13.pasatok.com/l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
172.67.21.170301 Moved Permanently 0 B URL HTTP/1.1 13.pasatok.com/l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 172.67.21.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 13.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Feb 2023 09:19:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 03 Feb 2023 10:19:50 GMT
Location: https://13.pasatok.com/l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a1655be82b524-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9587
Expires: Fri, 03 Feb 2023 11:59:37 GMT
Date: Fri, 03 Feb 2023 09:19:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8937
Expires: Fri, 03 Feb 2023 11:48:47 GMT
Date: Fri, 03 Feb 2023 09:19:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 08:36:10 GMT
content-type: application/json
age: 2620
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11223
Expires: Fri, 03 Feb 2023 12:26:53 GMT
Date: Fri, 03 Feb 2023 09:19:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: EClmqAam0eZtQdI1i4oWPz31hLZ6OkM4cLvrcBjXNAiRIFWVS3RUckLjbYlpQcRvWGokECEDPWk=
x-amz-request-id: 3XS7J8WVZ9SVP9E4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 08:23:28 GMT
age: 3383
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/dPc-_rR1D1M
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dPc-_rR1D1M
IP 142.250.74.131:0
Hash 37279a79422989fa2870504030ff415e
02b9ab792a290186b08c610a2807725ef45833e8
d205f1617943fa2786a3bdf2648edc968909c30c251cc5ec4ff4f99f6ffbcaad
POST /s/gts1p5/dPc-_rR1D1M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 09:19:51 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dce5de7125b9613c03f077d0485c3884
027d313d2704ae0fad0511e2b01e5d9b08e40914
e8ad7f79458a9fe0934c2c0cc9a4177349bf5bef1f5748642f04779d084dee33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8AD7F79458A9FE0934C2C0CC9A4177349BF5BEF1F5748642F04779D084DEE33"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4916
Expires: Fri, 03 Feb 2023 10:41:47 GMT
Date: Fri, 03 Feb 2023 09:19:51 GMT
Connection: keep-alive
18.pasatok.com/l/PA/12/?resubscription=82&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 12 kB URL HTTP/2 18.pasatok.com/l/PA/12/?resubscription=82&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash 362dcba084227e39b48bf36cc05a1efe
cc04298ed30d35c50fef0aa18ccd94157d1447af
231cd72ed09d5b7a9107f864598098984cab33d1d3699c032b6928bce657fb6d
GET /l/PA/12/?resubscription=82&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 18.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a165dc9830b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
17.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 737 B URL HTTP/2 17.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash d12e19f1d78701e31475ebdc6661138a
2d01eba2c319c44de63fb6e47922c394308dc44c
5b8aad7e511d5eb34fecda07a897c80078fee2004ca37fa1558c92621cfc229c
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 17.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a165db9730b65-OSL
age: 51
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
15.pasatok.com/l/PA/12/?resubscription=85&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 24 kB URL HTTP/2 15.pasatok.com/l/PA/12/?resubscription=85&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash b242d8ab9042e9cb338285dd3f560698
a2a6ba37a640b1aef9b6f16c669a56917c85eba2
a5cbf80493dffde3bb33afa08249395ca8c7ac7da2079dc48ddcebc9246b281f
GET /l/PA/12/?resubscription=85&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 15.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://14.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a165b4efb0b65-OSL
age: 52
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
19.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 736 B URL HTTP/2 19.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 1d812b9ccca9ae06e7f377a63f3867e8
d84eba157f134f92957c83dc8dc8611965ed80ce
8f863ac7786de701e12b278a17f2347ac7eb824e2b293ba9298c521424145ce7
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 19.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a1660edd30b65-OSL
age: 52
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 39 kB URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Hash e5cadcc9396f4179d29aacaa42f75c4b
7f307d17b51f6d126e355f566fd67e4bfd9df9b0
926a94fc1ba58a9f7608161069a23a2ccfdf65e7f7798e4906421ce779f86df8
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://13.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 132c65820687078faf29b03d7fca92ca
8609c8ee73f1f8aab0cd18821dd39dac6448ec8d
e41cc8197359fd793dc1312f0638131c72ba91c112b9acad5391563021da7a4b
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13.pasatok.com/
Origin: https://13.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://13.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0797a03fcb1c4d0e96753ca1f4f4f468; expires=Sat, 03 Feb 2024 09:19:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 39 kB URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Hash bd54c17b3a8c2575a8e7ddccac99c524
021d6b84eba87a2a4fc4d770beec13d8dedd081b
b771754580db6c6a84c9a5b22bbb52e14f31a70e70a40c82ab216d37e649f6f5
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
20.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 299 B URL HTTP/2 20.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash a965047b4f6ba6e46a40531b179c5b14
71367a2ae739da4799613ad3632c8dcfb3c3686f
42e8daf363fbcdb929175f2be2cfca30533288b37ea2fed3f4f8e47b74f4a10d
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 20.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a1661bf280b65-OSL
age: 51
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
21.pasatok.com/l/PA/12/skip-button.webp
