redir.blowingwind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=6c84c8cd0efdd1de2fe685d9916ad616:9b41393abe90d3224552d6cb6c2b09d5e2b272abd6f6ce2dcf0cf3568656c467163016da377c9e9746fe98893cc28ebf301f36561bf7f4798ce7b2bb5ee8a1bd9e6a752bf12f91e24c62ce0d821cde39f936887ec799eb9874ab62bd1dc646e4fe902163997d8004d49992c9586ade023c64b38647afef6551f1feb7e4ad95bc827b45fad9d21eaa33cfdfe9254875bf6aa7a2cbc8e54baa41e2b9957c0226d4d33648a2e10d8eb6599e2bf0a4d1eed37c9d4d4092b5545c85bcb0fe3eabc825e3f3cc5e5aef0494fd84a4d951d9d158c0a9e53ab15a96ca1e2b321f5f7c4e807c2db52150bcc45b60c79806300ff59bc665dfbfba8d1432c716c47d300fb2854461b275781e2438e4dafdbdc3ac43ffd84ac72b86e70d82900763b35ac624860254fe0666085da0aeadcc95f16b4d615d10de74da334cdacd0a43ce08279f475f970b5a5dbacfc197f6b0205d15ee06f126953a9137ce0047b9038d6fbb0c135c048cc3b1e09e20eb417067963146dd7bcddf9a73e8c027b6e695c12e97e3fac8ac17b98e09e33bf202ed2b1d83f362af9ff18003885a6c332faf2d51cd945b4987eaae504b9ab19ac078e3314053863b6368bd4cc2666286019b60b4ed68bf84325d61d2852cab00cdea2505725ad4e4238d814a86b11784b0ae57c0b4f114&s1=63d393db54aa8b0ba26cc673
198.211.113.186302 Found 258 B URL HTTP/1.1 redir.blowingwind.xyz/feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=6c84c8cd0efdd1de2fe685d9916ad616:9b41393abe90d3224552d6cb6c2b09d5e2b272abd6f6ce2dcf0cf3568656c467163016da377c9e9746fe98893cc28ebf301f36561bf7f4798ce7b2bb5ee8a1bd9e6a752bf12f91e24c62ce0d821cde39f936887ec799eb9874ab62bd1dc646e4fe902163997d8004d49992c9586ade023c64b38647afef6551f1feb7e4ad95bc827b45fad9d21eaa33cfdfe9254875bf6aa7a2cbc8e54baa41e2b9957c0226d4d33648a2e10d8eb6599e2bf0a4d1eed37c9d4d4092b5545c85bcb0fe3eabc825e3f3cc5e5aef0494fd84a4d951d9d158c0a9e53ab15a96ca1e2b321f5f7c4e807c2db52150bcc45b60c79806300ff59bc665dfbfba8d1432c716c47d300fb2854461b275781e2438e4dafdbdc3ac43ffd84ac72b86e70d82900763b35ac624860254fe0666085da0aeadcc95f16b4d615d10de74da334cdacd0a43ce08279f475f970b5a5dbacfc197f6b0205d15ee06f126953a9137ce0047b9038d6fbb0c135c048cc3b1e09e20eb417067963146dd7bcddf9a73e8c027b6e695c12e97e3fac8ac17b98e09e33bf202ed2b1d83f362af9ff18003885a6c332faf2d51cd945b4987eaae504b9ab19ac078e3314053863b6368bd4cc2666286019b60b4ed68bf84325d61d2852cab00cdea2505725ad4e4238d814a86b11784b0ae57c0b4f114&s1=63d393db54aa8b0ba26cc673
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 693257ef598c9575b8110bfc0dbd68aa
c8d2c0927a3f42b9f75a8749b724ba2a131d4190
9a5a810357496a532c0d3214e20d27dfb35bd50b97d6ba0d27f8b8949125ca26
GET /feed/click/?t1=128&tid=48&uid=36&subid=48.503&id=6c84c8cd0efdd1de2fe685d9916ad616:9b41393abe90d3224552d6cb6c2b09d5e2b272abd6f6ce2dcf0cf3568656c467163016da377c9e9746fe98893cc28ebf301f36561bf7f4798ce7b2bb5ee8a1bd9e6a752bf12f91e24c62ce0d821cde39f936887ec799eb9874ab62bd1dc646e4fe902163997d8004d49992c9586ade023c64b38647afef6551f1feb7e4ad95bc827b45fad9d21eaa33cfdfe9254875bf6aa7a2cbc8e54baa41e2b9957c0226d4d33648a2e10d8eb6599e2bf0a4d1eed37c9d4d4092b5545c85bcb0fe3eabc825e3f3cc5e5aef0494fd84a4d951d9d158c0a9e53ab15a96ca1e2b321f5f7c4e807c2db52150bcc45b60c79806300ff59bc665dfbfba8d1432c716c47d300fb2854461b275781e2438e4dafdbdc3ac43ffd84ac72b86e70d82900763b35ac624860254fe0666085da0aeadcc95f16b4d615d10de74da334cdacd0a43ce08279f475f970b5a5dbacfc197f6b0205d15ee06f126953a9137ce0047b9038d6fbb0c135c048cc3b1e09e20eb417067963146dd7bcddf9a73e8c027b6e695c12e97e3fac8ac17b98e09e33bf202ed2b1d83f362af9ff18003885a6c332faf2d51cd945b4987eaae504b9ab19ac078e3314053863b6368bd4cc2666286019b60b4ed68bf84325d61d2852cab00cdea2505725ad4e4238d814a86b11784b0ae57c0b4f114&s1=63d393db54aa8b0ba26cc673 HTTP/1.1
Host: redir.blowingwind.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://t10.lowtid.com/n.php?p=c:9qopki6xwqp78c2dg&d=603611c5b7eaf46891533240&s=48.48.503&s2=48
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 258
Date: Fri, 27 Jan 2023 09:05:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16258
Expires: Fri, 27 Jan 2023 13:36:46 GMT
Date: Fri, 27 Jan 2023 09:05:48 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18880
Expires: Fri, 27 Jan 2023 14:20:28 GMT
Date: Fri, 27 Jan 2023 09:05:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 08:35:19 GMT
content-type: application/json
age: 1829
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3026
Expires: Fri, 27 Jan 2023 09:56:14 GMT
Date: Fri, 27 Jan 2023 09:05:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: amwZqQbDgCr7s2E+nv5zvwrKWMwxVEVtZPioSYCrPm2x/EOsDAVXp8lrqf0AbWXm5Df/PzMW+hY=
x-amz-request-id: GCSW73NRC20A8X0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 08:49:21 GMT
age: 987
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 09:05:49 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ff33c257d3570d3c38654ab5fb96a05d
103efee949aa0e4ac505ba046004844af683165f
7b2b13c81d913094dcbc2d2bb20c81dc93be601005763e1f82a82f44bc1a6623
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B2B13C81D913094DCBC2D2BB20C81DC93BE601005763E1F82A82F44BC1A6623"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5467
Expires: Fri, 27 Jan 2023 10:36:56 GMT
Date: Fri, 27 Jan 2023 09:05:49 GMT
Connection: keep-alive
t10.lowtid.com/n.php?p=c:9qopki6xwqp78c2dg&d=603611c5b7eaf46891533240&s=48.48.503&s2=48
51.83.143.92302 Found 0 B URL HTTP/1.1 t10.lowtid.com/n.php?p=c:9qopki6xwqp78c2dg&d=603611c5b7eaf46891533240&s=48.48.503&s2=48
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n.php?p=c:9qopki6xwqp78c2dg&d=603611c5b7eaf46891533240&s=48.48.503&s2=48 HTTP/1.1
Host: t10.lowtid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 27 Jan 2023 09:05:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11kgq037yu
