Report - 4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2

Report Overview

Submitted URL
4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2
IP
23.235.251.114
ASN
#19437 SS-ASH
Submitted
2022-10-22 19:28:14
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	18.244.155.19
samba.trffclb.com	unknown	2022-09-30T13:20:25Z	2023-03-09T09:49:33Z	1.6 kB	1.5 kB	51.83.143.92
popcash.net	11104	2012-10-10T15:08:00Z	2023-03-09T10:22:00Z	350 B	760 B	104.21.52.38
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	1.6 kB	3.4 kB	93.184.220.29
cola.trffclb.com	unknown	2022-09-30T13:19:40Z	2023-03-09T14:12:06Z	1.1 kB	581 B	51.83.143.92
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	61 kB	34.120.237.76
adeumssp.com	unknown	2022-06-08T15:33:59Z	2023-03-08T15:21:22Z	513 B	1.2 kB	168.119.142.247
tsyndicate.com	13042	2017-03-16T10:04:54Z	2023-03-09T12:48:36Z	396 B	1.4 kB	136.243.46.156
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
redir.findthewind.xyz	unknown	2022-08-11T11:16:56Z	2022-10-25T08:00:26Z	965 B	1.3 kB	198.211.113.186
leche.labtrffc.com	unknown	2021-02-18T15:08:36Z	2023-02-24T17:00:27Z	996 B	596 B	51.83.143.92
20media.world	501352	2020-09-18T10:05:58Z	2023-03-07T02:54:35Z	651 B	1.4 kB	172.67.68.125
app.adjust.com	948	2015-01-12T13:48:11Z	2023-03-09T20:08:27Z	970 B	1.3 kB	185.151.204.12
popmyads.com	44134	2014-04-04T13:58:21Z	2023-03-09T12:10:38Z	515 B	695 B	104.21.54.194
newbinotracs.com	unknown	2022-05-09T15:46:20Z	2023-03-09T08:14:23Z	657 B	692 B	49.12.123.158
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-09T11:25:06Z	984 B	2.9 kB	104.18.32.68
curvyalpaca.cc	unknown	2022-07-25T14:37:57Z	2023-03-09T04:01:42Z	2.4 kB	1.4 kB	168.119.67.98
promo.20bet.partners	524075	2020-02-17T05:06:03Z	2023-03-09T09:22:34Z	624 B	1.3 kB	23.36.79.25
4.us.findthewind.xyz	unknown	2022-08-03T14:57:45Z	2022-10-25T11:31:40Z	928 B	509 B	23.235.251.114
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3.6 kB	9.8 kB	23.36.76.226
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun	unknown	2022-08-21T10:58:43Z	2023-03-09T14:12:05Z	1.1 kB	1.2 kB	5.161.78.177
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	52.89.136.7
ps.popcash.net	67692	2018-12-04T14:00:05Z	2023-03-09T07:42:57Z	781 B	3.1 kB	44.207.60.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-22	medium	trffclb.com	Sinkholed
2022-10-22	medium	trffclb.com	Sinkholed
2022-10-22	medium	trffclb.com	Sinkholed
2022-10-22	medium	trffclb.com	Sinkholed
2022-10-22	medium	trffclb.com	Sinkholed

JavaScript (5)

	URL	Size	First Seen	Last Seen
	samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b	288 B	2023-03-07	2023-04-02
Pretty URL samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash 39b0d0273a1fb864d830216dd7c2e357 dc5db9208682c1f704ac3f47978f9667c1371fb5 6e15d354cc231f333118b1508b21ece489e38854d556fa95d1e0cd222a8ea570 Loading...

	samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b	243 B	2023-03-07	2023-04-02
Pretty URL samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash c5ece1e9d202b87cb431d3d96e5575b6 f6d83964155d7c1613c5708b3dd802cedd431061 f2bbcb4681e3c185c2ab19b1c09ce623d2d516dc49f32d3773e769ae0db74be4 Loading...

	popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==	1.3 kB	2023-03-10	2023-03-10
Pretty URL popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ== IP 104.21.54.194 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:21:58 Last Seen2023-03-10 13:21:58 Times Seen1 Hash 6137fb7866d24bfd9c124c11c6bd2659 d7bb694411773786b8771f5356dc743934f7810c e4d0c74bde83addb7f73f4da8f03a8ab4cdbbe567b6ea582eba960673f65dbb4 Loading...