104.22.56.101200 OK 5.0 kB URL HTTP/2 21.pasatok.com/l/PA/12/skip-button.webp
IP 104.22.56.101:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 21.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://21.pasatok.com/l/PA/12/?resubscription=79&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: image/webp
content-length: 5006
cf-ray: 793a16624fdd0b65-OSL
accept-ranges: bytes
age: 51
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://16.pasatok.com/
Origin: https://16.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://16.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://15.pasatok.com/
Origin: https://15.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://15.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
21.pasatok.com/l/PA/12/?resubscription=79&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 12 kB URL HTTP/2 21.pasatok.com/l/PA/12/?resubscription=79&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash bf5c7fe5b30173d0f5e68813d173aa60
23d9075ced362802d906ab02927b99f7387dcf59
c3e4087feda589ed496b443e90b3e58ce28bdb3719f325fadeeb35b46fb200b0
GET /l/PA/12/?resubscription=79&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 21.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a1661ef5e0b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash f2816a1aa20539989157d71f4187378e
9a18321700f318364b778b6f75022ffaf94832d1
be590a269f6e6b30b76d08e9587e0b8709d71a49c14905828651ef05b1b2800c
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://15.pasatok.com/
Content-Type: application/json
Origin: https://15.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 1a4265aa897e5cfcce4b097dfae4cb1b
access-control-allow-origin: https://15.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash cab0fab35b48378a1c55eeea340f2d01
656a719b4245190d85b5130cddf88a2e953eff17
adb89ad53eba92afd5bd65e395f13ae031a6f00f752820d2c7e90ec9a8b481a6
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13.pasatok.com/
Content-Type: application/json
Origin: https://13.pasatok.com
Content-Length: 386
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 39f047ebb496051f965c92779e60f8e6
access-control-allow-origin: https://13.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://14.pasatok.com/
Origin: https://14.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://14.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 39 kB URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Hash 767ce39c9d4fe96f382327cffcb1d1a5
e70b912deea43527ec840127f9ddc72079d9aa12
ac07fcf9ab42626dc32c250833251532ed3f479831ef6b76fe920816d8c0f478
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://19.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
23.pasatok.com/l/PA/12/skip-button.webp
104.22.56.101200 OK 5.0 kB URL HTTP/2 23.pasatok.com/l/PA/12/skip-button.webp
IP 104.22.56.101:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
Analyzer Verdict Alert fortinet Phishing
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 23.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://23.pasatok.com/l/PA/12/?resubscription=77&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: image/webp
content-length: 5006
accept-ranges: bytes
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16640a230b65-OSL
X-Firefox-Spdy: h2
22.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 39 kB URL HTTP/2 22.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 4ed08e6f899f09f2fa4041eb37f6eddb
4f0278ec2014ef51759213683ecc1726ebe004b4
c4b68896bf01cd438c037b33edff2271d6f3991d52871bdd42c27721594e9ccc
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 22.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a1663a9990b65-OSL
age: 51
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://16.pasatok.com/
Origin: https://16.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://16.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://19.pasatok.com/
Origin: https://19.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://19.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
23.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 299 B URL HTTP/2 23.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash a965047b4f6ba6e46a40531b179c5b14
71367a2ae739da4799613ad3632c8dcfb3c3686f
42e8daf363fbcdb929175f2be2cfca30533288b37ea2fed3f4f8e47b74f4a10d
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 23.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16644a620b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 3890dc9361fe6e380d867a761b8ffc5d
dd2dac8ebe176613ff5699abed015facfafc2149
41eb978c38e7f708bebe733728ea8bdadbb665c74e36195194887a7260527b9f
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://16.pasatok.com/
Content-Type: application/json
Origin: https://16.pasatok.com
Content-Length: 386
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 40e76fe300fe9b4e34cc4c22e982cb8a
access-control-allow-origin: https://16.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://17.pasatok.com/
Origin: https://17.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://17.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20.pasatok.com/
Origin: https://20.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://20.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 5cadee2dddde2dac50c1cb5e261b036f
b2145dd09ceca5de417e56df1fe346f9adc48a93
b0a749882457ae047e1c8406a4f5b9e4f677c463b87bdef8fbfe24ee968cb7c1
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17.pasatok.com/
Content-Type: application/json
Origin: https://17.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: ce1f54ed5f4ec240be12a841f6c0bb20
access-control-allow-origin: https://17.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://19.pasatok.com/
