kbjfree.com/model/imzi95
104.21.234.27301 Moved Permanently 558 B IP 104.21.234.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (386)
Hash ae96259a7eef63731ff3e97aeddb07b5
bf3e43fbde135b04632650c629bc8ec0660f2724
3af5aae09e753e22fac98d6dc959b17d79dc32b68f09d2269b1cc99e3ed7d1be
GET /model/imzi95 HTTP/1.1
Host: kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 29 Jan 2023 20:46:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://kbjfree.com/model/imzi95
CF-Cache-Status: DYNAMIC
Server-Timing: cf-q-config;dur=7.0000023697503e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6PA5WHl%2FF2vY1MfJIEZpkIFKtvVLU3ac66TsbHTPz10NSe101bVuoIpGuCABKm2liFVAoq6QZMIoDLlesZbHCr9j%2BxptckQohdF7NWUW93CcUM3by3tzMK%2Bu4ki2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7914d13fcb5674e5-LHR
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4464
Expires: Sun, 29 Jan 2023 22:00:52 GMT
Date: Sun, 29 Jan 2023 20:46:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18528
Expires: Mon, 30 Jan 2023 01:55:16 GMT
Date: Sun, 29 Jan 2023 20:46:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 20:35:38 GMT
content-type: application/json
age: 650
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2450
Expires: Sun, 29 Jan 2023 21:27:18 GMT
Date: Sun, 29 Jan 2023 20:46:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O80q0yYdEUrzGeA63bO/SztmEiZbxR6TKdj/XetTHEWhNzZcZO0fD9V/EO++75cKMPemiO+B3Nk=
x-amz-request-id: KMN4XW3E4RZA7K2X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 19:50:27 GMT
age: 3361
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/A-DmUxAjLLo
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/A-DmUxAjLLo
IP 142.250.74.131:0
Hash 5f8f811a0b407c58f9673968317fefd0
f80b0cbebe920f7529f6142c7e29298c2e124e5e
aa7c7c32492dc7aaabf21b98be60f449f2f8a70be1df526efa81582f81e16d27
POST /s/gts1p5/A-DmUxAjLLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/A-DmUxAjLLo
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/A-DmUxAjLLo
IP 142.250.74.131:0
Hash 5f8f811a0b407c58f9673968317fefd0
f80b0cbebe920f7529f6142c7e29298c2e124e5e
aa7c7c32492dc7aaabf21b98be60f449f2f8a70be1df526efa81582f81e16d27
POST /s/gts1p5/A-DmUxAjLLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash dafbce9cddefb80f89431fae84911f5d
a96636b8fb6878ebe8365d02a0f1678228094371
e69f032d1b3eefff93077f5948673d83b806d67a2827490e43d2f764eaf493fa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5799
Cache-Control: max-age=127970
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:28 GMT
Etag: "63d6155f-118"
Expires: Tue, 31 Jan 2023 08:19:18 GMT
Last-Modified: Sun, 29 Jan 2023 06:42:39 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 20:41:41 GMT
age: 287
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/382598?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/spots/382598?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/382598?p=1&s1=%subid1%&kw= HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-length: 0
set-cookie: nauid=wenBuYpuqvTrcWOoX7yu; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/367117?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/spots/367117?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/367117?p=1&s1=%subid1%&kw= HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-length: 0
set-cookie: nauid=dyWfpRvk4jP4IztYGjlW; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
kbjfree.com/model/imzi95
104.21.234.26200 OK 15 kB IP 104.21.234.26:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32674)
Hash 72dd5c2c1cdbcf535990247ba8477a55
9ea074e3dbae8d9600b20a921a61581b7e267741
5e5f4e8eecf8d314ae87717acb77cf4665a249783492e85bcb678c46f9ec3147
GET /model/imzi95 HTTP/1.1
Host: kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VinMputnUOehTgagJ7iyQWBEsLOeN3xksXhxZNdUuote3IZcefQaaGGka9%2BtpgE9eQDJWW2Cx9mpAVo3UxB2LhwpL5hPRPF7koNBsD2yOS5Mh92reSI9iE078shjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d14259bd7780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/372358?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/spots/372358?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/spots/372358?p=1&s1=%subid1%&kw= HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-length: 0
set-cookie: nauid=J943p2zPz7Kg5KC0QGVq; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17071
Expires: Mon, 30 Jan 2023 01:30:59 GMT
Date: Sun, 29 Jan 2023 20:46:28 GMT
Connection: keep-alive
slave.kbjfree.com/api/click/6670658711781423095?c=90
135.181.208.216200 OK 1.4 kB URL HTTP/2 slave.kbjfree.com/api/click/6670658711781423095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 0b5984d3149456e13835f6b39ccde25e
0d1d16008b2da305bb7b23b095a4163728632638
149c46c9c008b33547c64742a4214e0c2734402fe3803b8dd5405dca2d2bd873
GET /api/click/6670658711781423095?c=90 HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://slave.kbjfree.com/api/spots/367167?p=1&s1=%subid1%&kw=
Cookie: nauid=tdDVsKvJORRuEOUu0px1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png
104.22.59.221200 OK 44 kB URL HTTP/2 cdn.pncloudfl.com/pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png
IP 104.22.59.221:0
Hash 8c88ccf3f12914fe8f91e0cdb3f08e10
93739504373956c4b24dc51130ba05168e9bfba4
1074b865bd166fb2c14fd987ba7c4b7a38631d7bdc92218301096ccb85f41aa8
GET /pn/b0a/10a/a6c/b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.png HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: image/webp
content-length: 26892
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=70331
content-disposition: inline; filename="b0a10aa6c9f37143f4a63e2bb1bfb8be79b3ef4b.webp"
etag: def74d9769fe75363891a2868865d99a
expires: Mon, 30 Jan 2023 21:53:32 GMT
last-modified: Tue, 22 Nov 2022 09:19:36 GMT
vary: Accept
x-openstack-request-id: txa3bf70e532dd40ea8f5b2-00637c9634
x-proxy-cache: HIT
x-timestamp: 1669108775.40440
x-trans-id: txa3bf70e532dd40ea8f5b2-00637c9634
cf-cache-status: HIT
age: 82376
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7914d146ec470b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 21 kB IP 172.64.155.188:0
Hash dc62c04b0d28830fd5d4254dc5798b58
7de03fed4e4a6a58343b183b28cb33e451630fc9
829b57b9704be66d34c6135213017b57ced7959407da976f6fc67728df1d7cac
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 12:04:34 GMT
Expires: Sun, 05 Feb 2023 12:04:33 GMT
Etag: "3d59e03fe3cf39eb032e8cc704218f4545460761"
Cache-Control: max-age=572884,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7914d146cd990b31-OSL
c.adsco.re/
104.17.167.186200 OK 28 kB IP 104.17.167.186:0
File type ASCII text, with very long lines (2151), with no line terminators
Hash 5de8408dccd745e0d015a0e851def8f5
00c0d2419c82d33a1f8dc3ee2f668b4016c89e9a
7e4a0301c8a5864da78fee2374a40a398543e11554c38acb0b8bbf00bb70b8d2
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 01 Mar 2023 20:46:28 GMT
etag: W/"xkCBFtC0Wl/JiS60JFipuQ=="
cf-cache-status: HIT
age: 2415149
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d1471fc90b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.81.157.247101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.157.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wp2CoXj/C9E+L4tLFJc5kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fdzjIxg2vXINMzZ3rwUq57rkiUk=
krjxhvyyzp.com/solid.gif?z=1949863&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 krjxhvyyzp.com/solid.gif?z=1949863&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1949863&abvar=0 HTTP/1.1
Host: krjxhvyyzp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:29 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
iifvcfwiqi.com/chicken.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 iifvcfwiqi.com/chicken.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2301291546d0cf5a69b9464dbeb1cd63d7fc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:29 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMMIAAAAAAAAAAB; Path=/; Expires=Tue, 28 Feb 2023 20:46:29 GMT; Secure; SameSite=None
OACIBLOCK=ACMMIAAAAABj1tBA; Path=/; Expires=Tue, 28 Feb 2023 20:46:29 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Mon, 30 Jan 2023 20:46:29 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