	ps.popcash.net/go/142/26196/	382 B	2023-03-10	2023-03-10
Pretty URL ps.popcash.net/go/142/26196/ IP 44.207.60.131 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:21:58 Last Seen2023-03-10 13:21:58 Times Seen1 Hash 9d3420d8dd3ed64d070436bdf72633c2 337968297a5c7610ad21563afcd0a9265bc1ed66 2a29ae4d8739a7ce819b55a44e042acb232463e38b56166fe2fe06442a5b0366 Loading...

	curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx	718 B	2023-03-10	2023-03-10
Pretty URL curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx IP 168.119.67.98 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:21:58 Last Seen2023-03-10 13:21:58 Times Seen1 Hash 259d55ae44d79d153841319fc802a837 0fc7a3147160adb9afcd6969551db49ed25cd855 fa7278a2ac79528590086037a7ccb0cfc343a4d3763494027b025621ecb338f8 Loading...

HTTP Transactions (55)

URL IP Response Size

4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2

23.235.251.114

301 Moved Permanently

0 B

URL HTTP/1.1
4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2
IP
23.235.251.114:0
ASN
#19437 SS-ASH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /feed/?link=true&tid=4&subid=4.us&ref=4.us.findthewind.xyz&s1=635444357d501552252af0f2 HTTP/1.1
Host: 4.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

firefox.settings.services.mozilla.com/v1/

18.244.155.19

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.244.155.19:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 19:26:25 GMT
Expires: Sat, 22 Oct 2022 19:35:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d387fec28536c5aa92926c56363afe9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: rd9oudyyq4cpR_Es40SE4rH-enCDL6CfKkY5aXaXWl8O7a0oKn5yfQ==
Age: 98

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4478
Expires: Sat, 22 Oct 2022 20:42:41 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4465
Expires: Sat, 22 Oct 2022 20:42:28 GMT
Date: Sat, 22 Oct 2022 19:28:03 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sjdPZH/yDs2NzjfjyAbqTsSdSD4rTuzE1S5j2Uwu/tVKQQIDCTOEZT33QjGGST++kjjhUSTPHoE=
x-amz-request-id: YSTCR1H7CHWVE4G7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 19:07:45 GMT
age: 1218
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 19:28:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
821a2aaf269fb60cc0ba7bd73b847bed
3cf230af5872187e640080ab3f775bd01e90f86c
92913e6c6869dcea6413d0891236fcbad037740351cc219a5ec2e136bc11f675

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92913E6C6869DCEA6413D0891236FCBAD037740351CC219A5EC2E136BC11F675"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7724
Expires: Sat, 22 Oct 2022 21:36:48 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive

redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2

198.211.113.186

302 Found

230 B

URL HTTP/1.1
redir.findthewind.xyz/click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2
IP
198.211.113.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
230 B (230 bytes)
Hash
7ef6d31c814979bd842f5e6f09cfb7bd
4f9fa32f92cbc28d74e40dad8f216379df418ce6
96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525

HTTP Headers

GET /click/invalid/?tid=4&subid=4&s1=635444357d501552252af0f2 HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive
Keep-Alive: timeout=5

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb46c47c60b7cc0b75168df2e3d8af7d
d2392917947e2938760be8483708316e52a0f365
5d22175d1d81bd30615dbf4da199a31a1d0920fc88437d7accf68285ab160ce4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15102
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:04 GMT
Connection: keep-alive

leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4

51.83.143.92

302 Found

0 B

URL HTTP/1.1
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 
Raund: 
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.244.155.19

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.244.155.19:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 19:03:50 GMT
Expires: Sat, 22 Oct 2022 19:10:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 597c788e23cf83427002ab097f30f484.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: k2v4Pv1otFKET07sTuPyjh3CRkA57h-aO5W6ECALm04ybNNbxoZuRA==
Age: 1454

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1019
Cache-Control: max-age=132940
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:04 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 08:23:44 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3c45356d9dd692ff7963d0de8a3e71f7
c3aa5157e23881cac6660e205540ee16b27b0380
78a2aac75f89eff3a845c58ce19360b72f642c65566b1726b34ea11316f94d94

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78A2AAC75F89EFF3A845C58CE19360B72F642C65566B1726B34EA11316F94D94"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Sun, 23 Oct 2022 01:27:30 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: t/AY6Mn6Ew0bTDYFXaWC7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fc61hTbdAkC9b0o0lMItTk48vzw=

pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888

5.161.78.177

307 Temporary Redirect

164 B

URL HTTP/2
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888
IP
5.161.78.177:0
ASN
#213230 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3

