ugnztdQL-tepNzWar-V-aRfZrY8-k1qJp9061QUrjEU7Zvpx0f4VgqAJN89TeDSbRDlgRVM7w53PYmD40b1mOJPGyI3tsbYbRl36xFL-b7O3jlwhNWcTVC1bOXXcY8CbWi3ZGly3S-SfzSnZgvEvZw0FuWhL6DAM3ATdxWhdR8P7ZUzY1xFeMnmd-72ode9CvgxhR5UGeouLf6CfjuLsdVyaCK12Tizx-jaLwZt73qjlfMBdcvaLDSfqBZjA1qIzqr0gxnS2atouVHzBILcWzTeyuUt_inVkdRX-KuduFuK5KCSiHLmNJY0_-3OVUBXEyi8chFK-TOhezyJJeAaOo7LX--a4T3DNnoPCOMFfrRBeWS9DcqvTEGeeivdoCKuBGOU-JjSV_A9FGM1k5zEhahQGiwdCjdvvU3R9uCrscZxsj7cbG5JOC-XSekj0JMqMWQQE69ZBbUAIUEPi69botWAMfUvLZJ9lS8aNaLcgFzGf0Cf9btmyd4zFcZM5hvFT4NENFbYwgwBRH4E7ifq7Sv4EsnTogNSZvzAywIQOTNPcjhNIoMrY8-0dLqBzDrjRklg-bJAkZNBiLUvGN-aAcqVfcS7X26v5Cbe7FEgj6MJc3mn6KlSkPXDA3ju3kiob7nO3vgr_0S7AOBbPwBCygCAywR_vvX3MhNdcwfXI4Ez-pbCirj0l0GPTtF09GwUqs9_9Rtq51_cn8b-Wsg1uHum6chmzKoBUcp_EZtT7p0nmvOtfdmFCRdVtwoYLu14jQKa2Gm57gQnj0oWsLvUT5KrpXs1fHMiefCd2VnlRbKunbeQMtpn1yG_Ks-Ks4kcGQrqrqFXh-txiSxtQNFLQ&image_url=https%3A%2F%2Fs.viitodut.com%2Fn%2F1557%2Fpniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F1189%252F189%252Frect_63dce9a44c73ft1675422116r802.jpg&skin_id=2&vertical_id=40&real_bid=0.00031770043816650283&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=83,90,40&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=6d15dfee-7185-4df3-83e1-4acd6d7cf5da&format=default-slide_SHQ-b_r-body
IP
94.130.198.6:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?mid=3919411124075335134&pid=0&site=native-push-mainstream&sc=NO&usage_type=DCH&subid=416473681&sid=2517504367&cid=14006&price=0.00047595571260899305&is_cpm=0&cpm=0&ecpm=0.00023966624881891548&crid=&crtid=5e38ae248ad402ffccb830d047480273&tcid=0&out_id=0&ver=8.24.1&ver_c=&refdom=kagabei.xyz&hostname=auc-inpage-hz-2-b&site_id=3126103&spot_id=26103&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675656559&created_at=2023-02-05&is_native=1&auction_queue=0&burl=Q7BcGMUYliX8TFqBEcswNkFSq4ZR2_CgLlPFpPCfmV4_ziExadBynQ&pop_winurl=&ip=91.90.42.154&testab=0&px_id=7326103&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB24-24&min_cpm=5.4051755725190836e-05&placement_type_id=&skin_test=0&verify_hash=73d3f37cd622360ea1f6417fbcff1208&score=66.95658281062643&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D416473681%26spot_id