4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2 HTTP/1.1
Host: 4.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
firefox.settings.services.mozilla.com/v1/
18.244.155.19200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.244.155.19:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 19:26:25 GMT
Expires: Sat, 22 Oct 2022 19:35:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d387fec28536c5aa92926c56363afe9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: rd9oudyyq4cpR_Es40SE4rH-enCDL6CfKkY5aXaXWl8O7a0oKn5yfQ==
Age: 98
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4478
Expires: Sat, 22 Oct 2022 20:42:41 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4465
Expires: Sat, 22 Oct 2022 20:42:28 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sjdPZH/yDs2NzjfjyAbqTsSdSD4rTuzE1S5j2Uwu/tVKQQIDCTOEZT33QjGGST++kjjhUSTPHoE=
x-amz-request-id: YSTCR1H7CHWVE4G7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 19:07:45 GMT
age: 1218
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 19:28:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 821a2aaf269fb60cc0ba7bd73b847bed
3cf230af5872187e640080ab3f775bd01e90f86c
92913e6c6869dcea6413d0891236fcbad037740351cc219a5ec2e136bc11f675
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92913E6C6869DCEA6413D0891236FCBAD037740351CC219A5EC2E136BC11F675"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7724
Expires: Sat, 22 Oct 2022 21:36:48 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive
redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
198.211.113.186302 Found 230 B URL HTTP/1.1 redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 7ef6d31c814979bd842f5e6f09cfb7bd
4f9fa32f92cbc28d74e40dad8f216379df418ce6
96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525
GET /click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2 HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive
Keep-Alive: timeout=5
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eb46c47c60b7cc0b75168df2e3d8af7d
d2392917947e2938760be8483708316e52a0f365
5d22175d1d81bd30615dbf4da199a31a1d0920fc88437d7accf68285ab160ce4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15102
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
51.83.143.92302 Found 0 B URL HTTP/1.1 leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.244.155.19200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.244.155.19:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 19:03:50 GMT
Expires: Sat, 22 Oct 2022 19:10:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 597c788e23cf83427002ab097f30f484.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: k2v4Pv1otFKET07sTuPyjh3CRkA57h-aO5W6ECALm04ybNNbxoZuRA==
Age: 1454
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1019
Cache-Control: max-age=132940
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:04 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 08:23:44 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c45356d9dd692ff7963d0de8a3e71f7
c3aa5157e23881cac6660e205540ee16b27b0380
78a2aac75f89eff3a845c58ce19360b72f642c65566b1726b34ea11316f94d94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78A2AAC75F89EFF3A845C58CE19360B72F642C65566B1726B34EA11316F94D94"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Sun, 23 Oct 2022 01:27:30 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: t/AY6Mn6Ew0bTDYFXaWC7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fc61hTbdAkC9b0o0lMItTk48vzw=
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888
5.161.78.177307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Sat, 22 Oct 2022 19:28:05 GMT
content-type: text/html
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:05 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eb46c47c60b7cc0b75168df2e3d8af7d
d2392917947e2938760be8483708316e52a0f365
5d22175d1d81bd30615dbf4da199a31a1d0920fc88437d7accf68285ab160ce4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15101
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
51.83.143.92302 Found 0 B URL HTTP/1.1 cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12auco2bgv
Raund: 2h2
Location: https://4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 874e376ef6cbf9f489d32bb36c830e52
c58fb633459f4aa96838edba357f308e81a12be2
fc725643ab4c70a0ae37820770d052e62720dc461f85e4df516424a8f59e9828