iifvcfwiqi.com/whob.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 iifvcfwiqi.com/whob.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1949853&pb=cc6499df63f84ab8d266099fe930d3ce1675032388&psp=pd-y4ayG-eTT208JHUKEqq8YcZpFGPivP84gXsYWbdiL9OenU5hQVhSGVP1-fGRGIMmxQTDK2bTtTgdKtNX5ipq6xvZtRX3_mnwloms_I1X3mIDMf1-cpkxqO8IRy9VecuV66oEHLRHf47wZCyN21vtWehS-GVG97swNBajyNAYyYuU_iGHVaiBTdG8NN5z99d-g4Qwnvvy91dQiOjA89uoM_7nRVYXVEhcRM7fsgNCYSYFGP1s9b_wQQ1au5dNkhNY88GleVa3-OZyktWVMPccziJXifMQipoDzX2E6FzghE9CyRuLX5Y6l3lembjuiHXV0H1CL8FcomNMT5iUEa5jU2H7AFUbHfI7iC7n6ItsjnJckbIXDwnawsoepggCBDw5hH5pGwon2JZiRHfkYjquTSvUY_nuIGEaBq18wUSL-BR1Kb7n7Q5NA9dBPCHIbYM5UKGhxxKsKQERq45siK4apVKvGFspEKREqMVO5jT7PDhpMtlApTCWY1RY4dKH_rncDn1oCCWBk3gVnBYhFBPJVBWjSQoaP4IRpgUSaVw-HTOL0nJMxK3_dLdTlrSUkHqtWcA5gT-ACfM_RLO8A_kxLQFcafiidnJauxLgcI2YxtABzU_8nMmAHTRWPSY02hKWCb5CwfdU6jmVpKO_5DDhVbpIKF24H3TiS_F4RYlSEoOWMpybgcnpUex8fmWhFbIEtjjo3vmv10APw3KIdewYxgxItL-t6EJ9IKGzWMtbGXQn6kdSZfDAnu5ypRjN848tNVSLw6TUV7Wxk-wEDQ8k56eQJGcDxZB1UI2AxzyGaUn-cMRv1lrjZk2P1gOftYo5r52kGQgjgTPOvf5k-rsG-QzmY25Hr3fEo_-kYW-wIHLj4A0WUhoQXmKARu4BuV-zGlJMBeIx8iqAgnvtFqCaRF7EUGXTuRXNSdjyLHQCLk1LW22PFXAVp66HBR74aM6svTxDneinJuQrD&abvar=0&os=0 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2301291546d0cf5a69b9464dbeb1cd63d7fc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:29 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:29 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://kbjfree.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d14c4cc4b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.248200 OK 2.8 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6203), with no line terminators
Hash 42a17f78147542590c4a1b202ae047a2
1b7c3febd6d78db758c2bc76280f371ac2456d5d
f32f5f471ddf54a6a139464d6eb9a581b911536cadd6fd0c4c1b585827631a3f
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 326
Origin: https://slave.kbjfree.com
Connection: keep-alive
Referer: https://slave.kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 20:46:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://slave.kbjfree.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d6db25b1c5f1.378243011294171488%22%3B%7D; expires=Tue, 28-Jan-2025 20:46:29 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 50cfe810d4623fe528394d026d8e0b2f
8c7425da9a60d48a4285592c194b5ff8ecf8ed51
6c3866d962e63adb77b6024ca55515e04ed1926eaf8d4c9cf97b7050d33afe58
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C3866D962E63ADB77B6024CA55515E04ED1926EAF8D4C9CF97B7050D33AFE58"
Last-Modified: Sun, 29 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2890
Expires: Sun, 29 Jan 2023 21:34:39 GMT
Date: Sun, 29 Jan 2023 20:46:29 GMT
Connection: keep-alive
dzjzvm7fxwqq.l4.adsco.re/
185.200.118.90200 OK 0 B URL HTTP/1.1 dzjzvm7fxwqq.l4.adsco.re/
IP 185.200.118.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: dzjzvm7fxwqq.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:29 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
Connection: close
ETag: "5b60dfaf-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://kbjfree.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PW04DMQy8ChfYyHbsxOk3/IJU1ANs9oEELSBWQlSaw5MNKp4Pj+wZP4QkDsSDlDu2g6aDFBQOhYJKYFM8Ph2hjHHePq8v53HbwvRxgWWz1pTiFB1ZlNShUSmrgqlxz5SstVKOYnuBEEENYrFpGgtEjGw4Pd/j4XQEB3K1WxICuG/faRsK+tnta7TKy2S5WC15nKLMrrOWRJYWd9mF2M7j9xLe6uv6tSz9YPrDPrs0idwKDQP31ILQ2bhd3yfgXxD7ubDuimBtvzCQZJ6Xauvqk5dscy2WnDSzrzF5HX8ByVPMCFsBAAA=
95.211.229.248200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PW04DMQy8ChfYyHbsxOk3/IJU1ANs9oEELSBWQlSaw5MNKp4Pj+wZP4QkDsSDlDu2g6aDFBQOhYJKYFM8Ph2hjHHePq8v53HbwvRxgWWz1pTiFB1ZlNShUSmrgqlxz5SstVKOYnuBEEENYrFpGgtEjGw4Pd/j4XQEB3K1WxICuG/faRsK+tnta7TKy2S5WC15nKLMrrOWRJYWd9mF2M7j9xLe6uv6tSz9YPrDPrs0idwKDQP31ILQ2bhd3yfgXxD7ubDuimBtvzCQZJ6Xauvqk5dscy2WnDSzrzF5HX8ByVPMCFsBAAA=
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PW04DMQy8ChfYyHbsxOk3/IJU1ANs9oEELSBWQlSaw5MNKp4Pj+wZP4QkDsSDlDu2g6aDFBQOhYJKYFM8Ph2hjHHePq8v53HbwvRxgWWz1pTiFB1ZlNShUSmrgqlxz5SstVKOYnuBEEENYrFpGgtEjGw4Pd/j4XQEB3K1WxICuG/faRsK+tnta7TKy2S5WC15nKLMrrOWRJYWd9mF2M7j9xLe6uv6tSz9YPrDPrs0idwKDQP31ILQ2bhd3yfgXxD7ubDuimBtvzCQZJ6Xauvqk5dscy2WnDSzrzF5HX8ByVPMCFsBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://slave.kbjfree.com
Connection: keep-alive
Referer: https://slave.kbjfree.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d6db25b1c5f1.378243011294171488%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 20:46:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://slave.kbjfree.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22108.0199%22%7D; expires=Tue, 28 Jan 2025 20:46:29 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
krjxhvyyzp.com/get/1949863?zoneid=1949863&jp=_clz839l0j8ixt44gxq4ymy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924524218513927
62.122.171.6200 OK 22 kB URL HTTP/2 krjxhvyyzp.com/get/1949863?zoneid=1949863&jp=_clz839l0j8ixt44gxq4ymy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924524218513927
IP 62.122.171.6:0
Hash e7796f6de17025857fb15a4c5d478c31
def4b732d719b466d2bb555ca75ec903e74355f1
d62d815631a75031c9ee41c1dd99f0728d762483e791064756430adeeb222e15
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1949863?zoneid=1949863&jp=_clz839l0j8ixt44gxq4ymy&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&sp=0&cid=2924524218513927 HTTP/1.1
Host: krjxhvyyzp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:29 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2301291546ecd76a652f6d47519e4bcbebf5; Path=/; Expires=Mon, 29 Jan 2024 20:46:29 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6df7fd0b017060ca8a14c1a934f73aea
2ad8e0fcedf20fa53b06bcd7e123f030323dbe31
68153dcb9eaef79ad38562654a678c379f960f40b270e1f87e408dc90bdf1032
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68153DCB9EAEF79AD38562654A678C379F960F40B270E1F87E408DC90BDF1032"
Last-Modified: Sun, 29 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15370
Expires: Mon, 30 Jan 2023 01:02:40 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
dzjzvm7fxwqq.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 dzjzvm7fxwqq.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: dzjzvm7fxwqq.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:30 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
slave.kbjfree.com/cZMbZw3.js
135.181.208.216200 OK 52 kB URL HTTP/2 slave.kbjfree.com/cZMbZw3.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d1389de1d02acc58520f9046976a735c
9ca88015aff66ff083595ba3775115e948a676a2
c8a8dfe8f6dc661d875b0d88ff12d81343e062fa513c1724e4ec1a7ca8cf2e3e
GET /cZMbZw3.js HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: nauid=tdDVsKvJORRuEOUu0px1; __cf_bm=KFYSjzNQyl374csZtNVlABgyLYt7qKENnDdf5kkUA74-1675025189-0-Af22x1mHSEtq8fcqoquv33jp+6xEXW9sulaGykxewHc+V8DaljHAHnTNbpX3bQMY33aSVtLQqY3cXPrHdFMkJokyKbc9I/BCvdpjq9Srf+cFB/NdAHmFRfG2FRB1EGRypolUzS8upA563G4aaYF/sVc=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0edd9f6bc061f9d64e77285b1cac290c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: iM0UsqfDqoHUnY2OujQK--8j4pBMWW1PxO4iSggaYSgfbtWMIV4_2w==
age: 3156455
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3099
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3099
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:26:16 GMT
age: 55214
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57ff6665d99a17d06b75c8fe64c90ab3
05648eed6830a794aa7e30ba4da526ed4c45b0ca
728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9qRYwsM8g7XZPY2E-9puCMAp7VKUvdIiK8jA0wr0XSpnMScoQYCwGw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:47 GMT
age: 82783
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 77706
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 17:35:56 GMT
age: 11434
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/images/close-icon-circle.png
185.76.9.19200 OK 405 B URL HTTP/2 s3t3d2y8.afcdn.net/images/close-icon-circle.png
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bc8bf5d1633e548e9a178bf29be30b7b
bd290b6eabd73d2c95db053620797503e9178484
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb
GET /images/close-icon-circle.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: image/png
content-length: 405
last-modified: Wed, 29 Jun 2022 13:13:10 GMT
etag: "62bc4fe6-195"