%3D26103%26is_adult%3D0%26p%3Dhttps%253A%252F%252Fkagabei.xyz%252F%26idzone%3D0%26sid%3D1885&ml=&tag_ab=d&original_bid=0.00047595571260899305&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=0YcJlxJhtLxSavymb81TNNPkltg10ibpFph3j0_Sf-JzJdyXCWs16OS7aWGf8u8yalWUEy6srlZm1_ArkVG2rzcSIe2wig3LPmFfQjJ6JtY_5sb-2DM_CXSES-WJ-BTcJ6MWvgq4QOPbXksb-fPpZqMHsrzzz63APZwX6I0RbVCeGJfa2A6XoDN59n_SH8JRjr8w1Td-0CzA055BjA2vpj7iUFD5w1DLBDHPq3aetv8Z_kXJAUA9aQwPz1lXuhYMPm3rI2PVXMLwLZY3eQIg-NS8CuaFVoiQFiO9tHUo8yEIj_ugnztdQL-tepNzWar-V-aRfZrY8-k1qJp9061QUrjEU7Zvpx0f4VgqAJN89TeDSbRDlgRVM7w53PYmD40b1mOJPGyI3tsbYbRl36xFL-b7O3jlwhNWcTVC1bOXXcY8CbWi3ZGly3S-SfzSnZgvEvZw0FuWhL6DAM3ATdxWhdR8P7ZUzY1xFeMnmd-72ode9CvgxhR5UGeouLf6CfjuLsdVyaCK12Tizx-jaLwZt73qjlfMBdcvaLDSfqBZjA1qIzqr0gxnS2atouVHzBILcWzTeyuUt_inVkdRX-KuduFuK5KCSiHLmNJY0_-3OVUBXEyi8chFK-TOhezyJJeAaOo7LX--a4T3DNnoPCOMFfrRBeWS9DcqvTEGeeivdoCKuBGOU-JjSV_A9FGM1k5zEhahQGiwdCjdvvU3R9uCrscZxsj7cbG5JOC-XSekj0JMqMWQQE69ZBbUAIUEPi69botWAMfUvLZJ9lS8aNaLcgFzGf0Cf9btmyd4zFcZM5hvFT4NENFbYwgwBRH4E7ifq7Sv4EsnTogNSZvzAywIQOTNPcjhNIoMrY8-0dLqBzDrjRklg-bJAkZNBiLUvGN-aAcqVfcS7X26v5Cbe7FEgj6MJc3mn6KlSkPXDA3ju3kiob7nO3vgr_0S7AOBbPwBCygCAywR_vvX3MhNdcwfXI4Ez-pbCirj0l0GPTtF09GwUqs9_9Rtq51_cn8b-Wsg1uHum6chmzKoBUcp_EZtT7p0nmvOtfdmFCRdVtwoYLu14jQKa2Gm57gQnj0oWsLvUT5KrpXs1fHMiefCd2VnlRbKunbeQMtpn1yG_Ks-Ks4kcGQrqrqFXh-txiSxtQNFLQ&image_url=https%3A%2F%2Fs.viitodut.com%2Fn%2F1557%2Fpniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq%3D%3D%3D%3D%3Ff%3Dhttps%253A%252F%252Fi.cdnkimg.com%252Fauto%252F492x328%252Fimage%252Ftesr%252F1189%252F189%252Frect_63dce9a44c73ft1675422116r802.jpg&skin_id=2&vertical_id=40&real_bid=0.00031770043816650283&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=83,90,40&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=6d15dfee-7185-4df3-83e1-4acd6d7cf5da&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: 0f6e7d3222.ba33938e50.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 05 Feb 2023 04:09:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b57b28b3b762d94d2c1f323db3c76524
f80114993efefdb22b98a19a4ce20b6510b621fc
405379e7f1c2af9cd11d897e88237e0cb61d0fda3123c090d49932d295f18975