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC725643AB4C70A0AE37820770D052E62720DC461F85E4DF516424A8F59E9828"
Last-Modified: Sat, 22 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 23 Oct 2022 01:28:05 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 76929
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bd5e942443ffd011faf10dc88d92081
beff4ae9e24599addce8a961c955788045c56645
2c59d984971e73d497975032c23700b5602fccf403f4683a8047f5f42d4e261f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: 081470ca-0107-4052-be55-9c713105bb27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUr-TEKPoAMFZfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c05b-17199f8c0fc0fb7443a902f1;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:40:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: h8elwC37DfS3PoG9NuRyfp-bqOoLi9KWeSWvwuY4mFMGG4HHC3jZAg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:39:23 GMT
age: 74923
etag: "beff4ae9e24599addce8a961c955788045c56645"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qZ8wiQp_Cnx6_fT-TrOCKmkrcpYHyhByOvYpgE9XWkA0VUGxjs6cSw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:06 GMT
age: 76920
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cdaacab30d73a7d05180cc16f4a96a3f
6cc0e39e0decbc20c765f171f63affd85fc9e6da
f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 76584
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26c47e4b0147f8dee3e71a53a8f2830c
381edb4758da428db5ffe884f8fb38bf11044f69
b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JOZwwfasalOC-qk9FERBCqhR9jOp1svTRJxaA40zR6p6yta1_W1dVA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:07 GMT
age: 76919
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 77134
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd
23.235.251.114301 Moved Permanently 0 B URL HTTP/1.1 4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd
IP 23.235.251.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd HTTP/1.1
Host: 4.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
198.211.113.186302 Found 230 B URL HTTP/1.1 redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
IP 198.211.113.186:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 7ef6d31c814979bd842f5e6f09cfb7bd
4f9fa32f92cbc28d74e40dad8f216379df418ce6
96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525
GET /click/invalid/?tid=4&subid=4.no HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
51.83.143.92302 Found 0 B URL HTTP/1.1 leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888
5.161.78.177307 Temporary Redirect 164 B URL HTTP/2 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 307 Temporary Redirect
date: Sat, 22 Oct 2022 19:28:06 GMT
content-type: text/html
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:06 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
51.83.143.92302 Found 0 B URL HTTP/1.1 cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2h2
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
51.83.143.92200 OK 493 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (541)
Hash 7f3a30b3c34b18e9f53fd57919beae4e
fd9f4426e014ade094dc9183c44e4f0b358d9ba2
387eacc7c503d85fe16b7867ed9415ab34100446b1d9886627fdfc3a1d754b53
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646; expires=Tue, 25-Oct-2022 19:28:07 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 10ut8eivbv
Raund: 2fx
Location: https://popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 27eaa9c8b42b2432332a025a7547a13c
23c9e67396bba1e8511cbc72e3e160382dc0513b
bbda3fed6016ddf6dfba8882c8c41cabe3bafc81c51d3bcb26d89d56bbd7a173
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
samba.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 samba.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 27eaa9c8b42b2432332a025a7547a13c
23c9e67396bba1e8511cbc72e3e160382dc0513b
bbda3fed6016ddf6dfba8882c8c41cabe3bafc81c51d3bcb26d89d56bbd7a173
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
popcash.net/world/go/142/26196/
104.21.52.38301 Moved Permanently 162 B URL HTTP/1.1 popcash.net/world/go/142/26196/
IP 104.21.52.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/142/26196/ HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 19:28:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://ps.popcash.net/go/142/26196/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEtiWMnFPNjjV7rfbbQVpMMt1BcijM6Upt8fyA2vInAlRor1kY73dmtwifrxmizKylRvC5Z9LAdCU6ubEcfcIzm57TrWmPBsxVGaVJG4npBMb5osGmiDSiNMjrdO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75e4a26399a70b49-OSL
