Overview

URL4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2
IP 23.235.251.114 (United States)
ASN#19437 SS-ASH
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-22 19:28:14 UTC
StatusLoading report..
IDS alerts0
Blocklist alert5
urlquery alerts No alerts detected
Tags None

Domain Summary (24)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
cola.trffclb.com (2) 0 2022-09-30 11:19:40 UTC 2022-10-22 17:17:31 UTC 51.83.143.92 Unknown ranking
tsyndicate.com (1) 13042 2017-03-16 09:04:54 UTC 2022-10-22 12:41:47 UTC 136.243.46.156
20media.world (1) 501352 2020-09-18 08:05:58 UTC 2022-10-22 10:36:11 UTC 172.67.68.125
firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-22 11:53:20 UTC 18.244.155.19
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-22 04:56:58 UTC 34.160.144.191
ocsp.digicert.com (5) 86 2012-05-21 07:02:23 UTC 2022-10-22 11:24:06 UTC 93.184.220.29
app.adjust.com (1) 948 2015-01-12 12:48:11 UTC 2022-10-22 06:49:07 UTC 185.151.204.12
popmyads.com (1) 44134 2019-01-09 18:43:38 UTC 2022-10-22 04:10:20 UTC 104.21.54.194
r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-10-22 04:42:34 UTC 23.36.76.226
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-22 05:16:26 UTC 52.89.136.7
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-22 04:43:01 UTC 34.120.237.76
samba.trffclb.com (3) 0 2022-09-30 11:20:25 UTC 2022-10-22 04:10:20 UTC 51.83.143.92 Unknown ranking
popcash.net (1) 11104 2012-11-06 20:48:11 UTC 2022-10-22 08:11:03 UTC 104.21.52.38
ocsp.sectigo.com (3) 487 2018-12-17 11:31:55 UTC 2022-10-22 19:08:50 UTC 104.18.32.68
adeumssp.com (1) 0 2022-06-08 13:33:59 UTC 2022-10-21 23:55:33 UTC 168.119.142.247 Unknown ranking
curvyalpaca.cc (2) 0 2022-07-25 12:37:57 UTC 2022-10-22 05:52:51 UTC 168.119.67.98 Unknown ranking
4.us.findthewind.xyz (2) 0 2022-08-03 12:57:45 UTC 2022-10-22 17:18:02 UTC 23.235.251.114 Unknown ranking
redir.findthewind.xyz (2) 0 2022-08-11 09:16:56 UTC 2022-10-22 14:07:59 UTC 198.211.113.186 Unknown ranking
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun (2) 0 2022-08-21 08:58:43 UTC 2022-10-22 13:12:26 UTC 5.161.78.177 Unknown ranking
promo.20bet.partners (1) 524075 2020-02-17 04:06:03 UTC 2022-10-22 14:54:56 UTC 23.36.79.25
newbinotracs.com (1) 0 2022-05-09 13:46:20 UTC 2022-10-21 19:21:31 UTC 49.12.123.158 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-22 04:42:59 UTC 34.117.237.239
leche.labtrffc.com (2) 0 2021-02-18 14:08:36 UTC 2022-10-22 04:10:19 UTC 51.83.143.92 Domain (labtrffc.com) ranked at: 87846
ps.popcash.net (2) 67692 2018-12-04 13:00:05 UTC 2022-10-21 23:55:31 UTC 44.207.60.131

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-22 2 trffclb.com Sinkholed
2022-10-22 2 trffclb.com Sinkholed
2022-10-22 2 trffclb.com Sinkholed
2022-10-22 2 trffclb.com Sinkholed
2022-10-22 2 trffclb.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 23.235.251.114
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114
2023-01-25 06:47:03 +0000 0 - 0 - 1 21.us.tealwinds.xyz/feed/?link=true&tid=21&su (...) 23.235.251.114
2023-01-19 15:47:03 +0000 0 - 0 - 2 60.us.tealwinds.xyz/feed/?link=true&tid=60&su (...) 23.235.251.114