Origin: https://19.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://19.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://18.pasatok.com/
Origin: https://18.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://18.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://20.pasatok.com/
Origin: https://20.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://20.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
24.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 327 B URL HTTP/2 24.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 20e1f7755a51f156b16466bb692aa017
0ae70c1d1fbc9b61749eb533898c990336fbcbe6
741c4d6b9aa60620c3d2cc4c4a94a9bdb9d9b9da25a6260b2966da7b7db42fde
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 24.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16655b810b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 033f2acca2d7e6be97416c5ee314a8f2
ede49224f4af688dcb3e939c2703131c1fe41070
10046f4f35f6cc834791c3bd16a52b5094e386ddd1dad001a69b2eb2a1e16cb2
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://18.pasatok.com/
Content-Type: application/json
Origin: https://18.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: e68f7b638622741e66ab3a12b75df1e9
access-control-allow-origin: https://18.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 3a279fd32cf2635c214754c04e8a082e
581047cbd80b73c1f71ca93f4fe4c52f750fb9aa
3982f6492846256d38c64b2726c58b91ca8a58ea239e7f7c3d0a655bba2cf5cc
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20.pasatok.com/
Content-Type: application/json
Origin: https://20.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: f1729988fc612cdb50aa43cd200a1fc9
access-control-allow-origin: https://20.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
23.pasatok.com/l/PA/12/?resubscription=77&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 12 kB URL HTTP/2 23.pasatok.com/l/PA/12/?resubscription=77&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash 95190f57d36f16697821ca58ba0c633d
0c0f9ff818c7de1b5d8c6fcff130f249b7c41d9c
743a66531deb41ffbd45f52bb41641800e34245271fd40ec02f97ff1e960ee92
GET /l/PA/12/?resubscription=77&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 23.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a1663a9ae0b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 39 kB URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Hash b1991872737f1d7a113ee1fd7c01f086
6a1c5e17c99e132abb95c3b43eefe8d9a8c5d11a
a0f5ae942ddfb89386d93f2b48e500845a7e52efee69579bf7dc92ccd146f273
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://21.pasatok.com/
Origin: https://21.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://21.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://23.pasatok.com/
Origin: https://23.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://23.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash a58a13b9eb5ebdcea5fe972a128f100e
655b973aefad32dc091ec32dd83bffb51cc37e71
52622f40a5cbab046719c1574b1505b8a422815ce33f6b80f0085f6d56f39f09
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://21.pasatok.com/
Content-Type: application/json
Origin: https://21.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: ac3c7a3da6e2342a76f1638573ef377f
access-control-allow-origin: https://21.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://22.pasatok.com/
Origin: https://22.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://22.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 13d1b593fabd13b150c59977e0228214
0c6cb35caf429563a62aa50b10c997980ed0252b
9493ebaf98ce9db5abe426c768b03e53fac72acce78bf743c954e4f8e0d9add3
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://22.pasatok.com/
Content-Type: application/json
Origin: https://22.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: cf91780930f0b1dbf8d5a1934cfb7efd
access-control-allow-origin: https://22.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://23.pasatok.com/
Origin: https://23.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://23.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
26.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 327 B URL HTTP/2 26.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash a47b361478fcae0e8aa1241f41775186
1f5daa9bc90862d29ae3d28d98e45f239021ff25
8b9ec958e028b2b1c15e85937c8c671c7fea5c01d64dfb98d8a841fce1fd268c
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 26.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16679efd0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
27.pasatok.com/l/PA/12/?resubscription=73&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 51 kB URL HTTP/2 27.pasatok.com/l/PA/12/?resubscription=73&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash 1485effbd85b6f0fd354ea0130c686e9
615bbe2d82c84032a0d79a3e4d962542e0f69bdb
85b8e40b1e4424350a64d87fae0826a1a35c74a5dd8e778974241ac26e968fa2
GET /l/PA/12/?resubscription=73&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 27.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://26.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16681f700b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
28.pasatok.com/l/PA/12/?resubscription=72&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 12 kB URL HTTP/2 28.pasatok.com/l/PA/12/?resubscription=72&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash bf5c7fe5b30173d0f5e68813d173aa60
23d9075ced362802d906ab02927b99f7387dcf59
c3e4087feda589ed496b443e90b3e58ce28bdb3719f325fadeeb35b46fb200b0
GET /l/PA/12/?resubscription=72&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 28.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166928740b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 31d71c760c520098cca32c412762b450
f8b42e16c47d6fa4e96f9eafdd44894d10ff5fc5
564651d49cd1c928622893e86bfe34c65bf967abcfdded062310681afcb690c4