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "405379E7F1C2AF9CD11D897E88237E0CB61D0FDA3123C090D49932D295F18975"
Last-Modified: Fri, 03 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10964
Expires: Sun, 05 Feb 2023 07:12:04 GMT
Date: Sun, 05 Feb 2023 04:09:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b57b28b3b762d94d2c1f323db3c76524
f80114993efefdb22b98a19a4ce20b6510b621fc
405379e7f1c2af9cd11d897e88237e0cb61d0fda3123c090d49932d295f18975

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "405379E7F1C2AF9CD11D897E88237E0CB61D0FDA3123C090D49932D295F18975"
Last-Modified: Fri, 03 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8744
Expires: Sun, 05 Feb 2023 06:35:04 GMT
Date: Sun, 05 Feb 2023 04:09:20 GMT
Connection: keep-alive

sw.wpush.org/ps/sw.js

45.133.44.24

200 OK

1.8 kB

URL HTTP/2
sw.wpush.org/ps/sw.js
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (5516), with no line terminators
Size
1.8 kB (1801 bytes)
Hash
b84c3df63522b5774e068693cff05b61
87c6d8ca6ee6d308faa8b5aa22793774660e7f29
67018bf78daadb61952675af92eb06ecc2c8728e27d992f5b0082b5ca1c5b52b

HTTP Headers

GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

s.viitodut.com/n/1557/pniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq====?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F1189%2F189%2Frect_63dce9a44c73ft1675422116r802.jpg

185.196.197.130

302 Found

0 B

URL HTTP/2
s.viitodut.com/n/1557/pniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq====?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F1189%2F189%2Frect_63dce9a44c73ft1675422116r802.jpg
IP
185.196.197.130:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /n/1557/pniesytfbv6f4athpjzfkyclmjqqc6s3azxxo62zm5eggkbf2h6tqxrjfvkweglcmfpfw3qem54xuudiifglrls5jhcyxxh3tgxypk5nhf4w2csgd7pg2caqgt55fqpas7rmbfvlkeilxboe25xufvu3uo5vkabk3a4rgymx2c3us6k2jfkfeohj6cv764add4uxqvcshbewtqtjz5fgbwdzl3bdtb75gxte5ipboxaflebtrfujpufxjgwfc37dqmajy2byqhwhbbcrwwmb4bnbna4kwts422aubdkqhbewtewp23rf56dznprdsswrgm7z6stlrb46nd4s4fvnev75s3f7q654km43w2bramoa72csbfuvr37kdhlwtx2jmd5huvyhnmg5smfoqwu26u52kyjdcsljgl3nnuwin5uqn2rggsabj53qblslwklmmqexmvtdkzhuwykqpcsg2ukjnezpnvwszbxqsbxkey2iafhxodbgbvmtavva46cwbwpe2o5tkj4iyub2vfv3nxmazjtnu624gqgxyccqmr5hx4ktpp2fcrxbniz6mtcdsfj2lwxvtzf6wnsui5fpcvhlk3fdysgjg24zrn77k3ifau4ijwpo7rp74ogje6xmk3aihc74kwku623cjvswkdlzluawa6hlmriq====?f=https%3A%2F%2Fi.cdnkimg.com%2Fauto%2F492x328%2Fimage%2Ftesr%2F1189%2F189%2Frect_63dce9a44c73ft1675422116r802.jpg HTTP/1.1
Host: s.viitodut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx/1.19.0
date: Sun, 05 Feb 2023 04:09:20 GMT
content-length: 0
location: https://i.cdnkimg.com/auto/492x328/image/tesr/1189/189/rect_63dce9a44c73ft1675422116r802.jpg
X-Firefox-Spdy: h2

notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fkagabei.xyz%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0

94.130.197.140

200 OK

0 B

URL HTTP/2
notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fkagabei.xyz%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0
IP
94.130.197.140:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/subscription-offers?href=https%3A%2F%2Fkagabei.xyz%2F&tcid=0&spot_id=13227&site=tcpublisher&source_id=0 HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 04:09:20 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=5bf7ea21-0214-4ae5-a14c-cc947e6a6d2b&mlc=1&format=default-slide_SHQ-b_r-body

88.198.209.34

200 OK

590 B

URL HTTP/2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=5bf7ea21-0214-4ae5-a14c-cc947e6a6d2b&mlc=1&format=default-slide_SHQ-b_r-body
IP
88.198.209.34:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
590 B (590 bytes)
Hash
debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579

HTTP Headers

GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=5bf7ea21-0214-4ae5-a14c-cc947e6a6d2b&mlc=1&format=default-slide_SHQ-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp

88.198.209.34

200 OK

590 B

URL HTTP/2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP
88.198.209.34:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
590 B (590 bytes)
Hash
debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579

HTTP Headers

GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bf828a0cebeb89c6322dc9204863e622
c5bdc8378ae47836359dfdcf67068e3553c49928
8ec17c6a7238b91ffbea9a2333d605f09eb84452b981ea88e5c619f82080ab3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EC17C6A7238B91FFBEA9A2333D605F09EB84452B981EA88E5C619F82080AB3E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=434
Expires: Sun, 05 Feb 2023 04:16:34 GMT
Date: Sun, 05 Feb 2023 04:09:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bf828a0cebeb89c6322dc9204863e622
c5bdc8378ae47836359dfdcf67068e3553c49928
8ec17c6a7238b91ffbea9a2333d605f09eb84452b981ea88e5c619f82080ab3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EC17C6A7238B91FFBEA9A2333D605F09EB84452B981EA88E5C619F82080AB3E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=434
Expires: Sun, 05 Feb 2023 04:16:34 GMT
Date: Sun, 05 Feb 2023 04:09:20 GMT
Connection: keep-alive

i.cdnkimg.com/auto/492x328/image/tesr/1189/189/rect_63dce9a44c73ft1675422116r802.jpg

45.133.44.37

200 OK

82 kB

URL HTTP/2
i.cdnkimg.com/auto/492x328/image/tesr/1189/189/rect_63dce9a44c73ft1675422116r802.jpg
IP
45.133.44.37:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, baseline, precision 8, 492x328, components 3\012- data
Size
82 kB (81773 bytes)
Hash
63b1689d9a7daae7d7ec712db40095fd
4008bd983af3322871d8331fcc70a483d1d9ba5e
08ef9c3311cab3d2b855c64b8c8483910d927e6bbeb5eab8ca0cbd584d84924d

HTTP Headers

GET /auto/492x328/image/tesr/1189/189/rect_63dce9a44c73ft1675422116r802.jpg HTTP/1.1
Host: i.cdnkimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: image/jpeg
content-length: 81773
server: nginx/1.19.0
cache-control: max-age=1209600
x-cache-status: HIT
expires: Sun, 19 Feb 2023 04:09:20 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

048a2da360.3819544f76.com/4fb911ef80cd13b9a4b144d0c0155e41.js

45.133.44.25

200 OK

0 B

URL HTTP/2
048a2da360.3819544f76.com/4fb911ef80cd13b9a4b144d0c0155e41.js
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4fb911ef80cd13b9a4b144d0c0155e41.js HTTP/1.1
Host: 048a2da360.3819544f76.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 07 Dec 2022 08:28:22 GMT
etag: W/"63904ea6-16019"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

048a2da360.3819544f76.com/ea82ffde911566022d15ea9fae99b275.js

45.133.44.25

200 OK

0 B

URL HTTP/2
048a2da360.3819544f76.com/ea82ffde911566022d15ea9fae99b275.js
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ea82ffde911566022d15ea9fae99b275.js HTTP/1.1
Host: 048a2da360.3819544f76.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:18 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 03 Feb 2023 12:56:56 GMT
etag: W/"63dd0498-4fa40"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/common/core.js

45.133.44.24

200 OK

0 B

URL HTTP/2
js.wpshsdk.com/npc/sdk/common/core.js
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kagabei.xyz/
Origin: https://kagabei.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:19 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-1bf5c"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:19 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/push/styles.css

45.133.44.24

200 OK

0 B

URL HTTP/2
js.wpshsdk.com/npc/sdk/push/styles.css
IP
45.133.44.24:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:20 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

sw.wpush.org/ps/sw.js

45.133.44.25

200 OK

0 B

URL HTTP/2
sw.wpush.org/ps/sw.js
IP
45.133.44.25:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kagabei.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 Feb 2023 04:09:19 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Sun, 05 Feb 2023 04:14:19 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (55)

URL HTTP/1.1

IP