expires: Fri, 30 Jun 2023 18:46:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195221
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1kZmz/ET4YAQ
x-77-nzt-ray: c0a4cc28ea4ae30826dbd6639e7bc020
x-cache: HIT
x-age: 18365969
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 006881f6132fe357bf26df0900205458
626f4d6ccc0aca7d3c7924c1a5ed9bf4de544fa7
70ad0f38e41eae365ed6078e44f6bd60bbee11172ff1af85b0d9f63de349c63e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70AD0F38E41EAE365ED6078E44F6BD60BBEE11172FF1AF85B0D9F63DE349C63E"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18079
Expires: Mon, 30 Jan 2023 01:47:49 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 1.2 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f9b155c395a1def5758dc3835354522b
098e5c8db84fc50877af9a7cf179d9c4970273d6
1bc478930e316f2504951578d9fc8887dbc6c2358421b32456b0fd1615dda3cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3099
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3099
Expires: Sun, 29 Jan 2023 21:38:09 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 55341
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e455009f988d157e30b6f28e78d895f7
defdf2c35fb386e12f42905bbbe2e71c230116b8
b66f5e4bbab7bc1a7f9a30e41fb6a26e57c5e60dba345422e99d9945fe9d783a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B66F5E4BBAB7BC1A7F9A30E41FB6A26E57C5E60DBA345422E99D9945FE9D783A"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4088
Expires: Sun, 29 Jan 2023 21:54:38 GMT
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 77642
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
syndication.realsrv.com/ads-iframe-display.php?idzone=4737578&type=728x90&p=https%3A//kbjfree.com/model/imzi95&dt=1675025199434&sub=&tags=&screen_resolution=1280x1024&sticky=1&cookieconsent=true
95.211.229.248200 OK 521 B URL HTTP/1.1 syndication.realsrv.com/ads-iframe-display.php?idzone=4737578&type=728x90&p=https%3A//kbjfree.com/model/imzi95&dt=1675025199434&sub=&tags=&screen_resolution=1280x1024&sticky=1&cookieconsent=true
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (518)
Hash 568cda0caa599c642eb6ba96e9a6f50c
8ba5e70bffd402c77242cacccc26cfbe1a470ddb
1f13861bfede2302cd9a92aa7353a41d2d140c1ffd7e05012d75c9741cf16d2a
GET /ads-iframe-display.php?idzone=4737578&type=728x90&p=https%3A//kbjfree.com/model/imzi95&dt=1675025199434&sub=&tags=&screen_resolution=1280x1024&sticky=1&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d6db25b1c5f1.378243011294171488%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22108.0199%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 20:46:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d6db25b1c5f1.378243011294171488%22%3B%7D; expires=Tue, 28 Jan 2025 20:46:30 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmrxbrnxgxamrexbxacgeicxbmsbcenxgxamclarlmmgeimmccrbebnxgxamcbexxbmgeioslmrxbmnxgxamclarlmmgeicxbmsbocnxgxamclbraeegeimmccrlaonxgxamccxobsegeimmccrlacnxgxamcmlarclgeicxbmsboenxgxamclrbcelgeioslmrxlrnxgxamslescrogeimmccrbxenxgxamclarlmmgeislsaroornxgxamccolacbgeioslmroemnxgxamclrbcrogeioslmrxlsnxgxamclrbcelgeicmmsxrbonxgxamsoeamlmgeimmccrlaenxgxamcberosogeimmccrbeanxgxamcssabxegeicaocmrmanxgxamolcrcergeimcclsxronxgxamsscrmclgeimcclsxmenxgxamrexbxacgeialbserebnxgxamccrrssogeimcclsxaonxgxamsxsxllxgeicxbmsbxcnxgxamrexbxacgeimrblxebenxgxamselmborgeimcclsxconxgxamsbremaegeirbabxabbnxgxamcbexxbmgeimcclsxacnxgxamsscrmclgeicmmsxaeenxgxamcmrmsrmgeialbsereanxgxamsoeabscgeicaxsscmbnxgxamsosomemgeimcclosconxgxamcxbemmxgeimcclsoeonxgxamcbcebxbgeimcclsxlcnxgxamrexbxacgeimcclossbnxgxamcscxaesgeimcclsxscnxgxamsmoooeegeimcclsxlenxgxamcbrorxbgeimaecseaenxgxamsmoooeegeimaecsxcbnxgxamsmoooeegeimcclsxoanxgxamclrbcelgeimcclsxlbnxgxamcrbalrageimccloscanxgxamclrbcrogeiclsmrbsonxgxamsmmrbmbgeiclsmarsenxgxamsmmrbmbgeiccmmllebnxgxamclarlmmgeimcclsxsbnxgxamclrbcxbgeiclsmrbxonxgxamsbebceegeiclsmrbxcnxgxamsbebceegeiclsmarscnxgxamsbebceegeiccmmlmlcnxgxamsbebceegeiclsmarrenxgxamsbebceegeicaormbaonxgxamsbxxbsrgeicaormlrenxgxamcememscgeimcclsxlonxgxamcsmlmxcgeimrblelronxgxamsbremaegeimaecsxobnxgxamsbremaegeiclsmrbrcnxgxamsbroemmgeiclsmrraanxgxamclsslaegeiclsmrmxbnxgxamsbroemmgeimccloscenxgxamsbmrxregeimcclsxxonxgxamslescrogeimrblelxbnxgxamslescrogeimcclsoeenxgxamclrbcelgeimrblelmonxgxamcxcrasxgeimrbleloenxgxamcxcrasxgeiclsmrrmanxgxamcxabcxbgeiclsmrbeonxgxamcxabcxbgeiclsmrrcenxgxamcxabcxbgeiclsmrmxanxgxamcxabcxbgeiclsmrbxenxgxamcxabcxbgeiclsmaroonxgxamcxabcxbgeialbserxenxgxamcosraregeimcclsxsenxgxamclxcsocgeimcclsxlanxgxamcblrlbcgeiccmmlleanxgxamccrrssogeicaormlabnxgxamcrllsmageicaormlconxgxamcrllsmageiclsmarsonxgxamclsslaegeiclsmrmlbnxgxamclsslaegeiclsmrmocnxgxamclsslaegeiccmmllecnxgxamclsslaegeimxlbalscnogxamclsbboogxcceimromobabnxgxamclsblcmgxcceimbbcemobnsgxamclcelrlgxcceimxlbmosanrgxamclcasocgxcceimxlbmoconogxamclcasocgxcceicmarxbbonsgxamclcboecgxcceimclsaoxbncgxamclcbamegxcceimbbcemoancgxamclcbllogxcceimmraexoenxgxamclrexlegxcceimmraexxanxgxamclrexlegxcceimmraexsenxgxamclrexlegxcceimaooloranxgxamclrexlmgxcceimrsbrelonxgxamclrreosgxcceimabcabaonxgxamclrreosgxcceimsleoaronxgxamclrreosgxcceiceecmorsnxgxamclrassmgxcceimcclsxcanxgxamclrbcelgeimrblelcenxgxamclrbcelgeimaecsxrcnxgxamclrbcelgeimxlbalcensgxamclrbcxbgxcceimxlbmxbbnsgxamclarlmmgxcceialbserxonxgxamclarlmmgeimcssmlronsgxamclarlmbgxcceimxlbalsbnsgxamclarlmbgxcceimrmaobxanxgxamclamoelgxcceimromobmenxgxamclamoxlgxcceimxlbmoobnogxamclabecmgxcceimaoolslanxgxamclabblogxcceimbmlselenxgxamclmmlcxgxcceimbamerlbnxgxamclmmlcxgxcceimexxlrbenxgxamclbsslxgxcceimbmlselonxgxamclbsbbcgxcceimbmlsebbnxgxamclbsbbcgxcceimbrsslsansgxamclbslcegxcceimrmbbobcnxgxamclbrralgxcceimxlbmoscnogxamclbraeegxcceiaaxcambbnxgxamclbraeegxcceimxxrecsanxgxamclbraeogxcceimxlbmosenogxamcllxaobgxcceimbclraronogxamcllxaobgxcceixaoossalnxgxamreerlargxcceimxeemlxcnxgxamreerlargxcceimbmmcllonxgxamreebbcogxcceimoobcomanxgxamreebbcogxcceimoobcobenxgxamreebbcogxcceialrexeoonxgxamreellmbgxcceircmbbroanxgxamrexxxaogxcceimbscxmxanxgxamrexxxaogxcceirrmlllronxgxamrexxxaogxcceimbscxmoanxgxamrexxxaogxcceimcssmlrcnsgxamrexxxaogxcceimeembecenxgxamrexslclgxcceimeembescnxgxamrexslclgxcceimbmmreecnxgxamrexrlsegxcceimxlbmosonogxamrexaoxsgxcceimboslabanxgxamrexaoxsgxcceimbsblroanogxamrexabcagcbeirreacmsbnxgxamrexabcagxcceimcssmlrensgxamrexabcagxcceimxlbmxlonsgxamrexmrecgxcceimxlbmxlcnogxamrexmrecgxcceimxxerrecnxgxamrexmrecgxcceimxxerreanxgxamrexmrxmgxcceimmraexoonxgxamrexmmccgxcceimeembesonxgxamrexmmccgxcceimmcmerrenxgxamrexmmccgxcceimxeemblanxgxamrexbxargxcceimromobacnxgxamrexbxmegxcceimaoolcoonsgxamrexblosgxcceimxlbmoaonxgxamrexblosgxcceimxlbmxlenogxamrexllbogxcceimbbmsoxanxgxamreoslobgxcceirarrrcaenxgxamreoceexgxcceimxxerrxenxgxamreoceexgxcceimsacexoonxgxamreoceexgxcceimamsorebnxgxamreorxblgxcceimaoobbebnxgxamreorxlegxcce; expires=Mon, 30 Jan 2023 20:46:30 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.buypass.com/
23.36.76.129200 OK 1.7 kB IP 23.36.76.129:0
ASN #20940 Akamai International B.V.
Hash 1e9fba2f017e1a19cf161e74f120fd84
8485a11621016ca4e6a437e26be46b66c8eb8393
5ac3ae4af40c3f31a5d00250ad914e72f56c653c8cff5328a27a23009cb5404a
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 219423b6-0354-4008-b343-8e9493272495
Content-Length: 1701
Date: Sun, 29 Jan 2023 20:46:30 GMT
Connection: keep-alive
adsco.re/p
162.252.214.5200 OK 412 B IP 162.252.214.5:0
File type ASCII text, with very long lines (487), with no line terminators
Hash 0e891f23b5fce066091f51783c5bd7d0
4a40981ec71994992e1cd092ccf84d79e1817733
a887c17a1e74e121e5f66e0558928b5fb620e38fb44e15263427fa8d93ea4ea2
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1749
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://kbjfree.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
d2qnx6y010m4rt.cloudfront.net/?yxnqd=957413
54.230.245.105200 OK 69 kB URL HTTP/2 d2qnx6y010m4rt.cloudfront.net/?yxnqd=957413
IP 54.230.245.105:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash 8c4856732537f2308567997e84f5b5de
36725d75135608d95157bfa7dba63f5a61d53309
59a9c7f9eaed227df90b13eeaed7d12f435060862540d659396c3e7a31038e08
GET /?yxnqd=957413 HTTP/1.1
Host: d2qnx6y010m4rt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 68581