alt-svc: h2=":443"; ma=60
ps.popcash.net/go/142/26196/
44.207.60.131200 OK 2.7 kB URL HTTP/1.1 ps.popcash.net/go/142/26196/
IP 44.207.60.131:0
Hash c521503aff77431258b876fa71b654a7
a20c8c6108365788ff2369defc56dbaee2b85383
96db1a8450b62d52b577e016fdc3ac900b26ab176675d56439ba2deeb6d89fe0
GET /go/142/26196/ HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Sat, 22 Oct 2022 19:28:08 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 269
Connection: keep-alive
ps.popcash.net/ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0
44.207.60.131303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0
IP 44.207.60.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sat, 22 Oct 2022 19:28:08 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 9f965560787f4b0cb241741eef43bcab
eb9ede8af7ee0c2b60e737be4673da03daf093c4
24a073d640735a7e024c5e29f06a034c520d01fe7125704d8c084c416e6144ef
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 02:30:53 GMT
Expires: Thu, 27 Oct 2022 02:30:52 GMT
Etag: "eb9ede8af7ee0c2b60e737be4673da03daf093c4"
Cache-Control: max-age=370362,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a2685d99b50c-OSL
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
168.119.142.247302 Found 525 B URL HTTP/2 adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP 168.119.142.247:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (523)
Hash a8af9d814bd31055cee74756240aa893
fa2d96e0ec7b29cb46a7b9ad1b49b838b6e15216
ddba177f8848546c88b7feabd047cc63c003951e5fd1caf3b87acaa348505289
GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
content-length: 525
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 03311749c76d3cbd4e7acc52235ef69f
7f03f5ccd93a7231fb4a238c8e2db1a4e332092a
b6828bcc9337c56a8e5524a7d608280a11eecd6f651684c83c37539e17714280
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 02:40:44 GMT
Expires: Sat, 29 Oct 2022 02:40:43 GMT
Etag: "7f03f5ccd93a7231fb4a238c8e2db1a4e332092a"
Cache-Control: max-age=543753,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a26b5937b50c-OSL
curvyalpaca.cc/sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0
168.119.67.98302 Found 107 B URL HTTP/2 curvyalpaca.cc/sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0
IP 168.119.67.98:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash d44e45baa8d9415729829cef6a797c89
bda389c24aa6fba1bf13272cacea465ffd75302d
c4670d6167d521e641c75c76883d4d48208e9419e51bb5d041ad88de131d1f73
GET /sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0 HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
content-length: 107
location: http://tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
136.243.46.156302 Found 0 B URL HTTP/1.1 tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
IP 136.243.46.156:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=2ZdR79kmPNE-nlZkVCcbAL_I-O8-c_NoX9SIYoiyiGifV7Ks8t0hKKVhh9oEH6TbMTc-axSYtt8ga7MsTi1UvLyXkyjLN5Fb1wD0mAVVwUnJ7vEw1lRuiDe2VmcInn4FKZLtte77XGihlU5aORIDGc6DKftaUfjkKq7_ayDe8cz-mCqzP_YyAZVSvVXGC8DoNEGZAmGpXVm0xt9VAXehQxmb3VJr0hE-0OtFgzlDGLPh5jz_kT58PGCWqMyHm9iX9PwqSkP1MvqflTgXaxzbxWWWW3DDqVl1XnU0rOMi-UwXUhR_UNK7ol2-47luafCR8rGMvY9kybKHkbcHFKS2q_PVPSiSR-Jrq_RexrWI7InIy5h9aSsy98qn4HG3cvjcQchrpyv-mo4BYaHHkdpV2TdkhdJiPrBeuAF4SWJq3l7t15B8TMI6mKMF06H2ai_B9k5FKP1jsvMrhMb-EvUSr6ONM9B_EV_1hf5GtCULB4DlOpM9g7AUtijz68FBvbLtyVY4B0A_OK_EjgZNH8IXjN02imGGU0ODyYYUyVqfIRzw07M5JolKuAvjsDE_4hHVRawCF3Fygp_P0NJULxbVTRvF5J8_dMu2E_UPoZCgt8hT7k8WsDAiUShNCBoW3SrfCmsvui_8MoJUD6YgDoTyVjVu_JWdqFynTs6_ETB3PhCk1tBuHmZlsizKa_rqjGxOOLHEPCmxzGdWTRLxUypxR0TltYVMaeYrvIh5gwIUrTA
X-Request-Id: 3e87dabe443c1849
Set-Cookie: ts_uid=d6afbbef-643c-4cec-bc55-39b956f2dc5d; expires=Sat, 22 Apr 2023 19:28:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1b54ab427690eb9b6b90fd2a3c86699d
a89964a15b549e28931afb7efd612e1eb5156756
bb9f61cea9199450d013e827be1344a3e2c509070e8772350235aea78225dff3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 00:04:36 GMT
Expires: Thu, 27 Oct 2022 00:04:35 GMT
Etag: "a89964a15b549e28931afb7efd612e1eb5156756"
Cache-Control: max-age=361584,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a27138c7b50c-OSL
curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
168.119.67.98200 OK 737 B URL HTTP/2 curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