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://24.pasatok.com/
Content-Type: application/json
Origin: https://24.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: a0e82de7949fb88e0083f37f7def5f60
access-control-allow-origin: https://24.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25.pasatok.com/
Origin: https://25.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://25.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26.pasatok.com/
Origin: https://26.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://26.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9262
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 09:19:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9262
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 09:19:54 GMT
Connection: keep-alive
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://25.pasatok.com/
Origin: https://25.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://25.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 352e4166a431e781e56cc7f169c7f8ca
866b76c34076cf2e18c6a071336fcf4f581f3c4d
75ba13b601f4b00c5b091eb29e7f6739ffee3e127bd6d3c4b35cc967bb6d354a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9779
x-amzn-requestid: 101b984b-9c04-4d07-b1fe-3d888f4bcd49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftcNRFV_oAMF2_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dba721-72679ba0378015034e17b8ca;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 12:05:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: p74tt3doRE9DKoD5cpPKriYPFEQhq7f3Xf8vhgNNz7QhZNIvdc6NQQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:05:18 GMT
age: 40476
etag: "866b76c34076cf2e18c6a071336fcf4f581f3c4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 2df5779a-a808-46ec-9246-1a9b9bddd9e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmKLVHwroAMF72Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd7b-3cfe97e07d17958836425784;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _VFg0FMYa1Dg55fLpJTwdX2uZXkYjZSFdbdAKqGQu7GF2dPiawKh1g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 05:59:16 GMT
age: 12038
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 1350cdd1-10c2-44e0-993d-2335a082fb91
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fstgNH0moAMF3OA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db5c67-02211c3d5ca147c718348860;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 06:47:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t7OYoLCzzQakW2lqiAUaeKA00Beq4J5elQ5qF7yGUb2L7JSNUJCPNA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 05:40:54 GMT
age: 13140
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02123eef9faa8560ff66b058d4e13a28
decf26282993d7f0b14cf4112d14fa39c97fa89f
28889ff20f1b2fe0b73f8f97e6569f1d68d77fe436eeb47cc06ee4f0822ff239
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9130
x-amzn-requestid: 09ad3fbb-1e71-4455-82df-6e59f65239a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuxiYEkqIAMFVZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2fa8-1dca116e4317f9bd14f6d45a;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:48:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Bc2svrG-wX63DK9RPUyjh-n6AHVHaQe3QRmEL27L-amwCH2I_f_9g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:05:17 GMT
age: 40477
etag: "decf26282993d7f0b14cf4112d14fa39c97fa89f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fde7081-1c8d-41df-98c8-c063731c6202.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fde7081-1c8d-41df-98c8-c063731c6202.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 703c7834618fd34f3d7ce5c82a51abc0
4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c
1f467ce5825e3f8b8f841293d1ce945dc7a577abbe2cb8a2caa16ace165f4857
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fde7081-1c8d-41df-98c8-c063731c6202.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3385
x-amzn-requestid: 30717e1a-7a08-4b11-90e7-cd175aa667d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzrEo4oAMF1qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce4-3bc1302b4cf47fa2520e3033;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AnMRlC-rgJLk6OwzHDFeaGBuDfEuRj_n0S2o1o7QSTZqMwCIr-20-A==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:35 GMT
age: 41599
etag: "4bdaa7e9e8d6408b73ea457e7aabb26fa2a5c81c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:28:50 GMT
age: 39064
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 1c934df227cbfb0825d57280110d278f
865782f1a13b2b19b22621f055628a152874b4b6
4a3e10a96439b9e14138f14f71b77d6547e3a098c8ea4805154862876dfe7ccd
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://25.pasatok.com/
Content-Type: application/json
Origin: https://25.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 92067e0aa7e803cd3afde0d65775a9c2
access-control-allow-origin: https://25.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://26.pasatok.com/
Origin: https://26.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://26.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 278ff1a48b0addcf5c1ab14a90c6dd83
698ec1f33095ba8c3edbc02db39e0b223ba20676
00a2bee7de9c26aaefc52ce6665d7eabdafa3d6a6231d6ea4a48e2387ee21e83
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://26.pasatok.com/
Content-Type: application/json
Origin: https://26.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: ffb15b954a8948ac3d5396e27ddf4769
access-control-allow-origin: https://26.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
30.pasatok.com/l/PA/12/skip-button.webp
104.22.56.101200 OK 5.0 kB URL HTTP/2 30.pasatok.com/l/PA/12/skip-button.webp
IP 104.22.56.101:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 639x273, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da2dc41d023f4fcc89675351f9117c3d