HTTP Headers

GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544444f8a81d4772380258&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 307 Temporary Redirect
date: Sat, 22 Oct 2022 19:28:05 GMT
content-type: text/html
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:05 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb46c47c60b7cc0b75168df2e3d8af7d
d2392917947e2938760be8483708316e52a0f365
5d22175d1d81bd30615dbf4da199a31a1d0920fc88437d7accf68285ab160ce4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D22175D1D81BD30615DBF4DA199A31A1D0920FC88437D7ACCF68285AB160CE4"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15101
Expires: Sat, 22 Oct 2022 23:39:46 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b

51.83.143.92

302 Found

0 B

URL HTTP/1.1
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544444f8a81d4772380258&source=888b HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12auco2bgv
Raund: 2h2
Location: https://4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
874e376ef6cbf9f489d32bb36c830e52
c58fb633459f4aa96838edba357f308e81a12be2
fc725643ab4c70a0ae37820770d052e62720dc461f85e4df516424a8f59e9828

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC725643AB4C70A0AE37820770D052E62720DC461F85E4DF516424A8F59E9828"
Last-Modified: Sat, 22 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 23 Oct 2022 01:28:05 GMT
Date: Sat, 22 Oct 2022 19:28:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 22 Oct 2022 20:54:33 GMT
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7372 bytes)
Hash
616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 76929
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10973 bytes)
Hash
6bd5e942443ffd011faf10dc88d92081
beff4ae9e24599addce8a961c955788045c56645
2c59d984971e73d497975032c23700b5602fccf403f4683a8047f5f42d4e261f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f52601f-0c98-4537-a72e-d72f9dbe4167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: 081470ca-0107-4052-be55-9c713105bb27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUr-TEKPoAMFZfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c05b-17199f8c0fc0fb7443a902f1;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:40:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: h8elwC37DfS3PoG9NuRyfp-bqOoLi9KWeSWvwuY4mFMGG4HHC3jZAg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:39:23 GMT
age: 74923
etag: "beff4ae9e24599addce8a961c955788045c56645"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8856 bytes)
Hash
a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qZ8wiQp_Cnx6_fT-TrOCKmkrcpYHyhByOvYpgE9XWkA0VUGxjs6cSw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:06 GMT
age: 76920
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10720 bytes)
Hash
cdaacab30d73a7d05180cc16f4a96a3f
6cc0e39e0decbc20c765f171f63affd85fc9e6da
f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 76584
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11151 bytes)
Hash
26c47e4b0147f8dee3e71a53a8f2830c
381edb4758da428db5ffe884f8fb38bf11044f69
b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JOZwwfasalOC-qk9FERBCqhR9jOp1svTRJxaA40zR6p6yta1_W1dVA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:07 GMT
age: 76919
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5517 bytes)
Hash
1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 77134
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd

23.235.251.114

301 Moved Permanently

0 B

URL HTTP/1.1
4.us.findthewind.xyz/feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd
IP
23.235.251.114:0
ASN
#19437 SS-ASH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /feed/?link=true&tid=4&subid=4.no&ref=&s1=63544445be4930316d49d3cd HTTP/1.1
Host: 4.us.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Location: https://redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no

198.211.113.186

302 Found

230 B

URL HTTP/1.1
redir.findthewind.xyz/click/invalid/?tid=4&subid=4.no
IP
198.211.113.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
230 B (230 bytes)
Hash
7ef6d31c814979bd842f5e6f09cfb7bd
4f9fa32f92cbc28d74e40dad8f216379df418ce6
96c1f5b72cb60e7e91cd1d2d542c492e3148b180736ed3fcb36d45a84f454525

HTTP Headers

GET /click/invalid/?tid=4&subid=4.no HTTP/1.1
Host: redir.findthewind.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
X-Powered-By: Express
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
Location: https://leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 230
Date: Sat, 22 Oct 2022 19:28:06 GMT
Connection: keep-alive
Keep-Alive: timeout=5

leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4

51.83.143.92

302 Found

0 B

URL HTTP/1.1
leche.labtrffc.com/p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240?s=nxs-4 HTTP/1.1
Host: leche.labtrffc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 
Raund: 
Location: https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888

pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888

5.161.78.177

307 Temporary Redirect

164 B

URL HTTP/2
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888
IP
5.161.78.177:0
ASN
#213230 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3