date: Sun, 29 Jan 2023 20:46:30 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GqeeZWmf1K07LEvx0MNjoIQEUNmY27p_AAg0PX-BO1li0krBHQ0c9g==
X-Firefox-Spdy: h2
dzjzvm7fxwqq.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 dzjzvm7fxwqq.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: dzjzvm7fxwqq.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:30 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
js.wpadmngr.com/static/adManager.m.js
45.133.44.24200 OK 77 kB URL HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash 675a54a67f5f887d4473d7560300572d
dc058a06d01163a53e51e94f03e306aa7d576b9e
f79f9eb57de626132933220246c8c4adcbb71270e710fa3bfb54124da3fab695
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Sun, 29 Jan 2023 20:51:31 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
slave.kbjfree.com/Ai9bKAa.js
135.181.208.216200 OK 83 kB URL HTTP/2 slave.kbjfree.com/Ai9bKAa.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65503), with no line terminators
Hash 30e53b2f20a151390365ae7f5433cda7
d573c0e54e36996fc820f0e9e6962bfa9a6908dc
68938a4509cd100bfef2596817fe977369b9932fadd5b5861fe6b3295de3043b
GET /Ai9bKAa.js HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: nauid=tdDVsKvJORRuEOUu0px1; __cf_bm=KFYSjzNQyl374csZtNVlABgyLYt7qKENnDdf5kkUA74-1675025189-0-Af22x1mHSEtq8fcqoquv33jp+6xEXW9sulaGykxewHc+V8DaljHAHnTNbpX3bQMY33aSVtLQqY3cXPrHdFMkJokyKbc9I/BCvdpjq9Srf+cFB/NdAHmFRfG2FRB1EGRypolUzS8upA563G4aaYF/sVc=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 11:24:59 GMT
etag: W/"63761a0b-478b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3a4d5aad46ae3a82da414d69565389aa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: hk94NG922sC4fLtdIxNn1SK3d4_HpVjj6t4hASOazqdBqRWIySbUtw==
age: 4324360
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
krjxhvyyzp.com/solid.gif?z=1949863&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 krjxhvyyzp.com/solid.gif?z=1949863&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1949863&abvar=0 HTTP/1.1
Host: krjxhvyyzp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: UID=2301291546ecd76a652f6d47519e4bcbebf5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afcnuchxgo.com/i/npage/1949856/code.js
62.122.171.6200 OK 62 kB URL HTTP/2 afcnuchxgo.com/i/npage/1949856/code.js
IP 62.122.171.6:0
Hash 4c08642d12199c1146e6d6668ac1ebf2
bb22ccc49a51ce7cc9ce2c31803889e2c0ce27e8
ed0e4120ac9568b3061f062eb40c3a9182e145b38f4f18eba19e896e11fda1cb
Analyzer Verdict Alert quad9 Sinkholed
GET /i/npage/1949856/code.js HTTP/1.1
Host: afcnuchxgo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 13:21:09 GMT
vary: Accept-Encoding
etag: W/"63d27e45-34b3e"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 835902550bc5895276a69790390691b9
35ffcb1e2405aad7437593609d6ea2f603eeecce
c634a845e73cf24092bbede0232dd628ac6e1ff765c40e003d12ec7472fb8d80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C634A845E73CF24092BBEDE0232DD628AC6E1FF765C40E003D12EC7472FB8D80"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5875
Expires: Sun, 29 Jan 2023 22:24:26 GMT
Date: Sun, 29 Jan 2023 20:46:31 GMT
Connection: keep-alive
afcnuchxgo.com/get/1949856?zoneid=1949856&jp=_clu5vcfrrk4tawtqvz5vd4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487474172059328
62.122.171.6200 OK 3.7 kB URL HTTP/2 afcnuchxgo.com/get/1949856?zoneid=1949856&jp=_clu5vcfrrk4tawtqvz5vd4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487474172059328
IP 62.122.171.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6412), with no line terminators
Hash 87d282141ae72855d38d24a40a79a501
deaf202708490db802f53871a63e88736c3842a1
32e23c456ad51dc311f55992b32e204ba825069dd5d9feb545761f4734c7dee3
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1949856?zoneid=1949856&jp=_clu5vcfrrk4tawtqvz5vd4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3487474172059328 HTTP/1.1
Host: afcnuchxgo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=23012915463085bbb3dea94dc2bfb0a0f7a1; Path=/; Expires=Mon, 29 Jan 2024 20:46:31 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
go.xlivrdr.com/smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpsosqstdZXPPbbLa6V1k9qrpXXXOpmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumdXRtXtpPVpNrVxNHRZbPTRLNNPdTNZNTba62q6WnPXayeuiXa3Wy6uyzfee2aW3W7e10rvdPOCb7x6h_dNPbKqaWelzpXSuldK6V0rpXSulcH2A--&p1=5304198&trackOff=1&kbLimit=1000
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpsosqstdZXPPbbLa6V1k9qrpXXXOpmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumdXRtXtpPVpNrVxNHRZbPTRLNNPdTNZNTba62q6WnPXayeuiXa3Wy6uyzfee2aW3W7e10rvdPOCb7x6h_dNPbKqaWelzpXSuldK6V0rpXSulcH2A--&p1=5304198&trackOff=1&kbLimit=1000
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304198&memberId=ooddNHdLHTPHNVS4ASOpsosqstdZXPPbbLa6V1k9qrpXXXOpmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumdXRtXtpPVpNrVxNHRZbPTRLNNPdTNZNTba62q6WnPXayeuiXa3Wy6uyzfee2aW3W7e10rvdPOCb7x6h_dNPbKqaWelzpXSuldK6V0rpXSulcH2A--&p1=5304198&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.realsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 20:46:31 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=50b9925e88f6daf2eabd88c0fb66ee5504f4db44cc1c7d25b3959304ad843f5a&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=380093&kbLimit=1000&masterSmartpopId=1914&memberId=ooddNHdLHTPHNVS4ASOpsosqstdZXPPbbLa6V1k9qrpXXXOpmdQ6mV0rpXSunqoppdK6V0rpnSuldK6V0zpXSumdXRtXtpPVpNrVxNHRZbPTRLNNPdTNZNTba62q6WnPXayeuiXa3Wy6uyzfee2aW3W7e10rvdPOCb7x6h_dNPbKqaWelzpXSuldK6V0rpXSulcH2A--&p1=5304198&quality=optimal&ruleId=17&smartpopId=7197&sourceId=5304198&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67569691.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo87J2w86VTkpkL; SameSite=None; Secure; path=/; expires=Mon, 30-Jan-23 19:46:31 GMT; HttpOnly
server: cloudflare
cf-ray: 7914d157dcfab4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
coonandeg.xyz/MHZBRTFRFCIoDlFLI2NEQhp8YAN2U3MDVQIHLz0HSUZwdVwEBDVrUlwZNCFXQhkvMR9eEzVgA3YFGw1zYTgEHHl4DHQWVGI3GwtwXFNzA2RlEioEeWI1Bix/Uj0DF392IHkgdVgREyFYcSUSEmB+MgJ0ZnozdSxmZTRzEnJTPQd3AWM/NiplUicXInNiJzgGaXo1AxF0ej02Nnp/ICY0c2YgKCZffj0QDWR3EioyeX8gLixyRxUrAGliIwksYGISBxdzaTQxd2BlOxIAaWIjAz9dURUHB2dpRRsvZ1s3LgRfejQQPXhiEgcUcnoeB3R7ZTAmBGZYIxYdHGUxJSJ8ZjtwfUFhIwgSc14sFxR2cTAlKWdmLyYUVnQnCHRkWR0iE2Z6DyV0Y3YQJhdWdSNwLRdaBS4rQQ0zKh1bWDcDI0cJQngPeA
108.157.229.88200 OK 1.2 kB URL HTTP/2 coonandeg.xyz/MHZBRTFRFCIoDlFLI2NEQhp8YAN2U3MDVQIHLz0HSUZwdVwEBDVrUlwZNCFXQhkvMR9eEzVgA3YFGw1zYTgEHHl4DHQWVGI3GwtwXFNzA2RlEioEeWI1Bix/Uj0DF392IHkgdVgREyFYcSUSEmB+MgJ0ZnozdSxmZTRzEnJTPQd3AWM/NiplUicXInNiJzgGaXo1AxF0ej02Nnp/ICY0c2YgKCZffj0QDWR3EioyeX8gLixyRxUrAGliIwksYGISBxdzaTQxd2BlOxIAaWIjAz9dURUHB2dpRRsvZ1s3LgRfejQQPXhiEgcUcnoeB3R7ZTAmBGZYIxYdHGUxJSJ8ZjtwfUFhIwgSc14sFxR2cTAlKWdmLyYUVnQnCHRkWR0iE2Z6DyV0Y3YQJhdWdSNwLRdaBS4rQQ0zKh1bWDcDI0cJQngPeA
IP 108.157.229.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3025), with no line terminators
Hash 7d1f22cbb2ae1703e7feeb1e541147b2
26c0f21f6231ffa83878d9603d837dd310e741f1
92a959c2baf54430819d3725f7059d10a99943c4572961851ee087d9f908ec4d
GET /MHZBRTFRFCIoDlFLI2NEQhp8YAN2U3MDVQIHLz0HSUZwdVwEBDVrUlwZNCFXQhkvMR9eEzVgA3YFGw1zYTgEHHl4DHQWVGI3GwtwXFNzA2RlEioEeWI1Bix/Uj0DF392IHkgdVgREyFYcSUSEmB+MgJ0ZnozdSxmZTRzEnJTPQd3AWM/NiplUicXInNiJzgGaXo1AxF0ej02Nnp/ICY0c2YgKCZffj0QDWR3EioyeX8gLixyRxUrAGliIwksYGISBxdzaTQxd2BlOxIAaWIjAz9dURUHB2dpRRsvZ1s3LgRfejQQPXhiEgcUcnoeB3R7ZTAmBGZYIxYdHGUxJSJ8ZjtwfUFhIwgSc14sFxR2cTAlKWdmLyYUVnQnCHRkWR0iE2Z6DyV0Y3YQJhdWdSNwLRdaBS4rQQ0zKh1bWDcDI0cJQngPeA HTTP/1.1
Host: coonandeg.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1178
date: Sun, 29 Jan 2023 20:46:31 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 1d542b221a74ce095eec8b4baabd68ca.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: fF6Cqw2i4jelgHqSOk1PT1l-WIa6ET5jRYaEmA8MWp5yZ2_2diVa7g==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 123e304ce1f66666cebdc611eac959ca
d7013c49efe72137e962a61a9cfc4600be9ea696
5409bf929a0d7beedba64b9d9cea4efa3df301045e38706669c02a0c9c24e19c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4991
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:31 GMT
Last-Modified: Sun, 29 Jan 2023 19:23:20 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