bff287be312236d01df91ec7db9a58c4bde224f4
4d1449898da756c5bff9e9696a2c71ea1ab9e6e96c5dfec29885a63ac237eb3b
GET /l/PA/12/skip-button.webp HTTP/1.1
Host: 30.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://30.pasatok.com/l/PA/12/?resubscription=70&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: image/webp
content-length: 5006
accept-ranges: bytes
etag: "l/PA/12/skip-button.31c9ae67f7.webp"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166c6c480b65-OSL
X-Firefox-Spdy: h2
30.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 5.2 kB URL HTTP/2 30.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 28a5ae6eb631bdf2a0511ca2c0bb9dba
0a54c5a92dc95f5e7271798b277684963b60817e
57a42021fda86ac4bc92eb40a20732105c808678f2c925421b806f655cc55e54
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 30.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166cccb40b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
29.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 100 kB URL HTTP/2 29.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash eaeeab9028a740df4c9698c4ea0e44f1
e3a2bbc97173d51388cfc0f678a3666e4a0dc3ee
2d96aa44e1c563d1ff22d2e773142fc0320679720680e2c43ed39940193e4e4e
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 29.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166bbb910b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://28.pasatok.com/
Origin: https://28.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://28.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
32.pasatok.com/l/PA/12/?resubscription=68&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 12 kB URL HTTP/2 32.pasatok.com/l/PA/12/?resubscription=68&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (28894), with no line terminators
Hash 6077315886d1269c4223a8ca09f8c87a
9c67e74e8c6063aae6c861f0c825c6f171e64409
e3496123379bacd5ed1c7952c9c3440fc8969bb397f134a76d64aacfc93f55f5
GET /l/PA/12/?resubscription=68&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 32.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://31.pasatok.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166e6e6d0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
31.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 234 B URL HTTP/2 31.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 56f59dab98961e53fb945068b8c1662c
83b00f1da4a9cd0a70201374636e75be7a781af1
3c211cbf774aa2cb881e621d3f3c141444181c7334ea966feeda5d1922008336
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 31.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166dddf20b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 51 kB URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Hash fe83d87126f4231263aaeab612a0e76b
92c2e1ddebc6421b6ca5a67364181001dfa6935f
35fbbd25b3887d9f8fc9e563b8a638567ce99dd8a7439f843c42fb59d68d35cb
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://24.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://27.pasatok.com/
Origin: https://27.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://27.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 64ea53cce004309b84582be939e94f10
5b4f7aab95e14c0bf7619d2c829618a03d4fb665
3df209e6dd6f40581a119983cc2dc95cf50ec538a311e62dda7b4cc7771fdec5
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://27.pasatok.com/
Content-Type: application/json
Origin: https://27.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 505f43ab2053342e79bcb971ad66e5a9
access-control-allow-origin: https://27.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29.pasatok.com/
Origin: https://29.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://29.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
28.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 299 B URL HTTP/2 28.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash a965047b4f6ba6e46a40531b179c5b14
71367a2ae739da4799613ad3632c8dcfb3c3686f
42e8daf363fbcdb929175f2be2cfca30533288b37ea2fed3f4f8e47b74f4a10d
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 28.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166a39a80b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fecb1e4451f64d87f20b0b2224a44fe5
142dc6f2407184dd40cc3477841b2640c0ebde22
88dc0a633d1c24a6fc90f4db39034712f0829547d34ce247d5715c5d086997bc
GET /gid.js?pub=0&userId=&zoneId=5655417&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.pasatok.com/
Origin: https://30.pasatok.com
Connection: keep-alive
Cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://30.pasatok.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=32d30b3b6ef04bf6815a0d2bcb67b8eb; expires=Sat, 03 Feb 2024 09:19:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47924a35567c54ed1314a3538cdd9a3d
394e7873f5b4b53cb0f6f07005105811f694c8ed
370363c9b1ccf2ea609f4797257783252eaa69a156dd9b883496df54bbd43f8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370363C9B1CCF2EA609F4797257783252EAA69A156DD9B883496DF54BBD43F8D"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2727
Expires: Fri, 03 Feb 2023 10:05:22 GMT
Date: Fri, 03 Feb 2023 09:19:55 GMT
Connection: keep-alive
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://29.pasatok.com/
Origin: https://29.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://29.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://31.pasatok.com/
Origin: https://31.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://31.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
choupsee.com/zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 choupsee.com/zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=prerequest HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://31.pasatok.com/
Origin: https://31.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-length: 0