Last 5 reports on ASN: SS-ASH
Date UQ / IDS / BL URL IP
2023-02-05 11:22:44 +0000 0 - 0 - 2 4.us.silverwinds.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2023-02-03 20:22:48 +0000 0 - 0 - 2 8.us.tealwinds.xyz/feed/?link=true&tid=8&subi (...) 23.235.251.114
2023-02-01 20:53:46 +0000 0 - 0 - 22 www.montereycountyclinicservices.org/ 131.153.100.222
2023-01-31 07:05:58 +0000 0 - 0 - 4 www.afamag.com/ 131.153.100.9
2023-01-29 16:07:50 +0000 0 - 2 - 2 66.us.tealwinds.xyz/feed/?link=true&tid=66&su (...) 23.235.251.114


Last 5 reports on domain: findthewind.xyz
Date UQ / IDS / BL URL IP
2022-10-25 09:31:58 +0000 0 - 0 - 9 68.us.findthewind.xyz/feed/?link=true&tid=68& (...) 23.235.251.114
2022-10-24 06:48:06 +0000 0 - 0 - 7 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-24 00:22:55 +0000 0 - 0 - 4 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-23 08:38:27 +0000 0 - 0 - 1 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114
2022-10-22 19:28:14 +0000 0 - 0 - 5 4.us.findthewind.xyz/feed/?link=true&tid=4&su (...) 23.235.251.114


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-09 00:18:46 +0000 0 - 0 - 1 c.adup.app/35547?cv=ENjX4aBh7etfau24rBTBSH 68.183.246.137
2023-02-09 00:00:04 +0000 0 - 1 - 0 data.biphysics.com/r?_=1634800908454&pid=1073 (...) 63.251.106.25
2023-02-08 23:03:00 +0000 3 - 6 - 0 chase-secire.duckdns.org/j/secure/730265b1e/e (...) 134.209.64.231
2023-02-08 22:44:45 +0000 0 - 0 - 1 thes.wellfasthealthinc.com/ga/click/2-4598593 (...) 154.53.58.180
2023-02-08 22:41:34 +0000 0 - 0 - 2 627394.com/jp 173.254.231.92

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (55)


Request Response
                                        
                                            GET /feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2 HTTP/1.1 
Host: 4.us.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.244.155.19
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 19:26:25 GMT
Expires: Sat, 22 Oct 2022 19:35:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d387fec28536c5aa92926c56363afe9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: rd9oudyyq4cpR_Es40SE4rH-enCDL6CfKkY5aXaXWl8O7a0oKn5yfQ==
Age: 98


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    c9df6b36bf16969ac566c1b798362e4a
Sha1:   e56eff34815153ae019a4bf63eb9746dd9ae2e5b
Sha256: 33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4478
Expires: Sat, 22 Oct 2022 20:42:41 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4465
Expires: Sat, 22 Oct 2022 20:42:28 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sjdPZH/yDs2NzjfjyAbqTsSdSD4rTuzE1S5j2Uwu/tVKQQIDCTOEZT33QjGGST++kjjhUSTPHoE=
x-amz-request-id: YSTCR1H7CHWVE4G7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 19:07:45 GMT
age: 1218
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 22 Oct 2022 19:28:04 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "92913E6C6869DCEA6413D0891236FCBAD037740351CC219A5EC2E136BC11F675"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7724
Expires: Sat, 22 Oct 2022 21:36:48 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive

                                        
                                            GET /click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2 HTTP/1.1 
Host: redir.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   230
Md5:    7ef6d31c814979bd842f5e6f09cfb7bd
Sha1:   4f9fa32f92cbc28d74e40dad8f216379df418ce6
Sha256: 96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15102
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive

                                        
                                            GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1 
Host: leche.labtrffc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:04 GMT
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.244.155.19
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 19:03:50 GMT
Expires: Sat, 22 Oct 2022 19:10:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 597c788e23cf83427002ab097f30f484.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: k2v4Pv1otFKET07sTuPyjh3CRkA57h-aO5W6ECALm04ybNNbxoZuRA==
Age: 1454


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1019
Cache-Control: max-age=132940
Date: Sat, 22 Oct 2022 19:28:04 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 08:23:44 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "78A2AAC75F89EFF3A845C58CE19360B72F642C65566B1726B34EA11316F94D94"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Sun, 23 Oct 2022 01:27:30 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: t/AY6Mn6Ew0bTDYFXaWC7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.136.7
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fc61hTbdAkC9b0o0lMItTk48vzw=