HTTP Headers

GET /emw/v1/dt?sid=888b&k=bfb&url=&xrw=&lid=63544446be4930316d49d423&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 307 Temporary Redirect
date: Sat, 22 Oct 2022 19:28:06 GMT
content-type: text/html
content-length: 164
location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
set-cookie: emwxcid_4_1=kg7mRoLsV3EnC9G9qokoOEHgBvyOGJXTditzdcB1iEZfLVV3Du; expires=Sun, Oct 22 2023 19:28:06 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
X-Firefox-Spdy: h2

cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b

51.83.143.92

302 Found

0 B

URL HTTP/1.1
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63544446be4930316d49d423&source=888b HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2h2
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b

samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b

51.83.143.92

200 OK

493 B

URL HTTP/1.1
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (541)
Size
493 B (493 bytes)
Hash
7f3a30b3c34b18e9f53fd57919beae4e
fd9f4426e014ade094dc9183c44e4f0b358d9ba2
387eacc7c503d85fe16b7867ed9415ab34100446b1d9886627fdfc3a1d754b53

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646; expires=Tue, 25-Oct-2022 19:28:07 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip

samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1

51.83.143.92

302 Found

0 B

URL HTTP/1.1
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Cookie: bt-603611c5b7eaf46891533240=63544447dc1660059049d646
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 10ut8eivbv
Raund: 2fx
Location: https://popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
27eaa9c8b42b2432332a025a7547a13c
23c9e67396bba1e8511cbc72e3e160382dc0513b
bbda3fed6016ddf6dfba8882c8c41cabe3bafc81c51d3bcb26d89d56bbd7a173

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

samba.trffclb.com/favicon.ico

51.83.143.92

200 OK

20 B

URL HTTP/1.1
samba.trffclb.com/favicon.ico
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int-888b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 19:28:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
27eaa9c8b42b2432332a025a7547a13c
23c9e67396bba1e8511cbc72e3e160382dc0513b
bbda3fed6016ddf6dfba8882c8c41cabe3bafc81c51d3bcb26d89d56bbd7a173

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1852
Cache-Control: max-age=126214
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:07 GMT
Etag: "63538711-118"
Expires: Mon, 24 Oct 2022 06:31:41 GMT
Last-Modified: Sat, 22 Oct 2022 06:00:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

popcash.net/world/go/142/26196/

104.21.52.38

301 Moved Permanently

162 B

URL HTTP/1.1
popcash.net/world/go/142/26196/
IP
104.21.52.38:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /world/go/142/26196/ HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 19:28:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://ps.popcash.net/go/142/26196/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEtiWMnFPNjjV7rfbbQVpMMt1BcijM6Upt8fyA2vInAlRor1kY73dmtwifrxmizKylRvC5Z9LAdCU6ubEcfcIzm57TrWmPBsxVGaVJG4npBMb5osGmiDSiNMjrdO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75e4a26399a70b49-OSL
alt-svc: h2=":443"; ma=60

ps.popcash.net/go/142/26196/

44.207.60.131

200 OK

2.7 kB

URL HTTP/1.1
ps.popcash.net/go/142/26196/
IP
44.207.60.131:0
ASN
#14618 AMAZON-AES

File type
data
Size
2.7 kB (2700 bytes)
Hash
c521503aff77431258b876fa71b654a7
a20c8c6108365788ff2369defc56dbaee2b85383
96db1a8450b62d52b577e016fdc3ac900b26ab176675d56439ba2deeb6d89fe0

HTTP Headers

GET /go/142/26196/ HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Sat, 22 Oct 2022 19:28:08 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 269
Connection: keep-alive

ps.popcash.net/ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0

44.207.60.131

303 See Other

0 B

URL HTTP/1.1
ps.popcash.net/ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0
IP
44.207.60.131:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ad/ad?p=142&w=26196&t=783bb7ce53fb0f81&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1

HTTP/1.1 303 See Other
Date: Sat, 22 Oct 2022 19:28:08 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx
Content-Length: 0
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9f965560787f4b0cb241741eef43bcab
eb9ede8af7ee0c2b60e737be4673da03daf093c4
24a073d640735a7e024c5e29f06a034c520d01fe7125704d8c084c416e6144ef