x-trace-id: 04f58d573b3f9c987a71e3e45dcd826f
access-control-allow-origin: https://31.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 06b331b2fe4a6a75f2a64edeac7373e3
786f65e782f17ef5550060e372cd3dfd4f6f8c6a
623a398e84b8d50db6aa63ec2e491ac73595da4aa5e7537dc0d78b25db9b2950
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://29.pasatok.com/
Content-Type: application/json
Origin: https://29.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: e0ea51279039a40e5ab94cbacaf24f51
access-control-allow-origin: https://29.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://30.pasatok.com/
Origin: https://30.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://30.pasatok.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 7a90c07072d9ffdbce34e5f8ab1ef2d8
f9ef6ac99eebdcf339ad7623eb38fcffab39046f
779a3b192a3a2005b1752581e5af0a27c13c34775368aadb2424e92802d9e113
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://31.pasatok.com/
Content-Type: application/json
Origin: https://31.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 45ea31d09800b9230f585584d8dfa161
access-control-allow-origin: https://31.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 5a531933a508639a2b842e5b142a4844
6b4e053ef9f777303beefe9e3534ce69afee4a63
99fd5927f1d7add3d7ff2b1c30f976f0d9ec0a6e526f5dbbac83b0238c0f64ec
Analyzer Verdict Alert quad9 Sinkholed
POST /event HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://30.pasatok.com/
Content-Type: application/json
Origin: https://30.pasatok.com
Content-Length: 385
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 9f97b2f9e430a245ef9988e8f36a5691
access-control-allow-origin: https://30.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
18.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 233 B URL HTTP/2 18.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
File type ASCII text, with very long lines (421)
Hash 5290097712f9a2f2c72e5aae4be78022
a6dcdc1bb9c01470da1083f127f7e965bea384ac
e093ade10d7acfd66f2c0d2da258efb4e7b5193edf7473041dcbc1253512d919
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 18.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a165f3b7b0b65-OSL
age: 52
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
choupsee.com/zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=settings
139.45.197.251200 OK 693 B URL HTTP/2 choupsee.com/zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=settings
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (692)
Hash 38869b4803c6e941ac61538a226845b3
5614b25f4f645ad85a5bee91e0c1117aa688f187
1179e7abd99fe51ccef42636e59187730ad60beb91f400844314c4149341e800
GET /zone?&pub=0&zone_id=5655417&is_mobile=false&domain=31.pasatok.com&var=165_MX&ymid=1675415895776hd99m7yba&var_3=&dsig=&nt=true&action=settings HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://31.pasatok.com/
Origin: https://31.pasatok.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: 9441d2f98004f9952e10ee9f5e662aec
access-control-allow-origin: https://31.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
choupsee.com/event
139.45.197.251200 OK 94 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 7a90c07072d9ffdbce34e5f8ab1ef2d8
f9ef6ac99eebdcf339ad7623eb38fcffab39046f
779a3b192a3a2005b1752581e5af0a27c13c34775368aadb2424e92802d9e113
Analyzer Verdict Alert fortinet Malware
POST /event HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://31.pasatok.com/
Content-Type: application/json
Origin: https://31.pasatok.com
Content-Length: 488
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:55 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: f7dfe5f305745c04e890edff8d0a5521
access-control-allow-origin: https://31.pasatok.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
15.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 0 B URL HTTP/2 15.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 15.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a165c0fce0b65-OSL
age: 51
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://14.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
25.pasatok.com/l/PA/12/?resubscription=75&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 25.pasatok.com/l/PA/12/?resubscription=75&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=75&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 25.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://24.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16658bb60b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://16.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
19.pasatok.com/l/PA/12/?resubscription=81&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 19.pasatok.com/l/PA/12/?resubscription=81&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=81&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 19.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://18.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a165f4b840b65-OSL
age: 52
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
21.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 0 B URL HTTP/2 21.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 21.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a16625fec0b65-OSL
age: 51
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
24.pasatok.com/l/PA/12/?resubscription=76&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 24.pasatok.com/l/PA/12/?resubscription=76&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=76&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 24.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://23.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a16648aaa0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