                                        
                                            GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888 HTTP/1.1 
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         5.161.78.177
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
date: Sat, 22 Oct 2022 19:28:05 GMT
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:05 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   164
Md5:    813f9846b49c0ada805648edf1b2fdbd
Sha1:   caa24890460f73e6a72bb49426351e67e83b053d
Sha256: 8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15101
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

                                        
                                            GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b HTTP/1.1 
Host: cola.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:05 GMT
Content-Length: 0
Connection: keep-alive
Round: 12auco2bgv
Raund: 2h2
Location: https://4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FC725643AB4C70A0AE37820770D052E62720DC461F85E4DF516424A8F59E9828"
Last-Modified: Sat, 22 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 23 Oct 2022 01:28:05 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 76929
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7372
Md5:    616e14aee034bbf77c3b74b3ea53961b
Sha1:   ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
Sha256: 0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10973
x-amzn-requestid: 081470ca-0107-4052-be55-9c713105bb27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUr-TEKPoAMFZfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c05b-17199f8c0fc0fb7443a902f1;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:40:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: h8elwC37DfS3PoG9NuRyfp-bqOoLi9KWeSWvwuY4mFMGG4HHC3jZAg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:39:23 GMT
age: 74923
etag: "beff4ae9e24599addce8a961c955788045c56645"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10973
Md5:    6bd5e942443ffd011faf10dc88d92081
Sha1:   beff4ae9e24599addce8a961c955788045c56645
Sha256: 2c59d984971e73d497975032c23700b5602fccf403f4683a8047f5f42d4e261f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qZ8wiQp_Cnx6_fT-TrOCKmkrcpYHyhByOvYpgE9XWkA0VUGxjs6cSw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:06 GMT
age: 76920
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8856
Md5:    a361cef05d531426819a2bffd8ab1e47
Sha1:   9c8050ffd0de58005705219ec70b6e4352e35b5e
Sha256: 0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 76584
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10720
Md5:    cdaacab30d73a7d05180cc16f4a96a3f
Sha1:   6cc0e39e0decbc20c765f171f63affd85fc9e6da
Sha256: f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JOZwwfasalOC-qk9FERBCqhR9jOp1svTRJxaA40zR6p6yta1_W1dVA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:07 GMT
age: 76919
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11151
Md5:    26c47e4b0147f8dee3e71a53a8f2830c
Sha1:   381edb4758da428db5ffe884f8fb38bf11044f69
Sha256: b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 77134
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5517
Md5:    1ee464d6a426da49571c97060e65a4e8
Sha1:   aef2208c82085b4dc8472ee28bc63b9a8832fe0e
Sha256: 704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
                                        
                                            GET /feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd HTTP/1.1 
Host: 4.us.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         23.235.251.114
HTTP/1.1 301 Moved Permanently
                                        
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

                                        
                                            GET /click/invalid/?tid=4&subid=4.no HTTP/1.1 
Host: redir.findthewind.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         198.211.113.186
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   230
Md5:    7ef6d31c814979bd842f5e6f09cfb7bd
Sha1:   4f9fa32f92cbc28d74e40dad8f216379df418ce6
Sha256: 96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525
                                        
                                            GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1 
Host: leche.labtrffc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Length: 0
Connection: keep-alive
Round:
Raund:
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888

                                        
                                            GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888 HTTP/1.1 
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         5.161.78.177
HTTP/2 307 Temporary Redirect
content-type: text/html
                                        
date: Sat, 22 Oct 2022 19:28:06 GMT
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:06 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   164
Md5:    813f9846b49c0ada805648edf1b2fdbd
Sha1:   caa24890460f73e6a72bb49426351e67e83b053d
Sha256: 8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
                                        
                                            GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b HTTP/1.1 
Host: cola.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2h2
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646; expires=Tue, 25-Oct-2022 19:28:07 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (541)
Size:   493
Md5:    7f3a30b3c34b18e9f53fd57919beae4e
Sha1:   fd9f4426e014ade094dc9183c44e4f0b358d9ba2
Sha256: 387eacc7c503d85fe16b7867ed9415ab34100446b1d9886627fdfc3a1d754b53