Raund: 12uf2w0vxv-2v5
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b572a75373961b0bbf40d0a8f2fa5b3f
e80fbc48d67b1c98b1099dfeb8af1028464330ce
bfbf27d9d4e8663e1ce9a886becdd836255265efb0e4527dbb49878213173e2f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:49 GMT
Etag: "63d22525-118"
Last-Modified: Fri, 27 Jan 2023 07:48:53 GMT
Server: ECS (amb/6BA0)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 08:49:03 GMT
age: 1006
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b572a75373961b0bbf40d0a8f2fa5b3f
e80fbc48d67b1c98b1099dfeb8af1028464330ce
bfbf27d9d4e8663e1ce9a886becdd836255265efb0e4527dbb49878213173e2f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:49 GMT
Last-Modified: Fri, 27 Jan 2023 07:48:53 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18068
Expires: Fri, 27 Jan 2023 14:06:57 GMT
Date: Fri, 27 Jan 2023 09:05:49 GMT
Connection: keep-alive
popcash.net/world/go/142/26196/
104.21.52.38301 Moved Permanently 162 B URL HTTP/1.1 popcash.net/world/go/142/26196/
IP 104.21.52.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/142/26196/ HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jan 2023 09:05:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://ps.popcash.net/go/142/26196/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXuMWiUJdgVdUJ2WyIcbR9mJw%2FsbPPIqMHsC3ciZEMlZsjkzNTQLaViFzGxnNNIoRMIPqUlI1Wf1Plio9%2BXpCdOkQuGcl3%2B72b3l6hsK7RFieG5K0Uc6MbsGkWB0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7900542d5e751c0a-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.187.195.111101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.195.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eRC326QCDGljKIFNYoq4Gw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6MNdoNSzsPaU2UVC18vLfUlkQz0=
ps.popcash.net/go/142/26196/
54.205.43.136200 OK 268 B URL HTTP/1.1 ps.popcash.net/go/142/26196/
IP 54.205.43.136:0
File type HTML document, ASCII text
Hash 5b8ffee3ad281ee1839fb135d1e8b687
059063ebd7cd613b927616c1b37145850dbbf474
482e5c64e88447a9b14952e349e60510adde42706be267ef752999f9dd0cbc14
GET /go/142/26196/ HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 27 Jan 2023 09:05:50 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 268
Connection: keep-alive
ps.popcash.net/ad/ad?p=142&w=26196&t=9dfa73700aec33d2&r=&vw=1280&vh=0
54.205.43.136303 See Other 2.4 kB URL HTTP/1.1 ps.popcash.net/ad/ad?p=142&w=26196&t=9dfa73700aec33d2&r=&vw=1280&vh=0
IP 54.205.43.136:0
Hash 7555ecfc6148f2f854b5a54624b5fca3
caf3a87a2275de8617e6ff8e1a1319a55270bb17
43c126d0aff1fd66872f3bc98dfe3b18d73762dda42e0bffc6755b5e5be4187e
GET /ad/ad?p=142&w=26196&t=9dfa73700aec33d2&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Fri, 27 Jan 2023 09:05:50 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 9ea781c3617d9d0c759fa56be842957c
6f9e776cf9000e6184d14ff3637e9bfd456a1c95
a2ac746721766906b4677239c4ed707e92b3319bf4a13ad32191f789cb4ac9fd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:05:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 02:30:51 GMT
Expires: Thu, 02 Feb 2023 02:30:50 GMT
Etag: "6f9e776cf9000e6184d14ff3637e9bfd456a1c95"
Cache-Control: max-age=494099,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79005431a9c71c16-OSL
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
116.202.158.120302 Found 461 B URL HTTP/2 adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP 116.202.158.120:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (459)
Hash 73f5fe683dbc62dee3cd16c4476c4558
506c9eb558d3682398ef1f0aa84d7764b63cb851
3e3c2049e5cb843f8b1d52a50baedee77142cdb9d202735f1d3f7b6f51cd8bb5
GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 27 Jan 2023 09:05:51 GMT
content-type: text/html; charset=utf-8
content-length: 461
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABj05Pv_zsEmU6Xup10jXqASMUDzgZ3NbeMAWQnavMh-VTTQ5Sv6DOAI2TNscA6r783pzYSAOQjsBryVIybyAg9xT0PjyOrjvCKYsWJBwj_4z6gbL-dyV5eYlJpqbXbvExTTQgvUI9vXusyHepqdxy2lKlyIfXHbtiI4O-tHa1stz5EAKG3vASZwrUw2YzJRV4PA6dE4oEVb-gU95SVl-lCEIIlsbeTsmhVhZiqgrRPRcTuhgN19sXCS0CcjAkZ3JoHRvUVP1vB5BK2-yyvVM5YFU9Ebe3fo2eP5LzYPByu86lTnP3UNuqDtAX0w0eCg8jV7qyFLJQqAOiUDHY9jD2PZpg396NcJ04LLZipomIXuGUnBHK9EYM4KKjJ2H1x2NxY033p
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 09:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 09:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 09:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 09:05:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5689
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 09:05:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bad60daf652c598a06510ff955137b69
235bf4642e726bb6a303fe1b69238e2e973414cb
d655c5ac17274a30a89c31674e14dc9c1b6bc39bfff94db1c9ff0d8006bb673b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12508
x-amzn-requestid: 68787c38-72fe-4d8a-9521-aeb9efa56b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYWyGIHoAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca075e-1ee9488d2dd0437728beac94;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2RZzMCqjRpKbm-g_6vAq1YV4LQ5RAB9HrkKCQx_ah4C6PnAzHZpKCg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 18:49:04 GMT
age: 51407
etag: "235bf4642e726bb6a303fe1b69238e2e973414cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:26:22 GMT
age: 74369
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 39955