31.pasatok.com/l/PA/12/?resubscription=69&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 31.pasatok.com/l/PA/12/?resubscription=69&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=69&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 31.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://30.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166d4d5f0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://30.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
17.pasatok.com/l/PA/12/?resubscription=83&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 17.pasatok.com/l/PA/12/?resubscription=83&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=83&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 17.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://16.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a165cd8910b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://27.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
30.pasatok.com/l/PA/12/?resubscription=70&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 30.pasatok.com/l/PA/12/?resubscription=70&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=70&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 30.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://29.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: text/html; charset=utf-8
etag: W/"l/PA/12/index.b889ad63dd.html"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166bebcb0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
31.pasatok.com/favicon.ico
104.22.56.101200 OK 0 B URL HTTP/2 31.pasatok.com/favicon.ico
IP 104.22.56.101:0
GET /favicon.ico HTTP/1.1
Host: 31.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://31.pasatok.com/l/PA/12/?resubscription=69&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: image/vnd.microsoft.icon
etag: W/"favicon.ff38969f14.ico"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a166e3e380b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
13.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 0 B URL HTTP/2 13.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 13.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a165a0dc90b65-OSL
age: 52
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
14.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 0 B URL HTTP/2 14.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 14.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 793a165b2ee60b65-OSL
age: 52
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://31.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
13.pasatok.com/l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 13.pasatok.com/l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=87&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 13.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a1658bc970b65-OSL
age: 52
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
27.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
104.22.56.101200 OK 0 B URL HTTP/2 27.pasatok.com/sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba
IP 104.22.56.101:0
GET /sw-check-permissions-5655417.js?z=5655417&var=165_MX&ymid=1675415895776hd99m7yba HTTP/1.1
Host: 27.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript; charset=utf-8
etag: W/"sw-check-permissions-5655417.d8c3536505.js"
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 793a1668d8260b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
14.pasatok.com/l/PA/12/?resubscription=86&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 14.pasatok.com/l/PA/12/?resubscription=86&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=86&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 14.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://13.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:51 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a165a5e2a0b65-OSL
age: 52
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
20.pasatok.com/l/PA/12/?resubscription=80&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 20.pasatok.com/l/PA/12/?resubscription=80&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=80&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 20.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://19.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a1660fdec0b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
22.pasatok.com/l/PA/12/?resubscription=78&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
104.22.56.101200 OK 0 B URL HTTP/2 22.pasatok.com/l/PA/12/?resubscription=78&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
IP 104.22.56.101:0
GET /l/PA/12/?resubscription=78&clickid=1675415895776hd99m7yba&source=165&unique_user=1&browser_name=Chrome&browser_version=94.0.0.0&country=MX&partner=PA&language=en-US&unixtime=1675415895&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} HTTP/1.1
Host: 22.pasatok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://21.pasatok.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 09:19:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 793a1662c8920b65-OSL
age: 51
etag: W/"l/PA/12/index.b889ad63dd.html"
vary: Accept-Encoding
cf-cache-status: HIT
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://25.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:53 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
139.45.197.251200 OK 0 B URL HTTP/2 deehalig.net/pfe/current/sw.perm.check.min.js?r=sw
IP 139.45.197.251:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/sw.perm.check.min.js?r=sw HTTP/1.1
Host: deehalig.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://29.pasatok.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 09:19:54 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-1d349"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2