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1 HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 10ut8eivbv
Raund: 2fx
Location: https://popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: samba.trffclb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         51.83.143.92
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   20
Md5:    a4745abc5e7fdb89cc6df3069f3c6e69
Sha1:   74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
Sha256: d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /world/go/142/26196/ HTTP/1.1 
Host: popcash.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.52.38
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Sat, 22 Oct 2022 19:28:08 GMT
Content-Length: 162
Connection: keep-alive
Location: http://ps.popcash.net/go/142/26196/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEtiWMnFPNjjV7rfbbQVpMMt1BcijM6Upt8fyA2vInAlRor1kY73dmtwifrxmizKylRvC5Z9LAdCU6ubEcfcIzm57TrWmPBsxVGaVJG4npBMb5osGmiDSiNMjrdO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75e4a26399a70b49-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /go/142/26196/ HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         44.207.60.131
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Content-Encoding: gzip
Date: Sat, 22 Oct 2022 19:28:08 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 269
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   2700
Md5:    c521503aff77431258b876fa71b654a7
Sha1:   a20c8c6108365788ff2369defc56dbaee2b85383
Sha256: 96db1a8450b62d52b577e016fdc3ac900b26ab176675d56439ba2deeb6d89fe0
                                        
                                            GET /ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0 HTTP/1.1 
Host: ps.popcash.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1

search
                                         44.207.60.131
HTTP/1.1 303 See Other
                                        
Date: Sat, 22 Oct 2022 19:28:08 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 02:30:53 GMT
Expires: Thu, 27 Oct 2022 02:30:52 GMT
Etag: "eb9ede8af7ee0c2b60e737be4673da03daf093c4"
Cache-Control: max-age=370362,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a2685d99b50c-OSL

                                        
                                            GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1 
Host: adeumssp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         168.119.142.247
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Sat, 22 Oct 2022 19:28:09 GMT
content-length: 525
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (523)
Size:   525
Md5:    a8af9d814bd31055cee74756240aa893
Sha1:   fa2d96e0ec7b29cb46a7b9ad1b49b838b6e15216
Sha256: ddba177f8848546c88b7feabd047cc63c003951e5fd1caf3b87acaa348505289
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 02:40:44 GMT
Expires: Sat, 29 Oct 2022 02:40:43 GMT
Etag: "7f03f5ccd93a7231fb4a238c8e2db1a4e332092a"
Cache-Control: max-age=543753,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a26b5937b50c-OSL

                                        
                                            GET /sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0 HTTP/1.1 
Host: curvyalpaca.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         168.119.67.98
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
content-length: 107
location: http://tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   107
Md5:    d44e45baa8d9415729829cef6a797c89
Sha1:   bda389c24aa6fba1bf13272cacea465ffd75302d
Sha256: c4670d6167d521e641c75c76883d4d48208e9419e51bb5d041ad88de131d1f73
                                        
                                            GET /api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317 HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         136.243.46.156
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=2ZdR79kmPNE-nlZkVCcbAL_I-O8-c_NoX9SIYoiyiGifV7Ks8t0hKKVhh9oEH6TbMTc-axSYtt8ga7MsTi1UvLyXkyjLN5Fb1wD0mAVVwUnJ7vEw1lRuiDe2VmcInn4FKZLtte77XGihlU5aORIDGc6DKftaUfjkKq7_ayDe8cz-mCqzP_YyAZVSvVXGC8DoNEGZAmGpXVm0xt9VAXehQxmb3VJr0hE-0OtFgzlDGLPh5jz_kT58PGCWqMyHm9iX9PwqSkP1MvqflTgXaxzbxWWWW3DDqVl1XnU0rOMi-UwXUhR_UNK7ol2-47luafCR8rGMvY9kybKHkbcHFKS2q_PVPSiSR-Jrq_RexrWI7InIy5h9aSsy98qn4HG3cvjcQchrpyv-mo4BYaHHkdpV2TdkhdJiPrBeuAF4SWJq3l7t15B8TMI6mKMF06H2ai_B9k5FKP1jsvMrhMb-EvUSr6ONM9B_EV_1hf5GtCULB4DlOpM9g7AUtijz68FBvbLtyVY4B0A_OK_EjgZNH8IXjN02imGGU0ODyYYUyVqfIRzw07M5JolKuAvjsDE_4hHVRawCF3Fygp_P0NJULxbVTRvF5J8_dMu2E_UPoZCgt8hT7k8WsDAiUShNCBoW3SrfCmsvui_8MoJUD6YgDoTyVjVu_JWdqFynTs6_ETB3PhCk1tBuHmZlsizKa_rqjGxOOLHEPCmxzGdWTRLxUypxR0TltYVMaeYrvIh5gwIUrTA
X-Request-Id: 3e87dabe443c1849
Set-Cookie: ts_uid=d6afbbef-643c-4cec-bc55-39b956f2dc5d; expires=Sat, 22 Apr 2023 19:28:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 00:04:36 GMT
Expires: Thu, 27 Oct 2022 00:04:35 GMT
Etag: "a89964a15b549e28931afb7efd612e1eb5156756"
Cache-Control: max-age=361584,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a27138c7b50c-OSL