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MeE0Qrn_yZvUApGQTbOKQ14Z2ipPLbPFPyVqkKTk0Bs7ETn0UU6yMg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:48:43 GMT
age: 40628
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3605538118d3aaef721a03d482b0f9a
2e2e770d552a05a0f24f4bbb1110266440b2bf76
1011d275125968599a8dd082810deca07e82770efad760b3f1ebf7f74ebab78e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9063
x-amzn-requestid: 8eb82d16-63f8-4e6e-b9fe-1795c7703c03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2EbSoAMFUwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-67a0958d7cd1f132605d93be;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fEX2-oiOwaU7l9OQzljVzFI-CQOwn4yQjUJ_fv0pmjc6C8evz1LDbQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 11:12:36 GMT
age: 78795
etag: "2e2e770d552a05a0f24f4bbb1110266440b2bf76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fdefZSZfSJi1-C7ZTSahawckLN-To4P91H-n1cyPqw34f18VzTeHRg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:06 GMT
age: 72705
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 235f96f76bb602b6ede994efad7c13af
05a732c5b155e109c619f502e14553e652e1e0ca
2d01711a41a73b243a45c1a3d9c3335c48208110953276d7e89e76131bd86204
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:05:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 24 Jan 2023 14:40:43 GMT
Expires: Tue, 31 Jan 2023 14:40:42 GMT
Etag: "05a732c5b155e109c619f502e14553e652e1e0ca"
Cache-Control: max-age=365090,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790054373e731c16-OSL
curvyalpaca.cc/sc?a=Csxn&c=aqhCwqbTyZEEFRTuYsRH2Y&e=gAAAAABj05Pv2AHF0YaMs0_NlC8tHHEnXiXlpXHF1GKg3gtGmcSlsQVxqfJ3Hz2qAmIXGtHL6YYK01JDWD3KZfp8u2gwaXMpAhhQ7J8ioXUD_rdEJSEJyI7_djIqgk6bvLEm_jalZN0Nh2k9VnsXbT-PTba8BIseYNkf1zNcNGdM4X_L-NPUuwnV2zoDwVDc4gxiIFuzpNpjY-JAdUByECDzNFxKh2l6TbhHxUcAw0vBXPcNbQ6yhfOulRYOYpFEoVEvTa3RDUCNar6DTs4BBFXhEetASP1t2xUGRMeLGkYK0Kal5MTTS6DoN-_NMOzeuzG78leSHniU6JCbU12teZBnL9ZNg8qcLtW-LOWaob0LvhmQBUQ6Z4dnnEe49psRsO-6bDD1E6MY&f=0
157.90.88.167302 Found 75 B URL HTTP/2 curvyalpaca.cc/sc?a=Csxn&c=aqhCwqbTyZEEFRTuYsRH2Y&e=gAAAAABj05Pv2AHF0YaMs0_NlC8tHHEnXiXlpXHF1GKg3gtGmcSlsQVxqfJ3Hz2qAmIXGtHL6YYK01JDWD3KZfp8u2gwaXMpAhhQ7J8ioXUD_rdEJSEJyI7_djIqgk6bvLEm_jalZN0Nh2k9VnsXbT-PTba8BIseYNkf1zNcNGdM4X_L-NPUuwnV2zoDwVDc4gxiIFuzpNpjY-JAdUByECDzNFxKh2l6TbhHxUcAw0vBXPcNbQ6yhfOulRYOYpFEoVEvTa3RDUCNar6DTs4BBFXhEetASP1t2xUGRMeLGkYK0Kal5MTTS6DoN-_NMOzeuzG78leSHniU6JCbU12teZBnL9ZNg8qcLtW-LOWaob0LvhmQBUQ6Z4dnnEe49psRsO-6bDD1E6MY&f=0
IP 157.90.88.167:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash e02f3fd00a9fbcbf0fcee60956a61706
3d41b49610864d42f972ec67ac670d49c19766da
81d7b21ed1c0f7dc9eba54a9cdaa2bcc9d70b4a5142e549a243ba265e1eaac2a
GET /sc?a=Csxn&c=aqhCwqbTyZEEFRTuYsRH2Y&e=gAAAAABj05Pv2AHF0YaMs0_NlC8tHHEnXiXlpXHF1GKg3gtGmcSlsQVxqfJ3Hz2qAmIXGtHL6YYK01JDWD3KZfp8u2gwaXMpAhhQ7J8ioXUD_rdEJSEJyI7_djIqgk6bvLEm_jalZN0Nh2k9VnsXbT-PTba8BIseYNkf1zNcNGdM4X_L-NPUuwnV2zoDwVDc4gxiIFuzpNpjY-JAdUByECDzNFxKh2l6TbhHxUcAw0vBXPcNbQ6yhfOulRYOYpFEoVEvTa3RDUCNar6DTs4BBFXhEetASP1t2xUGRMeLGkYK0Kal5MTTS6DoN-_NMOzeuzG78leSHniU6JCbU12teZBnL9ZNg8qcLtW-LOWaob0LvhmQBUQ6Z4dnnEe49psRsO-6bDD1E6MY&f=0 HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABj05Pv_zsEmU6Xup10jXqASMUDzgZ3NbeMAWQnavMh-VTTQ5Sv6DOAI2TNscA6r783pzYSAOQjsBryVIybyAg9xT0PjyOrjvCKYsWJBwj_4z6gbL-dyV5eYlJpqbXbvExTTQgvUI9vXusyHepqdxy2lKlyIfXHbtiI4O-tHa1stz5EAKG3vASZwrUw2YzJRV4PA6dE4oEVb-gU95SVl-lCEIIlsbeTsmhVhZiqgrRPRcTuhgN19sXCS0CcjAkZ3JoHRvUVP1vB5BK2-yyvVM5YFU9Ebe3fo2eP5LzYPByu86lTnP3UNuqDtAX0w0eCg8jV7qyFLJQqAOiUDHY9jD2PZpg396NcJ04LLZipomIXuGUnBHK9EYM4KKjJ2H1x2NxY033p
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.1
date: Fri, 27 Jan 2023 09:05:51 GMT
content-type: text/html; charset=utf-8
content-length: 75
location: http://xml-eu-v4.webmedrtb.com/click?i=rs9V46J1xCw_0
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
xml-eu-v4.webmedrtb.com/click?i=rs9V46J1xCw_0
77.245.57.64302 Found 0 B URL HTTP/1.1 xml-eu-v4.webmedrtb.com/click?i=rs9V46J1xCw_0
IP 77.245.57.64:0
ASN #36057 WEBAIR-INTERNET-MTL
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=rs9V46J1xCw_0 HTTP/1.1
Host: xml-eu-v4.webmedrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDAzNSZzPTQ0Mjk4MCZhPTA1
Pragma: no-cache
c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDAzNSZzPTQ0Mjk4MCZhPTA1
3.231.69.169302 Found 185 B URL HTTP/1.1 c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDAzNSZzPTQ0Mjk4MCZhPTA1
IP 3.231.69.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash be6d4a4149373aeb1cef3cab034501b2
02c30f848c69667b70cc3654ed6a98b4f1bfd3b6
471613345cd9162d482f088c56818af92f4ccfc8899c8283b13d47a329d9465e
Analyzer Verdict Alert fortinet Malware
GET /go.ashx?w=cD1leHBsb3JhZHNwbGFyaW1vMTQmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDAzNSZzPTQ0Mjk4MCZhPTA1 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:52 GMT
Location: http://c.ewoss.click/out.aspx?u=dd5eadf1-e8e4-49b6-af06-4984c0d3cf40
Server: Microsoft-IIS/10.0
Content-Length: 185
Connection: keep-alive
c.ewoss.click/out.aspx?u=dd5eadf1-e8e4-49b6-af06-4984c0d3cf40
3.231.69.169200 OK 336 B URL HTTP/1.1 c.ewoss.click/out.aspx?u=dd5eadf1-e8e4-49b6-af06-4984c0d3cf40
IP 3.231.69.169:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (318), with no line terminators
Hash 83d4391b860cec9a0a316ace1b4af413
9f75b36fd00700aa897071c5f6c1a693292f1854
8090e60971618291e837545fd7f6fa2e39113cb065151602fa36bf93f345f605
Analyzer Verdict Alert fortinet Malware