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 02:30:53 GMT
Expires: Thu, 27 Oct 2022 02:30:52 GMT
Etag: "eb9ede8af7ee0c2b60e737be4673da03daf093c4"
Cache-Control: max-age=370362,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a2685d99b50c-OSL

adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click

168.119.142.247

302 Found

525 B

URL HTTP/2
adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
IP
168.119.142.247:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document, ASCII text, with very long lines (523)
Size
525 B (525 bytes)
Hash
a8af9d814bd31055cee74756240aa893
fa2d96e0ec7b29cb46a7b9ad1b49b838b6e15216
ddba177f8848546c88b7feabd047cc63c003951e5fd1caf3b87acaa348505289

HTTP Headers

GET /smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click HTTP/1.1
Host: adeumssp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
content-length: 525
location: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
03311749c76d3cbd4e7acc52235ef69f
7f03f5ccd93a7231fb4a238c8e2db1a4e332092a
b6828bcc9337c56a8e5524a7d608280a11eecd6f651684c83c37539e17714280

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 02:40:44 GMT
Expires: Sat, 29 Oct 2022 02:40:43 GMT
Etag: "7f03f5ccd93a7231fb4a238c8e2db1a4e332092a"
Cache-Control: max-age=543753,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a26b5937b50c-OSL

curvyalpaca.cc/sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0

168.119.67.98

302 Found

107 B

URL HTTP/2
curvyalpaca.cc/sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0
IP
168.119.67.98:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document, ASCII text
Size
107 B (107 bytes)
Hash
d44e45baa8d9415729829cef6a797c89
bda389c24aa6fba1bf13272cacea465ffd75302d
c4670d6167d521e641c75c76883d4d48208e9419e51bb5d041ad88de131d1f73

HTTP Headers

GET /sc?a=Csxn&c=qYGU9yEyZpQ8jKzPLg9Jq&e=gAAAAABjVERJDQ5iyi6pdIYX1raoPRT1sFiWG7KplJctm8SKI3yMm4dMUlvJCrzfL1sFCRFzxu4raZAd9heePW_yGyQ7aIc3uS8TVcP9gT40ULH-r34U3ayeY7naBOAIltNbbm8IxP2SuhTvrROXwG0lQe_s8IiIcVFI4lR5RJ1K4CsHL9Na_ndjnwj5I4OdSIIlytpfP95pj5VZ61QgXPXXA85cN2h8CRVuJr_EjlhwkpxPfrNpYrFgTPLW5RBH6okMn_58pAuTEYCfl-X-pLfER9cOYX5QUvpYq3iw8W4dSWmV8GzGHex-0-SFmX5dhRZqswhLKvFLoZipRNCHnajoLrZ8vRorRFyS4Yn4TdkVUAxBH1CpgIqaMrgudxaZ4yDXjzsRuYYRBWdg6y3PDfjvJ_UkQ6lRBbYMCUlFRGkFuL15ps-9ODehlJLDuFGf18vDUiBUqgK0&f=0 HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
content-length: 107
location: http://tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317

136.243.46.156

302 Found

0 B

URL HTTP/1.1
tsyndicate.com/api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317
IP
136.243.46.156:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/v1/direct/edf210b6a53a461db123d12ec1b50a33?subid=124322317 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: *
X-Api-Version: 2
Location: https://track.trackingtraffo.com/pop/imp?auth=d12jux&c=2ZdR79kmPNE-nlZkVCcbAL_I-O8-c_NoX9SIYoiyiGifV7Ks8t0hKKVhh9oEH6TbMTc-axSYtt8ga7MsTi1UvLyXkyjLN5Fb1wD0mAVVwUnJ7vEw1lRuiDe2VmcInn4FKZLtte77XGihlU5aORIDGc6DKftaUfjkKq7_ayDe8cz-mCqzP_YyAZVSvVXGC8DoNEGZAmGpXVm0xt9VAXehQxmb3VJr0hE-0OtFgzlDGLPh5jz_kT58PGCWqMyHm9iX9PwqSkP1MvqflTgXaxzbxWWWW3DDqVl1XnU0rOMi-UwXUhR_UNK7ol2-47luafCR8rGMvY9kybKHkbcHFKS2q_PVPSiSR-Jrq_RexrWI7InIy5h9aSsy98qn4HG3cvjcQchrpyv-mo4BYaHHkdpV2TdkhdJiPrBeuAF4SWJq3l7t15B8TMI6mKMF06H2ai_B9k5FKP1jsvMrhMb-EvUSr6ONM9B_EV_1hf5GtCULB4DlOpM9g7AUtijz68FBvbLtyVY4B0A_OK_EjgZNH8IXjN02imGGU0ODyYYUyVqfIRzw07M5JolKuAvjsDE_4hHVRawCF3Fygp_P0NJULxbVTRvF5J8_dMu2E_UPoZCgt8hT7k8WsDAiUShNCBoW3SrfCmsvui_8MoJUD6YgDoTyVjVu_JWdqFynTs6_ETB3PhCk1tBuHmZlsizKa_rqjGxOOLHEPCmxzGdWTRLxUypxR0TltYVMaeYrvIh5gwIUrTA
X-Request-Id: 3e87dabe443c1849
Set-Cookie: ts_uid=d6afbbef-643c-4cec-bc55-39b956f2dc5d; expires=Sat, 22 Apr 2023 19:28:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1b54ab427690eb9b6b90fd2a3c86699d
a89964a15b549e28931afb7efd612e1eb5156756
bb9f61cea9199450d013e827be1344a3e2c509070e8772350235aea78225dff3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 19:28:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 00:04:36 GMT
Expires: Thu, 27 Oct 2022 00:04:35 GMT
Etag: "a89964a15b549e28931afb7efd612e1eb5156756"
Cache-Control: max-age=361584,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e4a27138c7b50c-OSL

curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx

168.119.67.98

200 OK

737 B

URL HTTP/2
curvyalpaca.cc/click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx
IP
168.119.67.98:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
737 B (737 bytes)
Hash
ccc6de65807bf51dba55ce38814a798e
0cb287b7e7f436284c7717cc37e3ae50f42192eb
314ed4fb73feb6d76731ad099fcc9fff15c8231e92efc340ea63d380f485a1a3

HTTP Headers

GET /click?a=Csxn&e=gAAAAABjVERJKZF70HwEE9BmnhH2wxKsrGLESxEuHz6KaCPbYp4Q2vGf1XuIALMjPckoA1N9b8RReOIuC9JE9ekTDT3y9-5gUei93RPAJ2FDMkX7YxtSfe4C5DZxJZke6GeH1k9_tSBqW5XD7YLpy82zph1uIVgKe2JN7vFajWb6C2Hqvtd3vJhJ6M37kLbJTP0Z8WFGlJH1wpfRX4yDzrzCx4zYfBfPUNTGLVPymm2AI-PZASrk7zWDgqbbEOafAmeSlAoXQm4kSfEOsBOeuINurJ0DNUri-5stoFdsctT6W3nmmtSRDAshwVkB3epHfzGtknPPsX7oQHBIPI9gBD9glY9E55A5gRXrAYEOFo7rNOuHclTcJ0znyKgUUYIjd7jbwTruoAh8Y76RtrbAYRuJRVeOFCw4eG1ALBaWXzkRBRoIFkVgz3s1uMnSJUzFrPuezMGDVtqx HTTP/1.1
Host: curvyalpaca.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.1
date: Sat, 22 Oct 2022 19:28:09 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2

promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340

23.36.79.25

301 Moved Permanently

0 B

URL HTTP/2
promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1
Host: promo.20bet.partners
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 0
location: https://20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sat, 22 Oct 2022 19:28:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 22 Oct 2022 19:28:11 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a176996%2c%22BID%22%3a1971%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666466890999)%5c%2f%22%2c%22CookieTag%22%3a%221971176996451240919C202210221928%22%7d%5d; SameSite=None;; domain=.20bet.partners; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22850365971%7c1%22%7d%5d; domain=.20bet.partners; expires=Mon, 22-Oct-3021 19:28:11 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=48, origin; dur=105
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
b00d300d60c8b5291f896f81e1134f74
b9f976488eac0c93a8dc951b1fc2d5e8a77d4d62
0de6df62a35ef27f209b06a8e2e00c1da4853c299157214ef680a8afb0609b79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=153123
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:11 GMT
Etag: "6353f4d6-118"
Expires: Mon, 24 Oct 2022 14:00:14 GMT
Last-Modified: Sat, 22 Oct 2022 13:49:10 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cf066da931e8afb225477ca177e7360c
6d6b4fb50b6613bd1dcc81206e5b013d67dfb05c
221ea2ee70284f7fa459ab62a1a5fae1eea58b6f05aebf694ee24fe9bb961d2c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5912
Cache-Control: max-age=91396
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 19:28:12 GMT
Etag: "6352ef38-1d7"
Expires: Sun, 23 Oct 2022 20:51:28 GMT
Last-Modified: Fri, 21 Oct 2022 19:12:56 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340