                                        
                                            GET /click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx HTTP/1.1 
Host: curvyalpaca.cc
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         168.119.67.98
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   737
Md5:    ccc6de65807bf51dba55ce38814a798e
Sha1:   0cb287b7e7f436284c7717cc37e3ae50f42192eb
Sha256: 314ed4fb73feb6d76731ad099fcc9fff15c8231e92efc340ea63d380f485a1a3
                                        
                                            GET /redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1 
Host: promo.20bet.partners
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         23.36.79.25
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
content-length: 0
location: https://20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 22 Oct 2022 19:28:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 22 Oct 2022 19:28:11 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a176996%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666466890999)%5c%2f%22%2c%22CookieTag%22%3a%221971176996451240919C202210221928%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22850365971%7c1%22%7d%5d; domain=.20bet.partners; expires=Mon, 22-Oct-3021 19:28:11 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=48, origin; dur=105
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=153123
Date: Sat, 22 Oct 2022 19:28:11 GMT
Etag: "6353f4d6-118"
Expires: Mon, 24 Oct 2022 14:00:14 GMT
Last-Modified: Sat, 22 Oct 2022 13:49:10 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5912
Cache-Control: max-age=91396
Date: Sat, 22 Oct 2022 19:28:12 GMT
Etag: "6352ef38-1d7"
Expires: Sun, 23 Oct 2022 20:51:28 GMT
Last-Modified: Fri, 21 Oct 2022 19:12:56 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340 HTTP/1.1 
Host: app.adjust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         185.151.204.12
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                        
location: https://20bet.com/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.com; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.io; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adj.st; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=go.link; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.net.in; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.world; Max-Age=2 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.cn; Max-Age=2
date: Sat, 22 Oct 2022 19:28:12 GMT
content-length: 295
x-robots-tag: noindex


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   295
Md5:    3636404a197c9e0c2aa928aa09ad8456
Sha1:   dc1a6e7dec934a129fc53f8f2a3919fea8d109d8
Sha256: 68f686244bf8062c4a01620c426a800c08fcf3a115beb64603f895193f842799
                                        
                                            GET /serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ== HTTP/1.1 
Host: popmyads.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.21.54.194
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sat, 22 Oct 2022 19:28:07 GMT
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZ30%2Bx5ccyEmaNsVaG5WFaOJFwf%2BqJmKR%2FS9JcrD3X3W3CmhkRYJOqoRvFvWlg12yiVx%2BjR9B%2BbokhYPUkuhCHeavZKIfz%2FjCygSsS7LTx%2BHASWPsqs9f2x%2F3e%2F1Zcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a25d78b9fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop HTTP/1.1 
Host: newbinotracs.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         49.12.123.158
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.18.0
date: Sat, 22 Oct 2022 19:28:10 GMT
location: https://promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: uclick=2tvc4p1ntl; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none uclickhash=2tvc4p1ntl-2tvc4p1ntl-qqxi-0-gx7vwj-qdxs6o-qdxsdz-45fb6b; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1 
Host: 20media.world
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.68.125
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Sat, 22 Oct 2022 19:28:12 GMT
location: https://app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIZOQnx2zpnkrDHTVQDRsNisEuS11zF1GPyRtwU5qM8iz8RmKHgJuJnnlZXC6hRZ4M26c2U5dISGcO%2BEWhgSv0JMS0DQ%2B64FjVraKqfg0OVeGJ4xh600ULenuWSebUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a27a98df1bfa-OSL
X-Firefox-Spdy: h2


--- Additional Info ---