GET /out.aspx?u=dd5eadf1-e8e4-49b6-af06-4984c0d3cf40 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:52 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: ASP.NET_SessionId=2t1kwn0kvhulhavxsbh33vly; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 336
Connection: keep-alive
click-v4.celxkpdir.com/click?i=G4tBnQ5LLH4_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.celxkpdir.com/click?i=G4tBnQ5LLH4_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=G4tBnQ5LLH4_0 HTTP/1.1
Host: click-v4.celxkpdir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c.ewoss.click/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXRoZXJvY2t3ZWxscy5uZXQmYj0wLjAwMDMyJnM9NDg1MjU4JmE9MA2
Pragma: no-cache
c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXRoZXJvY2t3ZWxscy5uZXQmYj0wLjAwMDMyJnM9NDg1MjU4JmE9MA2
3.231.69.169302 Found 185 B URL HTTP/1.1 c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHMxMiZrPXRoZXJvY2t3ZWxscy5uZXQmYj0wLjAwMDMyJnM9NDg1MjU4JmE9MA2
IP 3.231.69.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a715349dda14ea39d1cd0b99f52a7b02
2d52b5de65d5c7b840bb7fc64ae0d15eb61280c0
f73c0790b8690ee3fe96b93ac3b93eb9c8a99ed1aaaca922d96a23847d254d9f
Analyzer Verdict Alert fortinet Malware
GET /go.ashx?w=cD1leHBsb3JhZHMxMiZrPXRoZXJvY2t3ZWxscy5uZXQmYj0wLjAwMDMyJnM9NDg1MjU4JmE9MA2 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.ewoss.click/
Connection: keep-alive
Cookie: ASP.NET_SessionId=2t1kwn0kvhulhavxsbh33vly
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:52 GMT
Location: http://c.ewoss.click/out.aspx?u=a6ab687c-265a-4afd-857b-105eb5226355
Server: Microsoft-IIS/10.0
Content-Length: 185
Connection: keep-alive
c.ewoss.click/out.aspx?u=a6ab687c-265a-4afd-857b-105eb5226355
3.231.69.169200 OK 1.2 kB URL HTTP/1.1 c.ewoss.click/out.aspx?u=a6ab687c-265a-4afd-857b-105eb5226355
IP 3.231.69.169:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2150), with no line terminators
Hash a33958c91a0f2d10a412ff882330b02e
204575d3000715d8a05ddfbbc0aaeac1148dcff6
df2ba53b33940b0702abb5c1acbdc70db31b42a95b7f267a3235ede4ba6a2c62
Analyzer Verdict Alert fortinet Malware
GET /out.aspx?u=a6ab687c-265a-4afd-857b-105eb5226355 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.ewoss.click/
Connection: keep-alive
Cookie: ASP.NET_SessionId=2t1kwn0kvhulhavxsbh33vly
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:53 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Length: 1153
Connection: keep-alive
www.toromclick.com/feed/click/?t1=128&tid=708&uid=15&subid=cb2nk1yvz7o000ifcfie&id=1c0e6c1c0b293e67874a1d088e7b67fb%3Aef96b851810d04bc704e7c64dd9b28a7c714b7b6f095b627a32285872ad24f1c16d13c54a3282b2651f62d2b883cfbde7594b438318b52a3b154c865926757695f9d6ac2f37c0f004f89475cce27808bccd9359b5b41e81242c4d936865e8280e23ce91223bc2d1123d9578925320244cd18edaf68fdc74152441a101e57db46a5bd3d882fe3d46a92c93adbfc35ea746353be5d28459f738e7c90aa4131fc154545257a9b1b9a0f22860f7cad5cc8fec07b65a61a4526e19fef7843c2b3937da31b2cf8294f953cdc6c0b6f2c435389d72818fdece8c13ed87f222b192f58a238871a9bc156a99f0f46cc8e568618fa4e31a73d05a24b0b781d6c78170cf2ae35ad4489a31d539ea96cca84927e1928fd0ca9da110be8cfc24c0d5d99affc9bda2c32098e2ae18b39963f6774b5d2733b488e17b2e691974bf927ee48c6bdc1bba60aabf62433c44a4fbb60a0ad35c0047f0e0485dbf111b5636db637b58f45ba664bbf54bfc50dac0d9aca9f4c96b179071b2432dbf1863932316c208b9e29
142.93.240.225302 Found 322 B URL HTTP/1.1 www.toromclick.com/feed/click/?t1=128&tid=708&uid=15&subid=cb2nk1yvz7o000ifcfie&id=1c0e6c1c0b293e67874a1d088e7b67fb%3Aef96b851810d04bc704e7c64dd9b28a7c714b7b6f095b627a32285872ad24f1c16d13c54a3282b2651f62d2b883cfbde7594b438318b52a3b154c865926757695f9d6ac2f37c0f004f89475cce27808bccd9359b5b41e81242c4d936865e8280e23ce91223bc2d1123d9578925320244cd18edaf68fdc74152441a101e57db46a5bd3d882fe3d46a92c93adbfc35ea746353be5d28459f738e7c90aa4131fc154545257a9b1b9a0f22860f7cad5cc8fec07b65a61a4526e19fef7843c2b3937da31b2cf8294f953cdc6c0b6f2c435389d72818fdece8c13ed87f222b192f58a238871a9bc156a99f0f46cc8e568618fa4e31a73d05a24b0b781d6c78170cf2ae35ad4489a31d539ea96cca84927e1928fd0ca9da110be8cfc24c0d5d99affc9bda2c32098e2ae18b39963f6774b5d2733b488e17b2e691974bf927ee48c6bdc1bba60aabf62433c44a4fbb60a0ad35c0047f0e0485dbf111b5636db637b58f45ba664bbf54bfc50dac0d9aca9f4c96b179071b2432dbf1863932316c208b9e29
IP 142.93.240.225:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (322), with no line terminators
Hash 8feb58843a5934da900e55771e1847c1
f8ed62b9fd3978450b0b369fae85cfd44cad13a8
64c9d55b11e3dc1865623b04af493b298ba6fd5e51fc19cc81de98ec1022797a
GET /feed/click/?t1=128&tid=708&uid=15&subid=cb2nk1yvz7o000ifcfie&id=1c0e6c1c0b293e67874a1d088e7b67fb%3Aef96b851810d04bc704e7c64dd9b28a7c714b7b6f095b627a32285872ad24f1c16d13c54a3282b2651f62d2b883cfbde7594b438318b52a3b154c865926757695f9d6ac2f37c0f004f89475cce27808bccd9359b5b41e81242c4d936865e8280e23ce91223bc2d1123d9578925320244cd18edaf68fdc74152441a101e57db46a5bd3d882fe3d46a92c93adbfc35ea746353be5d28459f738e7c90aa4131fc154545257a9b1b9a0f22860f7cad5cc8fec07b65a61a4526e19fef7843c2b3937da31b2cf8294f953cdc6c0b6f2c435389d72818fdece8c13ed87f222b192f58a238871a9bc156a99f0f46cc8e568618fa4e31a73d05a24b0b781d6c78170cf2ae35ad4489a31d539ea96cca84927e1928fd0ca9da110be8cfc24c0d5d99affc9bda2c32098e2ae18b39963f6774b5d2733b488e17b2e691974bf927ee48c6bdc1bba60aabf62433c44a4fbb60a0ad35c0047f0e0485dbf111b5636db637b58f45ba664bbf54bfc50dac0d9aca9f4c96b179071b2432dbf1863932316c208b9e29 HTTP/1.1