na.nawpush.com/tags/62851?version_name=d
45.133.44.24200 OK 914 B URL HTTP/2 na.nawpush.com/tags/62851?version_name=d
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (914), with no line terminators
Hash 2830c9fde5e089f8deab15986b604fd2
7d78dfde7ed390c9edb4df482d98284eabb0a004
45279b7fa082e14e0f44554c34c7379b817be67629f32d4055959d117fecfc39
GET /tags/62851?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: application/json
content-length: 914
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2
reerfdfgourgo.xyz/VVJHQkR6bSQxeTQKERYVPwAiE3YbYQMEdREzdAcKDQcFLiAUH2E2LTFvfndzYWZ1ZDQ8NnpzfHMhMyMwICF6c2I8PCEteXMkenNqZXx1bHZzJ3pzYiEiJiV5ZHQ3NjA5b3Z0c2BidXd2ZWJ0dHI
188.114.97.1204 No Content 0 B URL HTTP/2 reerfdfgourgo.xyz/VVJHQkR6bSQxeTQKERYVPwAiE3YbYQMEdREzdAcKDQcFLiAUH2E2LTFvfndzYWZ1ZDQ8NnpzfHMhMyMwICF6c2I8PCEteXMkenNqZXx1bHZzJ3pzYiEiJiV5ZHQ3NjA5b3Z0c2BidXd2ZWJ0dHI
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VVJHQkR6bSQxeTQKERYVPwAiE3YbYQMEdREzdAcKDQcFLiAUH2E2LTFvfndzYWZ1ZDQ8NnpzfHMhMyMwICF6c2I8PCEteXMkenNqZXx1bHZzJ3pzYiEiJiV5ZHQ3NjA5b3Z0c2BidXd2ZWJ0dHI HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 20:46:31 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22SekSFvj73h9odVN2SH30n18%2BZsLAmzXHP1yPr6inFwdRo%2B9jVDTUFPTJL2JwkCu8O1R8uuCBKtYjtLxy0s8eOeJcg2EaJCKCwGOv4peAPSYCEtze7qW1hnrtke6dAY8FpZOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d157be690b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/SrfVchP6P8U
IP 142.250.74.131:0
Hash 795f17a4efb2573fc585ba0a9588f99a
028c0c3aa8b4a8074a8f7be528327d35ee299b7e
84ab72e30738f6c2870d2785435469d42888484bc666b6d02569f2ce870c2728
POST /s/gts1p5/SrfVchP6P8U HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reerfdfgourgo.xyz/ODZyMDYXCRFDC1xuGQV7fQ88ZHdffhdbbHV1FWoEbHNKenRwRVREX1wLSwUBDAdBFkZRUk8BEEtCE0RDSwtDFl9WUB0NEE4LQx4FDBhBARgKEAcNBx5CAlFRBQdUQEJMWk8BAA8DQgIDCgZCAwIK
188.114.97.1204 No Content 6 B URL HTTP/2 reerfdfgourgo.xyz/ODZyMDYXCRFDC1xuGQV7fQ88ZHdffhdbbHV1FWoEbHNKenRwRVREX1wLSwUBDAdBFkZRUk8BEEtCE0RDSwtDFl9WUB0NEE4LQx4FDBhBARgKEAcNBx5CAlFRBQdUQEJMWk8BAA8DQgIDCgZCAwIK
IP 188.114.97.1:0
Hash 7d14c6d06a6075d413d43d381c992eba
49bdfc1145f7c7a7bf870f069b9d23a97966cb30
f48bd14f1f30b485d99a2904d06cbd9fa03ccaa5779105a3d3cf963edb2ac385
GET /ODZyMDYXCRFDC1xuGQV7fQ88ZHdffhdbbHV1FWoEbHNKenRwRVREX1wLSwUBDAdBFkZRUk8BEEtCE0RDSwtDFl9WUB0NEE4LQx4FDBhBARgKEAcNBx5CAlFRBQdUQEJMWk8BAA8DQgIDCgZCAwIK HTTP/1.1
Host: reerfdfgourgo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 29 Jan 2023 20:46:31 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsIdjMQmFAkadZnU5BjPhPCx%2F0W6TOHYVw9KxKu%2FT7IGKB%2B2gNUbC7mogDA0ooXRipFqKlCeEYG45CqOCCJ6c0bWanmu21QjOGWDgkcYwXnGPgf7TxCO3UImODel0tssK5jItg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d1581ee40b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 76283f8e55a9fe58bd85aec83ec62eef
ad5eeb2e8a76a56ba141c9b92fd13ef7f44b4371
893ad6423e820dea7e4ec92dc7460794fb9d2eeea5295d2d463ffdf170fd5375
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 20:46:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 21:23:11 GMT
Expires: Sat, 04 Feb 2023 21:23:10 GMT
Etag: "ad5eeb2e8a76a56ba141c9b92fd13ef7f44b4371"
Cache-Control: max-age=519998,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7914d15798950b31-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aa43cdf50ca744f0d96f87a11aaa2b68
7d473c20639cf1b7bf1db55c4c2fb4f560f9c27b
7dcbf803f207d81a1611037ff8ee73cbc6d158bc4acd77aab1a1c80a7c8c87c0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DCBF803F207D81A1611037FF8EE73CBC6D158BC4ACD77AAB1A1C80A7C8C87C0"
Last-Modified: Sat, 28 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2446
Expires: Sun, 29 Jan 2023 21:27:17 GMT
Date: Sun, 29 Jan 2023 20:46:31 GMT
Connection: keep-alive
d2qnx6y010m4rt.cloudfront.net/mY1VVdkUAOjsQehc8MUt8VmJhR3ZFPyYZKxNoAiUNBwMdAik2LSYgYxcvMUt1RTk0GCJeczAYJl5kcxchAWhhUDETOj5LMho8LAIzCjY0A2MWNGgbKhk8ORokRmcTQ2tTcGdGbRQ8OxIqFCZwRHUNIXBEdVJle0ZgUBdwRHUUPDtAcUZmF1N3Uy1jQmBQF3-BEdREjcEUEUmVgWHVKcGdGIgY2PhlgURNnRnRTZWRGdEZnZRAsETAzGT1GZxNHdVZ7ZVAwXmQ
54.230.245.105200 OK 461 B URL HTTP/2 d2qnx6y010m4rt.cloudfront.net/mY1VVdkUAOjsQehc8MUt8VmJhR3ZFPyYZKxNoAiUNBwMdAik2LSYgYxcvMUt1RTk0GCJeczAYJl5kcxchAWhhUDETOj5LMho8LAIzCjY0A2MWNGgbKhk8ORokRmcTQ2tTcGdGbRQ8OxIqFCZwRHUNIXBEdVJle0ZgUBdwRHUUPDtAcUZmF1N3Uy1jQmBQF3-BEdREjcEUEUmVgWHVKcGdGIgY2PhlgURNnRnRTZWRGdEZnZRAsETAzGT1GZxNHdVZ7ZVAwXmQ
IP 54.230.245.105:0
File type ASCII text, with very long lines (652), with no line terminators
Hash 21bba0adc4a1a88813331b4ed779feea
82bb48fa051df4a3147234d2222222bd3a3ee453
5daffdaf56f6a81a7ae46a61a58817d0546851ff95f232eac8eef3fe3fe38359
GET /mY1VVdkUAOjsQehc8MUt8VmJhR3ZFPyYZKxNoAiUNBwMdAik2LSYgYxcvMUt1RTk0GCJeczAYJl5kcxchAWhhUDETOj5LMho8LAIzCjY0A2MWNGgbKhk8ORokRmcTQ2tTcGdGbRQ8OxIqFCZwRHUNIXBEdVJle0ZgUBdwRHUUPDtAcUZmF1N3Uy1jQmBQF3-BEdREjcEUEUmVgWHVKcGdGIgY2PhlgURNnRnRTZWRGdEZnZRAsETAzGT1GZxNHdVZ7ZVAwXmQ HTTP/1.1
Host: d2qnx6y010m4rt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 461
date: Sun, 29 Jan 2023 20:46:31 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fkJekXDkPVLQd5M2V_U7c-VD4P8U_s_KLKHJWqVnYcwUbGfSuMtD8w==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16b7e77cfb161d3f0957b1f1936a6352
a7d7cdae0d0c99f2cf91d865daceb3c814506af3
6d4b3b369973ec47f2edcff3cc95e685f11a05ace3dacbe94fbee6749ad94552
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D4B3B369973EC47F2EDCFF3CC95E685F11A05ACE3DACBE94FBEE6749AD94552"
Last-Modified: Sat, 28 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2810
Expires: Sun, 29 Jan 2023 21:33:21 GMT
Date: Sun, 29 Jan 2023 20:46:31 GMT
Connection: keep-alive
d2qnx6y010m4rt.cloudfront.net/sZHBQNEYHHz5SeRAZNAl/UUdkAHRCGiNbKBRNFV8eDhgRdiASSWQNDC1WJE4iWUB2WCcKF20SIwoTbQVgBRQyCXJCBTEJKwsKOVgqBVVicnNKQHUGdkwHOVoiCwcjEXRUHiQRdFRBYBp2QUMSEXRUBzlacFBVY3ZjVkAoAnJBQxIRdFQCJhF1JUFgAWhUWX-UGdgMVM18pQUIWBnZVQGAFdlVVYgQgDQI1UikcVWJyd1RFfgRgEU1h
54.230.245.105200 OK 498 B URL HTTP/2 d2qnx6y010m4rt.cloudfront.net/sZHBQNEYHHz5SeRAZNAl/UUdkAHRCGiNbKBRNFV8eDhgRdiASSWQNDC1WJE4iWUB2WCcKF20SIwoTbQVgBRQyCXJCBTEJKwsKOVgqBVVicnNKQHUGdkwHOVoiCwcjEXRUHiQRdFRBYBp2QUMSEXRUBzlacFBVY3ZjVkAoAnJBQxIRdFQCJhF1JUFgAWhUWX-UGdgMVM18pQUIWBnZVQGAFdlVVYgQgDQI1UikcVWJyd1RFfgRgEU1h
IP 54.230.245.105:0
Hash c3f17cd0d7f29a04f35218946ce68bf7
82d903ea109597f2d1c26ebddbe57dede5bde058
ff6034cd75ac73043af4e69e33ec5d5ee2d86ae6d36a50f518555309e9fcf4ba
GET /sZHBQNEYHHz5SeRAZNAl/UUdkAHRCGiNbKBRNFV8eDhgRdiASSWQNDC1WJE4iWUB2WCcKF20SIwoTbQVgBRQyCXJCBTEJKwsKOVgqBVVicnNKQHUGdkwHOVoiCwcjEXRUHiQRdFRBYBp2QUMSEXRUBzlacFBVY3ZjVkAoAnJBQxIRdFQCJhF1JUFgAWhUWX-UGdgMVM18pQUIWBnZVQGAFdlVVYgQgDQI1UikcVWJyd1RFfgRgEU1h HTTP/1.1
Host: d2qnx6y010m4rt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coonandeg.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 188
date: Sun, 29 Jan 2023 20:46:31 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qewUWwd-ZzNsEhwo5Uy4lnyfLoWm3gGwEbKbeN53F10sRdIvx3eaKg==
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.62.235200 OK 4.2 kB URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.62.235:0
Hash 09a7f31f27985420b77e81c2dc6c3eb3
4082488ce21590dfad251bf70fcecd9d66443960
ede2019b6a0073ac7c9ba053444b2944f881821deeeda31e9941b3499bcfb12a
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1803
expires: Mon, 30 Jan 2023 00:46:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d159adbcb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
intelligenceadx.com/IeLvmA.html?_=BQFiAAAAAAAACZUAAsSLi9IKzEBUSRsGKuEclL3ScJKLdnxsz_uqiyOkA2fMHHiN9KCbybrEQkSgStGcQTFFyKc2CUgcuRrmyiC6RduFyGsIeFiOHg83FE-On--q0TQf-AS44PTfyM1TbQbGgvZFLC-DQA3DIX_mIhy96lAT-9DM8ENzUu84QAHCxr9USFSxLiNZ4krBc6EGkGdaTUJku3QYACRI_Q26A7S5UnCiOEFbTgc1OW9MeM4qT0Ore1lx1VRhH1pzMsIUbZMMLM60CGm_XzumRiDCT5siMUSy9M3jZrdrvzwKqOAKxigjjTWhLmnoFybCZNYTIF_PmnEbpu45AaDRrnvFqcIPLv7KZrnG5NOwT5LuEqgJYG3ZNFO2VxjQan3tTMRuerQZ3BLYD_Oq_Lmgu2JQOQIuN0Dv0oXt8krBMo0YL4xuCEvYLL5VEQp6e0M9oPEk_FJDah0ebfqjmBz-cv5QRXDGYSo&v=4&QGZFJLNK=4787158&minBid=&ZbSBupYv=0,0&iBzPxmhf=&kveQMZli=&s=1280,1024,1,1280,1024,0