185.151.204.12

302 Found

295 B

URL HTTP/1.1
app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
IP
185.151.204.12:0
ASN
#61273 Adjust GmbH

File type
HTML document, ASCII text
Size
295 B (295 bytes)
Hash
3636404a197c9e0c2aa928aa09ad8456
dc1a6e7dec934a129fc53f8f2a3919fea8d109d8
68f686244bf8062c4a01620c426a800c08fcf3a115beb64603f895193f842799

HTTP Headers

GET /js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340 HTTP/1.1
Host: app.adjust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
location: https://20bet.com/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: 1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.com; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.io; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adj.st; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=go.link; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.net.in; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.world; Max-Age=2
1f03a823953b3ae75c2e3676df3f539a=cCT35DOqvEwMD; Path=/; Domain=adjust.cn; Max-Age=2
date: Sat, 22 Oct 2022 19:28:12 GMT
content-length: 295
x-robots-tag: noindex

popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==

104.21.54.194

200 OK

0 B

URL HTTP/2
popmyads.com/serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ==
IP
104.21.54.194:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /serve/52264/49676/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgzLmNvbQ== HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 22 Oct 2022 19:28:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZ30%2Bx5ccyEmaNsVaG5WFaOJFwf%2BqJmKR%2FS9JcrD3X3W3CmhkRYJOqoRvFvWlg12yiVx%2BjR9B%2BbokhYPUkuhCHeavZKIfz%2FjCygSsS7LTx%2BHASWPsqs9f2x%2F3e%2F1Zcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a25d78b9fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop

49.12.123.158

302 Found

0 B

URL HTTP/2
newbinotracs.com/click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop
IP
49.12.123.158:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /click.php?key=2luo9plrxh2k2ej2k2ph&clickid=99ad71ab-8598-4d2d-8b9c-50c2f13b8615&cost=0.0055&PUB_ID=20&SUB_ID=4041281&KEYWORD=Adult%20General&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2022-10-22&BID_PUB=0.0055&CR_ID=36502&PUB_NAME=TrafficStars-pop HTTP/1.1
Host: newbinotracs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx/1.18.0
date: Sat, 22 Oct 2022 19:28:10 GMT
content-type: text/html; charset=UTF-8
location: https://promo.20bet.partners/redirect.aspx?pid=176996&bid=1971&lpid=293&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
set-cookie: uclick=2tvc4p1ntl; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=2tvc4p1ntl-2tvc4p1ntl-qqxi-0-gx7vwj-qdxs6o-qdxsdz-45fb6b; expires=Sun, 23-Oct-2022 19:28:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340

172.67.68.125

302 Found

0 B

URL HTTP/2
20media.world/promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340
IP
172.67.68.125:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /promotions/first-deposit-casino?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340 HTTP/1.1
Host: 20media.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 22 Oct 2022 19:28:12 GMT
content-type: text/html; charset=UTF-8
location: https://app.adjust.com/js8txs6?btag=655020_8A8C76A7BBE64B9195241553E710A442&utm_source=retarget&utm_medium=Ubidex&utm_campaign=Ubidex-20bet-EU-NotReg-popFTDCasino&utm_term=Ubidex-20bet-EU-NotReg-pop-FTDCasino&subid=22b222tvc4p1ntl340&label=655020_8A8C76A7BBE64B9195241553E710A442&redirect=https%3A%2F%2F20bet.com%2Fpromotions%2Ffirst-deposit-casino%3Fbtag%3D655020_8A8C76A7BBE64B9195241553E710A442%26utm_source%3Dretarget%26utm_medium%3DUbidex%26utm_campaign%3DUbidex-20bet-EU-NotReg-popFTDCasino%26utm_term%3DUbidex-20bet-EU-NotReg-pop-FTDCasino%26subid%3D22b222tvc4p1ntl340
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIZOQnx2zpnkrDHTVQDRsNisEuS11zF1GPyRtwU5qM8iz8RmKHgJuJnnlZXC6hRZ4M26c2U5dISGcO%2BEWhgSv0JMS0DQ%2B64FjVraKqfg0OVeGJ4xh600ULenuWSebUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e4a27a98df1bfa-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (55)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size