Host: www.toromclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c.ewoss.click/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: http://c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHN0b3Jyb21pMTMmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDA0MiZzPTcwOF9jYjJuazF5dno3bzAwMGlmY2ZpZSZhPTA1
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 322
Date: Fri, 27 Jan 2023 09:05:54 GMT
Connection: keep-alive
Keep-Alive: timeout=5
c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHN0b3Jyb21pMTMmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDA0MiZzPTcwOF9jYjJuazF5dno3bzAwMGlmY2ZpZSZhPTA1
3.231.69.169302 Found 185 B URL HTTP/1.1 c.ewoss.click/go.ashx?w=cD1leHBsb3JhZHN0b3Jyb21pMTMmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDA0MiZzPTcwOF9jYjJuazF5dno3bzAwMGlmY2ZpZSZhPTA1
IP 3.231.69.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 5330c66fb6602fec94fb2e4093a1b166
4a6a2153ccb50f87baee78f083856f978b86837b
ebff4ca6a08fc2ca098ac2e38c077b11a5b68fb72932091abcfa5e9527c26799
Analyzer Verdict Alert fortinet Malware
GET /go.ashx?w=cD1leHBsb3JhZHN0b3Jyb21pMTMmaz10aGVyb2Nrd2VsbHMubmV0JmI9MC4wMDA0MiZzPTcwOF9jYjJuazF5dno3bzAwMGlmY2ZpZSZhPTA1 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.ewoss.click/
Connection: keep-alive
Cookie: ASP.NET_SessionId=2t1kwn0kvhulhavxsbh33vly
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:53 GMT
Location: http://c.ewoss.click/out.aspx?u=c3dbd6c4-9b5a-483e-ab47-5ba84665f9c7
Server: Microsoft-IIS/10.0
Content-Length: 185
Connection: keep-alive
c.ewoss.click/out.aspx?u=c3dbd6c4-9b5a-483e-ab47-5ba84665f9c7
3.231.69.169200 OK 332 B URL HTTP/1.1 c.ewoss.click/out.aspx?u=c3dbd6c4-9b5a-483e-ab47-5ba84665f9c7
IP 3.231.69.169:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (312), with no line terminators
Hash ee88cfff656a3ca66d80d9301d12b00f
354ffa0dd11b123c1f6c829d3ad923d6139cb010
751f1bb905370b5024994514fb60703899bdf5477691b059ebeddc69b3e19b5c
Analyzer Verdict Alert fortinet Malware
GET /out.aspx?u=c3dbd6c4-9b5a-483e-ab47-5ba84665f9c7 HTTP/1.1
Host: c.ewoss.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c.ewoss.click/
Connection: keep-alive
Cookie: ASP.NET_SessionId=2t1kwn0kvhulhavxsbh33vly
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 27 Jan 2023 09:05:53 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Length: 332
Connection: keep-alive
click.plarimocl.com/click?i=IFe4SC60LAk_0
174.137.133.17302 Found 0 B URL HTTP/1.1 click.plarimocl.com/click?i=IFe4SC60LAk_0
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=IFe4SC60LAk_0 HTTP/1.1
Host: click.plarimocl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c.ewoss.click/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXdn3PNbMy_ZGx0-XQURGDbe7MnivRw3TCKd73pnnDH6ohvzYfNFjJsKn06qgcpL4cHa7NstSCA9zdvgEqEwPy0tKvxRhlTspZcZTps4EeX4dsOyE_yhG9DLGVWViaJip_uZm7PaRCb1oum0utXdDv-SK_-k7sbH3GqS3Av56KG1KFSBteYXdKfuDheD38wghBs7eQRD1Lg71I5hJYHAx2q7DvIlvGeZ4CbuDtvFjPBHTasHUUn42ZEqAfAZnR2x-xN-txBhAyyEQG3v-Q6ND5kfc7_KBqKtVe4aQBJxgZqm2F1nTlWaTj4RdNT_yXKO6t4WhnmlkCBJXolMqg2NJ7vBBeOTDDE-64iL-EvVLFOR3dFiM4lfETl50I87RUB6hoDyXJVXRISA4WVg8nu5eB3qBr7V1zgN4wnS0r2rPVFVFbuj9_GMRdH2cXKUVf4pXzxLGq1kQL6q6hstrV5_jdKtC9eAdcrkz9QY2rsbNv6ZblHdfBrdV9wRi26FTvumBWxraACvAOL3x1H0PA2PipRamYfVc8blqBCSUWeOUfAVEbNnQ62kasXR8MxR5MyYXf6VkswjZhMzZdnEAqpSviQLUeYUq7xX5bj9C11-MIijzmbo6Rsqzqjm1pCEEUhrGnfG1o_n7S0ZzFd_o2IdZKQXqjz3DUZJFVwe8alSgdrvVZIz4g8Xrs-Alf0X54-zUx02ux-6-S6qIoqWRJpmTUV8M49lkjEqo-cvEhKMjOMBoRi0R-lFiKL1hs_tg3O5j0VivSmsw2pKEJJ8E_odu9gWlEvSAEF5_vb6vHkxox81xKH-7tWCkoIW4EGo_Rt30eh7hpMjmY6LX-k2zvr25vyQkD7V3CU3nEPWb-yGzNSbGXivjEClTKHdwDUvw6sa_1Pb0QuUMdM6dKqVjjhTRt4tHQJpsyxV7m4MRXfqc9uZLa4fRBFckWAOikJqB5W6FAL90j4MI3tBeZISyGMJqezc1GtGKPhhHPLkCK2ZKwcuEjwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pII0UbIwfoEXVQ05GXnLfepqP1kycox6PJllN_erDfvVJcwapERAxUpDweZAREG_Gjh1AHbP2q2tjRuYEMqpr93O3V_33ofSjbEq_BEcQnTqHuQ0H6I80zSRHY61AC8Ejdtx7Stq4mUM3A8OvbQuNfZcRCV5GojV23gfAjj7CxWBunq3YN_0ZLzePnKL_YRLte9LgBulK8RD9n3PNbMy_ZGBcHnW2pP37KEJwiKuJdU-dpu1ZVrGVaE3QDOn6PxAaE
Pragma: no-cache
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 8b80e7658748fff1e5e0057a59a17c70
400803ffd9a77d82b96a9e1c1aeebedd8545eb9f
34a8f0f6a29cf9281d295aed68fac414a8ea887f9e9826d08e80826f50a017bc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:05:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 07:25:41 GMT
Expires: Thu, 02 Feb 2023 07:25:40 GMT
Etag: "400803ffd9a77d82b96a9e1c1aeebedd8545eb9f"
Cache-Control: max-age=511784,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790054524a581c16-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXdn3PNbMy_ZGx0-XQURGDbe7MnivRw3TCKd73pnnDH6ohvzYfNFjJsKn06qgcpL4cHa7NstSCA9zdvgEqEwPy0tKvxRhlTspZcZTps4EeX4dsOyE_yhG9DLGVWViaJip_uZm7PaRCb1oum0utXdDv-SK_-k7sbH3GqS3Av56KG1KFSBteYXdKfuDheD38wghBs7eQRD1Lg71I5hJYHAx2q7DvIlvGeZ4CbuDtvFjPBHTasHUUn42ZEqAfAZnR2x-xN-txBhAyyEQG3v-Q6ND5kfc7_KBqKtVe4aQBJxgZqm2F1nTlWaTj4RdNT_yXKO6t4WhnmlkCBJXolMqg2NJ7vBBeOTDDE-64iL-EvVLFOR3dFiM4lfETl50I87RUB6hoDyXJVXRISA4WVg8nu5eB3qBr7V1zgN4wnS0r2rPVFVFbuj9_GMRdH2cXKUVf4pXzxLGq1kQL6q6hstrV5_jdKtC9eAdcrkz9QY2rsbNv6ZblHdfBrdV9wRi26FTvumBWxraACvAOL3x1H0PA2PipRamYfVc8blqBCSUWeOUfAVEbNnQ62kasXR8MxR5MyYXf6VkswjZhMzZdnEAqpSviQLUeYUq7xX5bj9C11-MIijzmbo6Rsqzqjm1pCEEUhrGnfG1o_n7S0ZzFd_o2IdZKQXqjz3DUZJFVwe8alSgdrvVZIz4g8Xrs-Alf0X54-zUx02ux-6-S6qIoqWRJpmTUV8M49lkjEqo-cvEhKMjOMBoRi0R-lFiKL1hs_tg3O5j0VivSmsw2pKEJJ8E_odu9gWlEvSAEF5_vb6vHkxox81xKH-7tWCkoIW4EGo_Rt30eh7hpMjmY6LX-k2zvr25vyQkD7V3CU3nEPWb-yGzNSbGXivjEClTKHdwDUvw6sa_1Pb0QuUMdM6dKqVjjhTRt4tHQJpsyxV7m4MRXfqc9uZLa4fRBFckWAOikJqB5W6FAL90j4MI3tBeZISyGMJqezc1GtGKPhhHPLkCK2ZKwcuEjwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pII0UbIwfoEXVQ05GXnLfepqP1kycox6PJllN_erDfvVJcwapERAxUpDweZAREG_Gjh1AHbP2q2tjRuYEMqpr93O3V_33ofSjbEq_BEcQnTqHuQ0H6I80zSRHY61AC8Ejdtx7Stq4mUM3A8OvbQuNfZcRCV5GojV23gfAjj7CxWBunq3YN_0ZLzePnKL_YRLte9LgBulK8RD9n3PNbMy_ZGBcHnW2pP37KEJwiKuJdU-dpu1ZVrGVaE3QDOn6PxAaE