IP 168.119.67.98:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccc6de65807bf51dba55ce38814a798e
0cb287b7e7f436284c7717cc37e3ae50f42192eb
314ed4fb73feb6d76731ad099fcc9fff15c8231e92efc340ea63d380f485a1a3
GET /click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
23.36.79.25301 Moved Permanently 0 B URL HTTP/2 promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 22 Oct 2022 19:28:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 22 Oct 2022 19:28:11 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a176996%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666466890999)%5c%2f%22%2c%22CookieTag%22%3a%221971176996451240919C202210221928%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22850365971%7c1%22%7d%5d; domain=.20bet.partners; expires=Mon, 22-Oct-3021 19:28:11 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=48, origin; dur=105
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b00d300d60c8b5291f896f81e1134f74
b9f976488eac0c93a8dc951b1fc2d5e8a77d4d62
0de6df62a35ef27f209b06a8e2e00c1da4853c299157214ef680a8afb0609b79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=153123
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:11 GMT
Etag: "6353f4d6-118"
Expires: Mon, 24 Oct 2022 14:00:14 GMT
Last-Modified: Sat, 22 Oct 2022 13:49:10 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf066da931e8afb225477ca177e7360c
6d6b4fb50b6613bd1dcc81206e5b013d67dfb05c
221ea2ee70284f7fa459ab62a1a5fae1eea58b6f05aebf694ee24fe9bb961d2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5912
Cache-Control: max-age=91396
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:12 GMT
Etag: "6352ef38-1d7"
Expires: Sun, 23 Oct 2022 20:51:28 GMT
Last-Modified: Fri, 21 Oct 2022 19:12:56 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
185.151.204.12302 Found 295 B URL HTTP/1.1 app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
IP 185.151.204.12:0
File type HTML document, ASCII text
Hash 3636404a197c9e0c2aa928aa09ad8456
dc1a6e7dec934a129fc53f8f2a3919fea8d109d8
68f686244bf8062c4a01620c426a800c08fcf3a115beb64603f895193f842799
GET /js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340 HTTP/1.1
Host: app.adjust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
location: https://20bet.com/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.com; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.io; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adj.st; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=go.link; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.net.in; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.world; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.cn; Max-Age=2
date: Sat, 22 Oct 2022 19:28:12 GMT
content-length: 295
x-robots-tag: noindex
popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
104.21.54.194200 OK 0 B URL HTTP/2 popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
IP 104.21.54.194:0
GET /serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ== HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 19:28:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZ30%2Bx5ccyEmaNsVaG5WFaOJFwf%2BqJmKR%2FS9JcrD3X3W3CmhkRYJOqoRvFvWlg12yiVx%2BjR9B%2BbokhYPUkuhCHeavZKIfz%2FjCygSsS7LTx%2BHASWPsqs9f2x%2F3e%2F1Zcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a25d78b9fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
49.12.123.158302 Found 0 B URL HTTP/2 newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
IP 49.12.123.158:0
ASN #24940 Hetzner Online GmbH
GET /click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 19:28:10 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: uclick=2tvc4p1ntl; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=2tvc4p1ntl-2tvc4p1ntl-qqxi-0-gx7vwj-qdxs6o-qdxsdz-45fb6b; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
172.67.68.125302 Found 0 B URL HTTP/2 20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
IP 172.67.68.125:0
GET /promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1
Host: 20media.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 22 Oct 2022 19:28:12 GMT
content-type: text/html; charset=UTF-8
location: https://app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIZOQnx2zpnkrDHTVQDRsNisEuS11zF1GPyRtwU5qM8iz8RmKHgJuJnnlZXC6hRZ4M26c2U5dISGcO%2BEWhgSv0JMS0DQ%2B64FjVraKqfg0OVeGJ4xh600ULenuWSebUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a27a98df1bfa-OSL
X-Firefox-Spdy: h2