208.95.114.100200 OK 44 B URL HTTP/2 intelligenceadx.com/IeLvmA.html?_=BQFiAAAAAAAACZUAAsSLi9IKzEBUSRsGKuEclL3ScJKLdnxsz_uqiyOkA2fMHHiN9KCbybrEQkSgStGcQTFFyKc2CUgcuRrmyiC6RduFyGsIeFiOHg83FE-On--q0TQf-AS44PTfyM1TbQbGgvZFLC-DQA3DIX_mIhy96lAT-9DM8ENzUu84QAHCxr9USFSxLiNZ4krBc6EGkGdaTUJku3QYACRI_Q26A7S5UnCiOEFbTgc1OW9MeM4qT0Ore1lx1VRhH1pzMsIUbZMMLM60CGm_XzumRiDCT5siMUSy9M3jZrdrvzwKqOAKxigjjTWhLmnoFybCZNYTIF_PmnEbpu45AaDRrnvFqcIPLv7KZrnG5NOwT5LuEqgJYG3ZNFO2VxjQan3tTMRuerQZ3BLYD_Oq_Lmgu2JQOQIuN0Dv0oXt8krBMo0YL4xuCEvYLL5VEQp6e0M9oPEk_FJDah0ebfqjmBz-cv5QRXDGYSo&v=4&QGZFJLNK=4787158&minBid=&ZbSBupYv=0,0&iBzPxmhf=&kveQMZli=&s=1280,1024,1,1280,1024,0
IP 208.95.114.100:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /IeLvmA.html?_=BQFiAAAAAAAACZUAAsSLi9IKzEBUSRsGKuEclL3ScJKLdnxsz_uqiyOkA2fMHHiN9KCbybrEQkSgStGcQTFFyKc2CUgcuRrmyiC6RduFyGsIeFiOHg83FE-On--q0TQf-AS44PTfyM1TbQbGgvZFLC-DQA3DIX_mIhy96lAT-9DM8ENzUu84QAHCxr9USFSxLiNZ4krBc6EGkGdaTUJku3QYACRI_Q26A7S5UnCiOEFbTgc1OW9MeM4qT0Ore1lx1VRhH1pzMsIUbZMMLM60CGm_XzumRiDCT5siMUSy9M3jZrdrvzwKqOAKxigjjTWhLmnoFybCZNYTIF_PmnEbpu45AaDRrnvFqcIPLv7KZrnG5NOwT5LuEqgJYG3ZNFO2VxjQan3tTMRuerQZ3BLYD_Oq_Lmgu2JQOQIuN0Dv0oXt8krBMo0YL4xuCEvYLL5VEQp6e0M9oPEk_FJDah0ebfqjmBz-cv5QRXDGYSo&v=4&QGZFJLNK=4787158&minBid=&ZbSBupYv=0,0&iBzPxmhf=&kveQMZli=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sun, 29 Jan 2023 20:46:31 GMT
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=62851
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=62851
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=62851 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 20:46:31 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://kbjfree.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ae5724c6ed.532f546611.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDQ2ODM5MDc2NzA4NTUxNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIxLjEiLCJ0YWdfaWQiOjYyODUxLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6Imltemk5NSUyQ0tCSkZyZWUlMkNrb3JlYW4lMkNiaiUyQ2tiaiUyQ2NoYXR1cmJhdGUlMkNvbmx5ZmFucyUyQ2ZhbnRyaWUlMkNwYW5kYXR2JTJDd2lua3R2JTJDZmxleHR2JTJDcG9wa29udHYlMkNjaGF0dXJiYXRlLmNvbSUyQ29ubHlmYW5zLmNvbSUyQ2ZhbnRyaWUuY29tJTJDd2lua3R2LmNvLmtyJTJDcGFuZGFsaXZlLmNvLmtyJTJDZmxleHR2LmNvLmtyJTJDcG9wa29udHYuY29tJTJDTW9kZWwlMkNpbXppOTUlMkNLQkpGcmVlJTJDS0JKRnJlZS5jb20lMkN3YXRjaCUyQ2ZyZWUlMkNLb3JlYW4lMkNCSiUyQ0NoYXR1cmJhdGUlMkNPbmx5ZmFucyUyQ0ZhbnRyaWUlMkNsZWFrZWQlMkN2aWRlb3MifQ==
45.133.44.24200 OK 0 B URL HTTP/2 ae5724c6ed.532f546611.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDQ2ODM5MDc2NzA4NTUxNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIxLjEiLCJ0YWdfaWQiOjYyODUxLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6Imltemk5NSUyQ0tCSkZyZWUlMkNrb3JlYW4lMkNiaiUyQ2tiaiUyQ2NoYXR1cmJhdGUlMkNvbmx5ZmFucyUyQ2ZhbnRyaWUlMkNwYW5kYXR2JTJDd2lua3R2JTJDZmxleHR2JTJDcG9wa29udHYlMkNjaGF0dXJiYXRlLmNvbSUyQ29ubHlmYW5zLmNvbSUyQ2ZhbnRyaWUuY29tJTJDd2lua3R2LmNvLmtyJTJDcGFuZGFsaXZlLmNvLmtyJTJDZmxleHR2LmNvLmtyJTJDcG9wa29udHYuY29tJTJDTW9kZWwlMkNpbXppOTUlMkNLQkpGcmVlJTJDS0JKRnJlZS5jb20lMkN3YXRjaCUyQ2ZyZWUlMkNLb3JlYW4lMkNCSiUyQ0NoYXR1cmJhdGUlMkNPbmx5ZmFucyUyQ0ZhbnRyaWUlMkNsZWFrZWQlMkN2aWRlb3MifQ==
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNDQ2ODM5MDc2NzA4NTUxNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjIxLjEiLCJ0YWdfaWQiOjYyODUxLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjUsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6Imltemk5NSUyQ0tCSkZyZWUlMkNrb3JlYW4lMkNiaiUyQ2tiaiUyQ2NoYXR1cmJhdGUlMkNvbmx5ZmFucyUyQ2ZhbnRyaWUlMkNwYW5kYXR2JTJDd2lua3R2JTJDZmxleHR2JTJDcG9wa29udHYlMkNjaGF0dXJiYXRlLmNvbSUyQ29ubHlmYW5zLmNvbSUyQ2ZhbnRyaWUuY29tJTJDd2lua3R2LmNvLmtyJTJDcGFuZGFsaXZlLmNvLmtyJTJDZmxleHR2LmNvLmtyJTJDcG9wa29udHYuY29tJTJDTW9kZWwlMkNpbXppOTUlMkNLQkpGcmVlJTJDS0JKRnJlZS5jb20lMkN3YXRjaCUyQ2ZyZWUlMkNLb3JlYW4lMkNCSiUyQ0NoYXR1cmJhdGUlMkNPbmx5ZmFucyUyQ0ZhbnRyaWUlMkNsZWFrZWQlMkN2aWRlb3MifQ== HTTP/1.1
Host: ae5724c6ed.532f546611.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:31 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=62851
157.90.84.242200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=62851
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=62851 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22285
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 29 Jan 2023 20:46:32 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://kbjfree.com
Set-Cookie: id=6386420305394556168; Expires=Mon, 29 Jan 2024 20:46:32 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.76.226200 OK 35 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16308fbfb62403698970a88c02ec6bf0
9840e37c03fcc035282c7e78a179191db9012980
d2bb7e49a6f0f706ba38a570fa279b96ee4c3a74049aa75e26c52a31ecb0ea86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A655F9A1382B16A49DFAEF9CBC79E3CE6780D76268C54A5270B045FCA633852"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5583
Expires: Sun, 29 Jan 2023 22:19:35 GMT
Date: Sun, 29 Jan 2023 20:46:32 GMT
Connection: keep-alive
nereserv.com/in/dip?site=native-push&wl=1&event_id=419d1ede-36e5-454d-980f-b3c3a2358b9e&subid=1948039445&sid=1912833659&spot_id=130434&created_at=2023-01-29&timezone=0&ver=8.20.1&is_native=1
94.130.198.6200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=419d1ede-36e5-454d-980f-b3c3a2358b9e&subid=1948039445&sid=1912833659&spot_id=130434&created_at=2023-01-29&timezone=0&ver=8.20.1&is_native=1
IP 94.130.198.6:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=419d1ede-36e5-454d-980f-b3c3a2358b9e&subid=1948039445&sid=1912833659&spot_id=130434&created_at=2023-01-29&timezone=0&ver=8.20.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 29 Jan 2023 20:46:32 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675025101/60974700
104.18.63.124200 OK 17 kB URL HTTP/2 img.strpst.com/thumbs/1675025101/60974700
IP 104.18.63.124:0
Hash b0ee825376e1cef41b0a7d267e7b3282
ee5741d849f74bf946395dc8b9b44eab927a0ad3
6947c4ebefed7fc688b073bf6dea004173b11432d33df1d6ddbef90aa6dff516
GET /thumbs/1675025101/60974700 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: image/jpeg
content-length: 16856
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17655, status=webp_bigger
etag: "e225f9057a9ec239d989ef1a7463a37b"
last-modified: Sun, 29 Jan 2023 20:44:36 GMT
cf-cache-status: HIT
age: 61
expires: Sun, 29 Jan 2023 21:16:32 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15b4897b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675025101/46714006
104.18.63.124200 OK 23 kB URL HTTP/2 img.strpst.com/thumbs/1675025101/46714006
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash e0d07576cfd4943d9084f25b915eea2d
75a39be92b10d8de7b9fd53e32847d276f986f7d
bee2ee5d24b72e3ab0549cb5dcdccd548fcfd4de8f73cb9c8e5830f6cefa9ef5
GET /thumbs/1675025101/46714006 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: image/jpeg
content-length: 23214
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=24330, status=webp_bigger
etag: "554194af443347634ab9c1df07cb95ef"
last-modified: Sun, 29 Jan 2023 20:44:59 GMT
cf-cache-status: HIT
age: 60
expires: Sun, 29 Jan 2023 21:16:32 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15b4892b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/367171?host=kbjfree.com&ev=197&wh=898&ww=1280&uuid=&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25
135.181.208.216200 OK 32 kB URL HTTP/2 slave.kbjfree.com/api/spots/367171?host=kbjfree.com&ev=197&wh=898&ww=1280&uuid=&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash dddc533f431fe53ff34aa16daacac24e
678dcf03402b97e2c1bc3d83511ec0d8dbfa5268
2688c7edfa30a51b373bb87f3346377f2de3e572bd668d8a42c24b70aefee7f5
GET /api/spots/367171?host=kbjfree.com&ev=197&wh=898&ww=1280&uuid=&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25 HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: nauid=tdDVsKvJORRuEOUu0px1; __cf_bm=KFYSjzNQyl374csZtNVlABgyLYt7qKENnDdf5kkUA74-1675025189-0-Af22x1mHSEtq8fcqoquv33jp+6xEXW9sulaGykxewHc+V8DaljHAHnTNbpX3bQMY33aSVtLQqY3cXPrHdFMkJokyKbc9I/BCvdpjq9Srf+cFB/NdAHmFRfG2FRB1EGRypolUzS8upA563G4aaYF/sVc=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675025101/71965460
104.18.63.124200 OK 27 kB URL HTTP/2 img.strpst.com/thumbs/1675025101/71965460
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash beeb59066c2bb0953fd69bf9857c4138
dbf53b4cd2463ea9d7259c4b235c70ece66f5eca
f0dadc23442324c1652326380902dc1075bfeacde66b4d2955e465943e734f94