52.116.53.155302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXdn3PNbMy_ZGx0-XQURGDbe7MnivRw3TCKd73pnnDH6ohvzYfNFjJsKn06qgcpL4cHa7NstSCA9zdvgEqEwPy0tKvxRhlTspZcZTps4EeX4dsOyE_yhG9DLGVWViaJip_uZm7PaRCb1oum0utXdDv-SK_-k7sbH3GqS3Av56KG1KFSBteYXdKfuDheD38wghBs7eQRD1Lg71I5hJYHAx2q7DvIlvGeZ4CbuDtvFjPBHTasHUUn42ZEqAfAZnR2x-xN-txBhAyyEQG3v-Q6ND5kfc7_KBqKtVe4aQBJxgZqm2F1nTlWaTj4RdNT_yXKO6t4WhnmlkCBJXolMqg2NJ7vBBeOTDDE-64iL-EvVLFOR3dFiM4lfETl50I87RUB6hoDyXJVXRISA4WVg8nu5eB3qBr7V1zgN4wnS0r2rPVFVFbuj9_GMRdH2cXKUVf4pXzxLGq1kQL6q6hstrV5_jdKtC9eAdcrkz9QY2rsbNv6ZblHdfBrdV9wRi26FTvumBWxraACvAOL3x1H0PA2PipRamYfVc8blqBCSUWeOUfAVEbNnQ62kasXR8MxR5MyYXf6VkswjZhMzZdnEAqpSviQLUeYUq7xX5bj9C11-MIijzmbo6Rsqzqjm1pCEEUhrGnfG1o_n7S0ZzFd_o2IdZKQXqjz3DUZJFVwe8alSgdrvVZIz4g8Xrs-Alf0X54-zUx02ux-6-S6qIoqWRJpmTUV8M49lkjEqo-cvEhKMjOMBoRi0R-lFiKL1hs_tg3O5j0VivSmsw2pKEJJ8E_odu9gWlEvSAEF5_vb6vHkxox81xKH-7tWCkoIW4EGo_Rt30eh7hpMjmY6LX-k2zvr25vyQkD7V3CU3nEPWb-yGzNSbGXivjEClTKHdwDUvw6sa_1Pb0QuUMdM6dKqVjjhTRt4tHQJpsyxV7m4MRXfqc9uZLa4fRBFckWAOikJqB5W6FAL90j4MI3tBeZISyGMJqezc1GtGKPhhHPLkCK2ZKwcuEjwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pII0UbIwfoEXVQ05GXnLfepqP1kycox6PJllN_erDfvVJcwapERAxUpDweZAREG_Gjh1AHbP2q2tjRuYEMqpr93O3V_33ofSjbEq_BEcQnTqHuQ0H6I80zSRHY61AC8Ejdtx7Stq4mUM3A8OvbQuNfZcRCV5GojV23gfAjj7CxWBunq3YN_0ZLzePnKL_YRLte9LgBulK8RD9n3PNbMy_ZGBcHnW2pP37KEJwiKuJdU-dpu1ZVrGVaE3QDOn6PxAaE
IP 52.116.53.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXdn3PNbMy_ZGx0-XQURGDbe7MnivRw3TCKd73pnnDH6ohvzYfNFjJsKn06qgcpL4cHa7NstSCA9zdvgEqEwPy0tKvxRhlTspZcZTps4EeX4dsOyE_yhG9DLGVWViaJip_uZm7PaRCb1oum0utXdDv-SK_-k7sbH3GqS3Av56KG1KFSBteYXdKfuDheD38wghBs7eQRD1Lg71I5hJYHAx2q7DvIlvGeZ4CbuDtvFjPBHTasHUUn42ZEqAfAZnR2x-xN-txBhAyyEQG3v-Q6ND5kfc7_KBqKtVe4aQBJxgZqm2F1nTlWaTj4RdNT_yXKO6t4WhnmlkCBJXolMqg2NJ7vBBeOTDDE-64iL-EvVLFOR3dFiM4lfETl50I87RUB6hoDyXJVXRISA4WVg8nu5eB3qBr7V1zgN4wnS0r2rPVFVFbuj9_GMRdH2cXKUVf4pXzxLGq1kQL6q6hstrV5_jdKtC9eAdcrkz9QY2rsbNv6ZblHdfBrdV9wRi26FTvumBWxraACvAOL3x1H0PA2PipRamYfVc8blqBCSUWeOUfAVEbNnQ62kasXR8MxR5MyYXf6VkswjZhMzZdnEAqpSviQLUeYUq7xX5bj9C11-MIijzmbo6Rsqzqjm1pCEEUhrGnfG1o_n7S0ZzFd_o2IdZKQXqjz3DUZJFVwe8alSgdrvVZIz4g8Xrs-Alf0X54-zUx02ux-6-S6qIoqWRJpmTUV8M49lkjEqo-cvEhKMjOMBoRi0R-lFiKL1hs_tg3O5j0VivSmsw2pKEJJ8E_odu9gWlEvSAEF5_vb6vHkxox81xKH-7tWCkoIW4EGo_Rt30eh7hpMjmY6LX-k2zvr25vyQkD7V3CU3nEPWb-yGzNSbGXivjEClTKHdwDUvw6sa_1Pb0QuUMdM6dKqVjjhTRt4tHQJpsyxV7m4MRXfqc9uZLa4fRBFckWAOikJqB5W6FAL90j4MI3tBeZISyGMJqezc1GtGKPhhHPLkCK2ZKwcuEjwWRqw0hRPuqdSD7wWOz07EqwSc6YFL5yA0uQ-uN-pII0UbIwfoEXVQ05GXnLfepqP1kycox6PJllN_erDfvVJcwapERAxUpDweZAREG_Gjh1AHbP2q2tjRuYEMqpr93O3V_33ofSjbEq_BEcQnTqHuQ0H6I80zSRHY61AC8Ejdtx7Stq4mUM3A8OvbQuNfZcRCV5GojV23gfAjj7CxWBunq3YN_0ZLzePnKL_YRLte9LgBulK8RD9n3PNbMy_ZGBcHnW2pP37KEJwiKuJdU-dpu1ZVrGVaE3QDOn6PxAaE HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c.ewoss.click/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 27 Jan 2023 09:05:55 GMT
content-length: 0
set-cookie: rhid=82778083719; Max-Age=15552000; Expires=Wed, 26-Jul-2023 09:05:55 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p443667.mybettermb.com/adServe/adClick?ai=R5PVtLqh-s6Bh-qFY4VAzHGlwz3aY7wkqP1kycox6PKnbw0QMUMX2Jr998E7Nb7OJAWsi3nUix9TQQmg0D7po51LGVWYVlTzSd9JjQ6wquBD-IoRiWjmF8Q0k6MU4dnncRCV5GojV23gfAjj7CxWBvr4nvPsKvQNf6gmL4f0BkMZ2PCWmMOyGdjTWbJaUgnYF_i0E-umY0zVCW9UoLTzK2_T5x_FGAdpIKKNlj9I1Bp0zkQJR4Qsl-RCaNkT3qyOnwM9sZtI20k3QkkpNB0KG6OIZhD5UZ8zUEpDz_87JciBp9n2wO8e3QXL0tt9b_p24Wg6c98G2nieKTEQPOdaBRbRh5WhN0Axej_wmAiUbeoWBGu3Yx722BuDuuXb5Ty3O0-YkgmOMW7DBVmA89PHRw&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOLSc4DY-u0GE_lt05VzTZQkArApb8-oHnCfo5gcgmNbAuCizbMyyRe1wmRgmICGpspYjXtr3X3Jw&si=1&oref=e43e70f86e71e2120e00f2cf4ec2398a&optunit=mv33wTs1vs4b3EKa7k5UAQ&rb=YzywFXKcNjA&rr=0&abtg=0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9b9aa530a6baf7d94d35e1943c068cfb
b4cbf7edb871a6ee26111f287d073708c4b8e49a
6d3f14484684ffd8f4c6f1698aca1b4b51d437e7e0843b223191c083e6ec8ba0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=168186
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:56 GMT
Etag: "63d381ee-117"
Expires: Sun, 29 Jan 2023 07:49:02 GMT
Last-Modified: Fri, 27 Jan 2023 07:49:02 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9b9aa530a6baf7d94d35e1943c068cfb
b4cbf7edb871a6ee26111f287d073708c4b8e49a
6d3f14484684ffd8f4c6f1698aca1b4b51d437e7e0843b223191c083e6ec8ba0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=168186
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:56 GMT
Etag: "63d381ee-117"
Expires: Sun, 29 Jan 2023 07:49:02 GMT
Last-Modified: Fri, 27 Jan 2023 07:49:02 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e797965a55e9667dae8cdf33b8fa187b
6e9b72035530be6e5131844cbd743c2a6329c45f
fd574bd9694a2ffccd455286358bf9fb7988d9c1341d52a194c7a9c91d2962f8
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1607
Cache-Control: max-age=118292
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:57 GMT
Etag: "63d2b8c2-1d7"
Expires: Sat, 28 Jan 2023 17:57:29 GMT
Last-Modified: Thu, 26 Jan 2023 17:30:42 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
no-go.kelkoogroup.net/sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no
95.211.116.26200 OK 32 kB URL HTTP/1.1 no-go.kelkoogroup.net/sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12878)
Hash 3a0ca4fc366488e4c4046110975b219d
076ad708424529e204ffd788e93d5219b681155c
f9479b78550b717280619f14bb5d11eef76f457e5b2d423fb16488d794d30f6a
GET /sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.qowid.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674810357092_296330
clickId: 107698154_1674810357086_1113116
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=bOTCoZWTVJvE4IG_7PEcAhUat-fruTFw2sU0_wtBsXzFGU_jTUgkY1OUvDDOOpZDolIPIAuuplXqPmspsQqXOBjQV4wMY7hZAxHUe77Ov9QD_DbbhsBhZNCPVKUOKTK; Max-Age=31536000; Expires=Sat, 27 Jan 2024 09:05:57 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
kelkooID=a4c629a-185f279f55e-4097c; Max-Age=31536000; Expires=Sat, 27 Jan 2024 09:05:57 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
X-DataDome: protected
Request-Time: PT0.017018S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Fri, 27 Jan 2023 09:05:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 31983
curvyalpaca.cc/click?a=Csxn&e=gAAAAABj05Pv_zsEmU6Xup10jXqASMUDzgZ3NbeMAWQnavMh-VTTQ5Sv6DOAI2TNscA6r783pzYSAOQjsBryVIybyAg9xT0PjyOrjvCKYsWJBwj_4z6gbL-dyV5eYlJpqbXbvExTTQgvUI9vXusyHepqdxy2lKlyIfXHbtiI4O-tHa1stz5EAKG3vASZwrUw2YzJRV4PA6dE4oEVb-gU95SVl-lCEIIlsbeTsmhVhZiqgrRPRcTuhgN19sXCS0CcjAkZ3JoHRvUVP1vB5BK2-yyvVM5YFU9Ebe3fo2eP5LzYPByu86lTnP3UNuqDtAX0w0eCg8jV7qyFLJQqAOiUDHY9jD2PZpg396NcJ04LLZipomIXuGUnBHK9EYM4KKjJ2H1x2NxY033p
157.90.88.167200 OK 756 B URL HTTP/2 curvyalpaca.cc/click?a=Csxn&e=gAAAAABj05Pv_zsEmU6Xup10jXqASMUDzgZ3NbeMAWQnavMh-VTTQ5Sv6DOAI2TNscA6r783pzYSAOQjsBryVIybyAg9xT0PjyOrjvCKYsWJBwj_4z6gbL-dyV5eYlJpqbXbvExTTQgvUI9vXusyHepqdxy2lKlyIfXHbtiI4O-tHa1stz5EAKG3vASZwrUw2YzJRV4PA6dE4oEVb-gU95SVl-lCEIIlsbeTsmhVhZiqgrRPRcTuhgN19sXCS0CcjAkZ3JoHRvUVP1vB5BK2-yyvVM5YFU9Ebe3fo2eP5LzYPByu86lTnP3UNuqDtAX0w0eCg8jV7qyFLJQqAOiUDHY9jD2PZpg396NcJ04LLZipomIXuGUnBHK9EYM4KKjJ2H1x2NxY033p
IP 157.90.88.167:0
ASN #24940 Hetzner Online GmbH
Hash b4da13f2df15fc7a22aaf8dbc6384804
0353485d8e7ac2a246a5a6cf34bd24cf8bc06c2d
e8d1d7de2d0fcd755167d77d3b1cc9ad8c4abda8314c046f03ef230ede577d24
GET /click?a=Csxn&e=gAAAAABj05Pv_zsEmU6Xup10jXqASMUDzgZ3NbeMAWQnavMh-VTTQ5Sv6DOAI2TNscA6r783pzYSAOQjsBryVIybyAg9xT0PjyOrjvCKYsWJBwj_4z6gbL-dyV5eYlJpqbXbvExTTQgvUI9vXusyHepqdxy2lKlyIfXHbtiI4O-tHa1stz5EAKG3vASZwrUw2YzJRV4PA6dE4oEVb-gU95SVl-lCEIIlsbeTsmhVhZiqgrRPRcTuhgN19sXCS0CcjAkZ3JoHRvUVP1vB5BK2-yyvVM5YFU9Ebe3fo2eP5LzYPByu86lTnP3UNuqDtAX0w0eCg8jV7qyFLJQqAOiUDHY9jD2PZpg396NcJ04LLZipomIXuGUnBHK9EYM4KKjJ2H1x2NxY033p HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.1
date: Fri, 27 Jan 2023 09:05:51 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4
95.211.116.26200 OK 0 B URL HTTP/1.1 no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4 HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no
Content-Type: text/plain;charset=utf-8
Content-Length: 532
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Cookie: datadome=bOTCoZWTVJvE4IG_7PEcAhUat-fruTFw2sU0_wtBsXzFGU_jTUgkY1OUvDDOOpZDolIPIAuuplXqPmspsQqXOBjQV4wMY7hZAxHUe77Ov9QD_DbbhsBhZNCPVKUOKTK; kelkooID=a4c629a-185f279f55e-4097c; _ga=GA1.2.1433425243.1674810357; _gid=GA1.2.594704491.1674810357
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674810357092_296330
clickId: 107698154_1674810357086_1113116
country: no
Request-Time: PT0.002796S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Fri, 27 Jan 2023 09:05:57 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
no-go.kelkoogroup.net/favicon.ico
95.211.116.26404 Not Found 1.1 kB URL HTTP/1.1 no-go.kelkoogroup.net/favicon.ico
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8560de521c4990c7c870121fc9643508
0cacf7a6b96cceeb6ceae74d5f14dc87406a6f39
73a434285c3a752bc8c44aebd50e10f1a766853cbc7184e78d5c934c7b52b620
GET /favicon.ico HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no
Connection: keep-alive
Cookie: datadome=bOTCoZWTVJvE4IG_7PEcAhUat-fruTFw2sU0_wtBsXzFGU_jTUgkY1OUvDDOOpZDolIPIAuuplXqPmspsQqXOBjQV4wMY7hZAxHUe77Ov9QD_DbbhsBhZNCPVKUOKTK; kelkooID=a4c629a-185f279f55e-4097c; _ga=GA1.2.1433425243.1674810357; _gid=GA1.2.594704491.1674810357
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Request-Time: PT0.000287S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Fri, 27 Jan 2023 09:05:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1144
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4&url=https%3A%2F%2Fwww.sportsnett.no%2Ficebreaker-18-ws-siren-bra-p4417%2Fib547-flash-l-v82112%3Fkk%3Da4c629a-185f279f55e-4097c%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DIcebreaker%2BWs%2BSiren%2BBra%2BIb%252FFlash%2BL&initiator=timeout
95.211.116.26303 See Other 0 B URL HTTP/1.1 no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4&url=https%3A%2F%2Fwww.sportsnett.no%2Ficebreaker-18-ws-siren-bra-p4417%2Fib547-flash-l-v82112%3Fkk%3Da4c629a-185f279f55e-4097c%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DIcebreaker%2BWs%2BSiren%2BBra%2BIb%252FFlash%2BL&initiator=timeout