GET /thumbs/1675025101/71965460 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: image/jpeg
content-length: 26581
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27799, status=webp_bigger
etag: "40268e0a70a90a989baa0161664df64e"
last-modified: Sun, 29 Jan 2023 20:45:14 GMT
cf-cache-status: HIT
age: 58
expires: Sun, 29 Jan 2023 21:16:32 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15b589cb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675025101/76786552
104.18.63.124200 OK 19 kB URL HTTP/2 img.strpst.com/thumbs/1675025101/76786552
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 264x360, components 3\012- data
Hash 452a8af7b8d02483107b1ac710357462
411e4bab9ef554f7d09d49d3dec3de2ac12522a2
10c7908aa51af1f9584dfe96e8cfcfe29f161ad1839dffbbfb8d95c09ca64f3a
GET /thumbs/1675025101/76786552 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: image/jpeg
content-length: 18670
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=19776, status=webp_bigger
etag: "855c8a31cc949698bc5baef2f6050888"
last-modified: Sun, 29 Jan 2023 20:44:47 GMT
cf-cache-status: HIT
age: 52
expires: Sun, 29 Jan 2023 21:16:32 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15b58a5b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1675025101/5821
104.18.63.124200 OK 41 kB URL HTTP/2 img.strpst.com/thumbs/1675025101/5821
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 7c672070b5a5898c7368cc96de783272
0d7ad80b98e69b71d761ef0e23fab5a0fddab29d
923afe055cfbe9ed2a032309a1240b6b4e77014e297e0f9d129ccd4b1e08ffe9
GET /thumbs/1675025101/5821 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: image/jpeg
content-length: 40864
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=42069, status=webp_bigger
etag: "08dd37d2a4b2087a5cbd7a50a6e00b81"
last-modified: Sun, 29 Jan 2023 20:44:59 GMT
cf-cache-status: HIT
age: 59
expires: Sun, 29 Jan 2023 21:16:32 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15b88c4b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
9cd589fd54.86b1722d8e.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 9cd589fd54.86b1722d8e.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: 9cd589fd54.86b1722d8e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:32 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 14681339fc16ac120967600c85c37d96
589ed56dc45067e35e26a667ad3d9a12d0f61884
c7a020eb97f372e9325a03c89aa4d97d023f8583ea94af56ae1ffc2363ab8547
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5160
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:32 GMT
Last-Modified: Sun, 29 Jan 2023 19:20:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4832b523537a23be2360a60f80b19115
67c7281621269de7f8c1b6c4aecef7eb19f04bfe
8282b65e611998c30f7a9fbace9effbd192d3792dcdd1ade71f1f23032d7a434
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15240
Expires: Mon, 30 Jan 2023 01:00:32 GMT
Date: Sun, 29 Jan 2023 20:46:32 GMT
Connection: keep-alive
js.wpushsdk.com/npc/sdk/wpu/npush.m.js
45.133.44.25200 OK 78 kB URL HTTP/2 js.wpushsdk.com/npc/sdk/wpu/npush.m.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash b6141baa7731c176c93e82df83751237
c381c51f905f613450764a35df29ad288a00c8c5
1b70158406450ada816ff0a1d7db441cd92c96149cae7b776622d9d5d4f1227d
GET /npc/sdk/wpu/npush.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:31 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 20 Jan 2023 11:15:05 GMT
etag: W/"63ca77b9-4c6b2"
content-encoding: gzip
expires: Sun, 29 Jan 2023 20:51:31 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 337c67ee8f4b20a19433d36f40de6c9b
8b2b49f75ee5a402752fd626ef49a7055e5b36af
cdf5b193d3152e894b4d9b4fabe838179742c10a12007ea3a7f0e543a41e2065
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 20:46:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1292503610%3A1675025192392858&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcx6uKhay5N7wzf9ke6bXmUdqE9ZgG9z2wV7yJig7ALkYb3hKm_meGg9pc0PS-u6vV3LCYK4A
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-wRS_g-ybJhyfmX2r8s9Dkg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:tdvFi_rJFGCuP7WV6nnynUg40MCA2A:z68TfDi-ZZ3-Zo6P;Path=/;Expires=Tue, 28-Jan-2025 20:46:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15240
Expires: Mon, 30 Jan 2023 01:00:32 GMT
Date: Sun, 29 Jan 2023 20:46:32 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 393 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash ad865583fab9331aae33efdadf72acdb
d3356801d1e5eb9cb46adaada6cd63e754a98946
7be3d11184556bfd71683addc9c1e1de003fb3e230022988237497b3714e40d4
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 20:46:32 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S872812440%3A1675025192435541&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfcQ0Ci_W235AgVUR5T7gwpJS528XpbjXBX2HsYQECCXdJPAKG40aX4wy-vwQHXaZFYsAQboQ
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-NyyvFfXcMj_zToU7abN0RQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 393
server: GSE
set-cookie: __Host-GAPS=1:EyHhPfOI1mtUaH9K5tdY2PL2EA2h5g:UZs-YJuCUt492suZ;Path=/;Expires=Tue, 28-Jan-2025 20:46:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 14681339fc16ac120967600c85c37d96
589ed56dc45067e35e26a667ad3d9a12d0f61884
c7a020eb97f372e9325a03c89aa4d97d023f8583ea94af56ae1ffc2363ab8547
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5160
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:32 GMT
Last-Modified: Sun, 29 Jan 2023 19:20:32 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
accounts.google.com/v3/signin/identifier?dsh=S1292503610%3A1675025192392858&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcx6uKhay5N7wzf9ke6bXmUdqE9ZgG9z2wV7yJig7ALkYb3hKm_meGg9pc0PS-u6vV3LCYK4A
142.250.74.109403 Forbidden 851 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1292503610%3A1675025192392858&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcx6uKhay5N7wzf9ke6bXmUdqE9ZgG9z2wV7yJig7ALkYb3hKm_meGg9pc0PS-u6vV3LCYK4A
IP 142.250.74.109:0
Hash 7076a924aaa9a796081ad80410c8ffe4
525dc90a13cff8175509d79cb86946a3adeed5e9
884b9179f6c2f76ae1a1d8b76384b5a0d5de1bff0955b724d7ffb03cdbaa91b0
GET /v3/signin/identifier?dsh=S1292503610%3A1675025192392858&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcx6uKhay5N7wzf9ke6bXmUdqE9ZgG9z2wV7yJig7ALkYb3hKm_meGg9pc0PS-u6vV3LCYK4A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 20:46:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-DVzM1m0Q3Azxx7qmB8_8Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15240
Expires: Mon, 30 Jan 2023 01:00:32 GMT
Date: Sun, 29 Jan 2023 20:46:32 GMT
Connection: keep-alive
d2o03z2xnyxlz5.cloudfront.net/?nxzod=957413
54.230.245.149200 OK 69 kB URL HTTP/2 d2o03z2xnyxlz5.cloudfront.net/?nxzod=957413
IP 54.230.245.149:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash bc92f53faca1f31ff2ea5714b900fe4b
86876c133667d69de44a0673c8446edcd034522b
00b566ac135f31620072647cd92c88a0b016363500e80786ced4b5cdb3cde06a
GET /?nxzod=957413 HTTP/1.1
Host: d2o03z2xnyxlz5.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 68580
date: Sun, 29 Jan 2023 20:46:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://kbjfree.com
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eeCAcYj78bHb4Pkm0ULu1iqrZLTOu7JwZW2NQkoDUpdFMeR3XkynJQ==
X-Firefox-Spdy: h2
9cd589fd54.86b1722d8e.com/in/multy
168.119.25.22200 OK 20 kB URL HTTP/2 9cd589fd54.86b1722d8e.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (19987), with no line terminators
Hash 8363415b80e7a1410f9c1b3ddb011e3e
473388aa68b9fbc4566d278694a852adb0d3913b
2ca3670ad43c5bc0fc6a8ccbff7da3c18c45e6d6332f6cd4a9b86504b07df456
Analyzer Verdict Alert quad9 Sinkholed
POST /in/multy HTTP/1.1
Host: 9cd589fd54.86b1722d8e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1065
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: application/json
content-length: 19989
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