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff4373c3426ff26b769bb6ad6e794e7d2d79957854c39c2659dd3eb183882003f33bcb08f187c9c1498eee8f7332c889309e7d8a1249a0c214d065456301209a0d6d08d35cbbc6a4a18ec12a78dfa61557357c749b5248e23f8346da9443b40e0fd99a827e72cb294f5883e3f147b9bf16699e5cdf9427a0c7bbd441c716232a7b40a0fbf5f0343207b1868748bc2413014019be0c9e9f6eb47f460b7b40cc16356645a1927583ab3fcc1e93fe804f5f5123f9d93079df05c45be7aed7bf6df1d6b323c51bc7414a9cb09dfe8a75dd283636829aaa2056ffe8a448c39e00557a68340774d5c9c808443c27460a427fc3f7bf695205f21d1624e530b19eb6348a3bbb60f2daf10511dfe1c1bd4711db753df3d9b379e91a040d20b0d3884b20c9e1b4d04d2e2e64b2afe7efebef75957d5398977412771e22a4580b2dd377458ad4cc50b23dda0fd6964c53cad37d70dcf0ed026e189ee18f3486a66ff22cd23a208718cb07ddee6f04f5ab37f0a660a18012e0b812c944d3196e5cb2ecf2e26870185c21602d830226d58e9c9a2a3e007608a0456528a9dcc21c4&url=https%3A%2F%2Fwww.sportsnett.no%2Ficebreaker-18-ws-siren-bra-p4417%2Fib547-flash-l-v82112%3Fkk%3Da4c629a-185f279f55e-4097c%26utm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DIcebreaker%2BWs%2BSiren%2BBra%2BIb%252FFlash%2BL&initiator=timeout HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/sitesearchGo?.ts=1674796594438&.sig=yTDqaWxclXzTvVmtAkrRlimOUos-&affiliationId=96963787&comId=100543661&country=no&offerId=15dac2f8095b9e25e01bbd8cfcc104d1&searchId=1076100351562435_1674796594078_29464857&service=36&tokenId=c7178d96-9dcc-49f8-b325-9203ae266b97&custom1=89956865387&custom2=003--444888985--Desktop--Windows%2010--Firefox%20105&custom3=NO-V1-CD-Mer--100543661--Sportsnettno-S2--www.sportsnett.no
Connection: keep-alive
Cookie: datadome=bOTCoZWTVJvE4IG_7PEcAhUat-fruTFw2sU0_wtBsXzFGU_jTUgkY1OUvDDOOpZDolIPIAuuplXqPmspsQqXOBjQV4wMY7hZAxHUe77Ov9QD_DbbhsBhZNCPVKUOKTK; kelkooID=a4c629a-185f279f55e-4097c; _ga=GA1.2.1433425243.1674810357; _gid=GA1.2.594704491.1674810357
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 303 See Other
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674810357092_296330
clickId: 107698154_1674810357086_1113116
country: no
Location: https://www.sportsnett.no/icebreaker-18-ws-siren-bra-p4417/ib547-flash-l-v82112?kk=a4c629a-185f279f55e-4097c&utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Icebreaker+Ws+Siren+Bra+Ib%2FFlash+L
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=3geF_Iq-9XZLVSE5gQmJgLoO~WNQDEGrIb7p5OOuOwiUNdE2eoKNxj-FT8BExwliVdQL-Ax0OL1fa8BX4c-aj_IUPP6eYIk6FFKh_s1uuWLz0JpFA3mOz_UM7ZERrG1D; Max-Age=31536000; Expires=Sat, 27 Jan 2024 09:05:57 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.013297S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Fri, 27 Jan 2023 09:05:57 GMT
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b8ef035fa60d3d1f539704ddb64cdfc1
bc693b01d35cf54de5bcac77a3bc17626824bde1
0d3df009cd6503573bb202b41e7cfbe0857701b14d8e0fc96933123e6a226b08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:05:57 GMT
Server: ECS (amb/6BA0)
Content-Length: 278
p443667.mybettermb.com/adServe/adClick?ai=R5PVtLqh-s6Bh-qFY4VAzHGlwz3aY7wkqP1kycox6PKnbw0QMUMX2Jr998E7Nb7OJAWsi3nUix9TQQmg0D7po51LGVWYVlTzSd9JjQ6wquBD-IoRiWjmF8Q0k6MU4dnncRCV5GojV23gfAjj7CxWBvr4nvPsKvQNf6gmL4f0BkMZ2PCWmMOyGdjTWbJaUgnYF_i0E-umY0zVCW9UoLTzK2_T5x_FGAdpIKKNlj9I1Bp0zkQJR4Qsl-RCaNkT3qyOnwM9sZtI20k3QkkpNB0KG6OIZhD5UZ8zUEpDz_87JciBp9n2wO8e3QXL0tt9b_p24Wg6c98G2nieKTEQPOdaBRbRh5WhN0Axej_wmAiUbeoWBGu3Yx722BuDuuXb5Ty3O0-YkgmOMW7DBVmA89PHRw&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOLSc4DY-u0GE_lt05VzTZQkArApb8-oHnCfo5gcgmNbAuCizbMyyRe1wmRgmICGpspYjXtr3X3Jw&si=1&oref=e43e70f86e71e2120e00f2cf4ec2398a&optunit=mv33wTs1vs4b3EKa7k5UAQ&rb=YzywFXKcNjA&rr=0&abtg=0
52.116.53.155200 OK 0 B URL HTTP/2 p443667.mybettermb.com/adServe/adClick?ai=R5PVtLqh-s6Bh-qFY4VAzHGlwz3aY7wkqP1kycox6PKnbw0QMUMX2Jr998E7Nb7OJAWsi3nUix9TQQmg0D7po51LGVWYVlTzSd9JjQ6wquBD-IoRiWjmF8Q0k6MU4dnncRCV5GojV23gfAjj7CxWBvr4nvPsKvQNf6gmL4f0BkMZ2PCWmMOyGdjTWbJaUgnYF_i0E-umY0zVCW9UoLTzK2_T5x_FGAdpIKKNlj9I1Bp0zkQJR4Qsl-RCaNkT3qyOnwM9sZtI20k3QkkpNB0KG6OIZhD5UZ8zUEpDz_87JciBp9n2wO8e3QXL0tt9b_p24Wg6c98G2nieKTEQPOdaBRbRh5WhN0Axej_wmAiUbeoWBGu3Yx722BuDuuXb5Ty3O0-YkgmOMW7DBVmA89PHRw&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOLSc4DY-u0GE_lt05VzTZQkArApb8-oHnCfo5gcgmNbAuCizbMyyRe1wmRgmICGpspYjXtr3X3Jw&si=1&oref=e43e70f86e71e2120e00f2cf4ec2398a&optunit=mv33wTs1vs4b3EKa7k5UAQ&rb=YzywFXKcNjA&rr=0&abtg=0
IP 52.116.53.155:0
GET /adServe/adClick?ai=R5PVtLqh-s6Bh-qFY4VAzHGlwz3aY7wkqP1kycox6PKnbw0QMUMX2Jr998E7Nb7OJAWsi3nUix9TQQmg0D7po51LGVWYVlTzSd9JjQ6wquBD-IoRiWjmF8Q0k6MU4dnncRCV5GojV23gfAjj7CxWBvr4nvPsKvQNf6gmL4f0BkMZ2PCWmMOyGdjTWbJaUgnYF_i0E-umY0zVCW9UoLTzK2_T5x_FGAdpIKKNlj9I1Bp0zkQJR4Qsl-RCaNkT3qyOnwM9sZtI20k3QkkpNB0KG6OIZhD5UZ8zUEpDz_87JciBp9n2wO8e3QXL0tt9b_p24Wg6c98G2nieKTEQPOdaBRbRh5WhN0Axej_wmAiUbeoWBGu3Yx722BuDuuXb5Ty3O0-YkgmOMW7DBVmA89PHRw&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukOLSc4DY-u0GE_lt05VzTZQkArApb8-oHnCfo5gcgmNbAuCizbMyyRe1wmRgmICGpspYjXtr3X3Jw&si=1&oref=e43e70f86e71e2120e00f2cf4ec2398a&optunit=mv33wTs1vs4b3EKa7k5UAQ&rb=YzywFXKcNjA&rr=0&abtg=0 HTTP/1.1
Host: p443667.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c.ewoss.click/
Connection: keep-alive
Cookie: rhid=82778083719
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 09:05:55 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82778083719; Max-Age=15552000; Expires=Wed, 26-Jul-2023 09:05:55 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_1412785_off_855831_aff_88656_cid_443667-515433_ts_1674810355; Max-Age=3600; Expires=Fri, 27-Jan-2023 10:05:55 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
IP 104.21.54.194:0
GET /serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 27 Jan 2023 09:05:49 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h44RSNltOLLPAIFc6RanX%2BhB7QHLaBAiH4YAeXpiVEUP9Fv4O4ujt%2BBaZhy%2BrmDz5pilzjV3UC31UY0dF6nFkxIfjmyorXMhraY6v2KMH7RFn1c9IWTOgg%2Fxs5%2BNg9M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7900542b7806b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2