9cd589fd54.86b1722d8e.com/in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=10035&price=0&is_cpm=1&cpm=0.92&ecpm=0.92&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-29&is_native=3&auction_queue=0&burl=OswA2RVu8Z5oxg9vOQHrYtLaLejlTE6IQAm1wKGdY-ckTFkS4KjH7Rm7-WA1MoArOUYx0tVWL48ovzonnIlGaV_WFB79f1iqnestpbCdGN9g9XIyeUSkjaE02rhMV6h-9Itj43Lc379VQeFcJq0VLTks9CuoLcl6kiy6xyDWilS5bv53BAha78Kqr7RKhrxG_9wF7LsQnRD8pzwpQWE3OWZzPtBh7IagSjxH1KFO5txufxHR4ajejWUnoeJnfAkC78IjbnXDDjqKEA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.008957936892459698&placement_type_id=7&skin_test=0&verify_hash=82b63e910f30d21b3bec44941344c8be&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.92&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=82b63e910f30d21b3bec44941344c8be&real_bid=0.92&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=wOuOvEGLh9QF0Yrhky8GmBBOZUlZk-s9UeSEkaNi0PCWXMe_yhHeEFCxEb0q4GS6WrLMvWtZzyQhoa9UJZFW9UrT2IOOYZCakj5gM6Fl7qK2n1rNJinf9ixyk3S-u9UxQCuQOtToGcNAA3M1TNVbrX4rWYiC6K44vIn3B5Wu3xh1XVV7ug&pop_price=0.00092&pop_real_bid=0.00092&pop_ecpm=0.017900469652502127&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=76,4,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=52febb24-b449-4832-a4ae-c01e5c074a85&mlc=1&format=default-slide-b_r-body
168.119.25.22200 OK 0 B URL HTTP/2 9cd589fd54.86b1722d8e.com/in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=10035&price=0&is_cpm=1&cpm=0.92&ecpm=0.92&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-29&is_native=3&auction_queue=0&burl=OswA2RVu8Z5oxg9vOQHrYtLaLejlTE6IQAm1wKGdY-ckTFkS4KjH7Rm7-WA1MoArOUYx0tVWL48ovzonnIlGaV_WFB79f1iqnestpbCdGN9g9XIyeUSkjaE02rhMV6h-9Itj43Lc379VQeFcJq0VLTks9CuoLcl6kiy6xyDWilS5bv53BAha78Kqr7RKhrxG_9wF7LsQnRD8pzwpQWE3OWZzPtBh7IagSjxH1KFO5txufxHR4ajejWUnoeJnfAkC78IjbnXDDjqKEA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.008957936892459698&placement_type_id=7&skin_test=0&verify_hash=82b63e910f30d21b3bec44941344c8be&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.92&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=82b63e910f30d21b3bec44941344c8be&real_bid=0.92&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=wOuOvEGLh9QF0Yrhky8GmBBOZUlZk-s9UeSEkaNi0PCWXMe_yhHeEFCxEb0q4GS6WrLMvWtZzyQhoa9UJZFW9UrT2IOOYZCakj5gM6Fl7qK2n1rNJinf9ixyk3S-u9UxQCuQOtToGcNAA3M1TNVbrX4rWYiC6K44vIn3B5Wu3xh1XVV7ug&pop_price=0.00092&pop_real_bid=0.00092&pop_ecpm=0.017900469652502127&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=76,4,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=52febb24-b449-4832-a4ae-c01e5c074a85&mlc=1&format=default-slide-b_r-body
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=10035&price=0&is_cpm=1&cpm=0.92&ecpm=0.92&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&tcid=0&out_id=1&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-01-29&is_native=3&auction_queue=0&burl=OswA2RVu8Z5oxg9vOQHrYtLaLejlTE6IQAm1wKGdY-ckTFkS4KjH7Rm7-WA1MoArOUYx0tVWL48ovzonnIlGaV_WFB79f1iqnestpbCdGN9g9XIyeUSkjaE02rhMV6h-9Itj43Lc379VQeFcJq0VLTks9CuoLcl6kiy6xyDWilS5bv53BAha78Kqr7RKhrxG_9wF7LsQnRD8pzwpQWE3OWZzPtBh7IagSjxH1KFO5txufxHR4ajejWUnoeJnfAkC78IjbnXDDjqKEA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop-ext&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.008957936892459698&placement_type_id=7&skin_test=0&verify_hash=82b63e910f30d21b3bec44941344c8be&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.92&user_fp=0&v2=0&pop_type=1&space_id=1886&verify_hash=82b63e910f30d21b3bec44941344c8be&real_bid=0.92&skin_id=2&vertical_id=0&stratagem=&accel=&gyr=&iabcat=IAB25&ip_mismatch=false&ssp=&rc=&v2_track=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=wOuOvEGLh9QF0Yrhky8GmBBOZUlZk-s9UeSEkaNi0PCWXMe_yhHeEFCxEb0q4GS6WrLMvWtZzyQhoa9UJZFW9UrT2IOOYZCakj5gM6Fl7qK2n1rNJinf9ixyk3S-u9UxQCuQOtToGcNAA3M1TNVbrX4rWYiC6K44vIn3B5Wu3xh1XVV7ug&pop_price=0.00092&pop_real_bid=0.00092&pop_ecpm=0.017900469652502127&auc_type=1&pr=&user_keywords=&device_theme=light&label_ids=76,4,0&conditions=dch_ip,tz_offset&need_redirect_show=0&mlf=1&cpa=52febb24-b449-4832-a4ae-c01e5c074a85&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: 9cd589fd54.86b1722d8e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:33 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
9cd589fd54.86b1722d8e.com/in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.035963999999999996&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675197992&created_at=2023-01-29&is_native=1&auction_queue=0&burl=2oyeF-NRxjHvhZNxVIJt8zG_OBh56400beiyUH46Y9-5POAgGFm6dg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.0018158780088546106&placement_type_id=&skin_test=0&verify_hash=e4093801a3e34ba42543b13f9a165861&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=VgB_GCFcpuTaMDM-BTSIxV132sKnW3cZ1PDYqA2RzepnmNRCekLAY0fVk6C-dYe2Sz8T_isIAQQLJDhfWEvJTplhsNkI4ZbpxSHPDeLGLug-faNqckaML5kVmYrkAGZ5XC3xXnUrmdvFF_LtdpXRoAyDr7MO7onidHXXnPtkl6x28aIEK9qnAr0qBYx6iATgi6meooIYAhpzVVUs4hYg4NbPtE36TyV03B744syUD-GC6Esskgfy0g1MF0taGjzGXq1sxH8oxt7GZ1t20n4AJX1-X_cl8FU105hhW6vazdke2GqKDpA4GhgEeiY0HwXDBINv5Xyz4QXhnsiAVkmfmOjBQuHpLeVeiRjQ0kFCZtuDxk2jZBeW9NgRVx-XcAZCi77PPyw3QgyZoRrigToRNbBoBH1j2_uf2qj3rhV0R2H_a7h3PO0MpdzI_8RtUk4wz8OH_Wj-r26lPeO1SXPNtwWfTbAbrdo-ZiCBnv1pmW_hYi2HbWI0Zom-j2TAd3gwH6FZI03clu-6dDLZoSU4U6p9LMfKnNVv9GlvQLIVJ5thW5Vh3PwfrSjitY02u3s9rI_lA8roOm4FAmCuufjEiNVu2_uYXdeJNI9POFWQA5Onx36PmdMCof9opyQJUnlUPNHEqZkU6F_wjhf33_P7Xh0eUtJjNE4iv_Wfl5PAcnmxOVrOidKheEf3Buh_Ypbf1gmlEsThnvBw0D_DcYJQs7NeFgk_XGn9kXzA8zwreK3WJVCQOYqnie9V6HCeoYAlkz2Jt6DlkDyTeFgMG-bwbkO0nc1u_F35eJ_BjrCUYVLWEonD8ZvY4uX96eF3Gnv0q9tE1sGr9n6igYrB8570Ybbdc4VM-GHPROTbr4ltgwgsbVIcJEG0xj3tHCTrV5wRc6JuRVBfmFm0C6fYDr6GihIBypKeO2BEbXLQMa02BUJnHuvMm9Z9sogRIkzQDhWkxeP0IkVtoyF5hQZGGVQO2VQilcGk2zegq29SopDKQ6iPdAptrYrY4D2Hnccq0askDkoQhi9k4xElXzkfCS8rVQvTMAkUfxJt58QPTg7K8fm2aSu7-N7XOtWIMGuJJXq6wklq2Q8TJ2CXRl-abh0zQ8oOPhtp-K9Fgo38pWxtYuaRML8Q_7SkYP_kNYbPk1EeBp6p1lYDQdMcLrFl5QhZRMikJIbNuHm1VdovtY4JAsQkmf1tEkWFHGiL4ePW39RSAj6HrndpsQeHdmSNbDr_HJF1rGgMhJM&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.035963999999999996&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=test,Asian&label_ids=4,5,0,101&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=0f285730-c230-416e-a132-a40ec18bcf7a&format=default-slide-b_r-body
168.119.25.22200 OK 0 B URL HTTP/2 9cd589fd54.86b1722d8e.com/in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.035963999999999996&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675197992&created_at=2023-01-29&is_native=1&auction_queue=0&burl=2oyeF-NRxjHvhZNxVIJt8zG_OBh56400beiyUH46Y9-5POAgGFm6dg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.0018158780088546106&placement_type_id=&skin_test=0&verify_hash=e4093801a3e34ba42543b13f9a165861&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=VgB_GCFcpuTaMDM-BTSIxV132sKnW3cZ1PDYqA2RzepnmNRCekLAY0fVk6C-dYe2Sz8T_isIAQQLJDhfWEvJTplhsNkI4ZbpxSHPDeLGLug-faNqckaML5kVmYrkAGZ5XC3xXnUrmdvFF_LtdpXRoAyDr7MO7onidHXXnPtkl6x28aIEK9qnAr0qBYx6iATgi6meooIYAhpzVVUs4hYg4NbPtE36TyV03B744syUD-GC6Esskgfy0g1MF0taGjzGXq1sxH8oxt7GZ1t20n4AJX1-X_cl8FU105hhW6vazdke2GqKDpA4GhgEeiY0HwXDBINv5Xyz4QXhnsiAVkmfmOjBQuHpLeVeiRjQ0kFCZtuDxk2jZBeW9NgRVx-XcAZCi77PPyw3QgyZoRrigToRNbBoBH1j2_uf2qj3rhV0R2H_a7h3PO0MpdzI_8RtUk4wz8OH_Wj-r26lPeO1SXPNtwWfTbAbrdo-ZiCBnv1pmW_hYi2HbWI0Zom-j2TAd3gwH6FZI03clu-6dDLZoSU4U6p9LMfKnNVv9GlvQLIVJ5thW5Vh3PwfrSjitY02u3s9rI_lA8roOm4FAmCuufjEiNVu2_uYXdeJNI9POFWQA5Onx36PmdMCof9opyQJUnlUPNHEqZkU6F_wjhf33_P7Xh0eUtJjNE4iv_Wfl5PAcnmxOVrOidKheEf3Buh_Ypbf1gmlEsThnvBw0D_DcYJQs7NeFgk_XGn9kXzA8zwreK3WJVCQOYqnie9V6HCeoYAlkz2Jt6DlkDyTeFgMG-bwbkO0nc1u_F35eJ_BjrCUYVLWEonD8ZvY4uX96eF3Gnv0q9tE1sGr9n6igYrB8570Ybbdc4VM-GHPROTbr4ltgwgsbVIcJEG0xj3tHCTrV5wRc6JuRVBfmFm0C6fYDr6GihIBypKeO2BEbXLQMa02BUJnHuvMm9Z9sogRIkzQDhWkxeP0IkVtoyF5hQZGGVQO2VQilcGk2zegq29SopDKQ6iPdAptrYrY4D2Hnccq0askDkoQhi9k4xElXzkfCS8rVQvTMAkUfxJt58QPTg7K8fm2aSu7-N7XOtWIMGuJJXq6wklq2Q8TJ2CXRl-abh0zQ8oOPhtp-K9Fgo38pWxtYuaRML8Q_7SkYP_kNYbPk1EeBp6p1lYDQdMcLrFl5QhZRMikJIbNuHm1VdovtY4JAsQkmf1tEkWFHGiL4ePW39RSAj6HrndpsQeHdmSNbDr_HJF1rGgMhJM&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.035963999999999996&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=test,Asian&label_ids=4,5,0,101&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=0f285730-c230-416e-a132-a40ec18bcf7a&format=default-slide-b_r-body
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=8382338143510640305&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1948039445&sid=1912833659&cid=12695&price=0&is_cpm=1&cpm=0.036&ecpm=0.035963999999999996&crid=2240&crtid=f70aa6a0d437f901eea3e30be1aacaa8&tcid=0&out_id=0&ver=8.20.1&ver_c=&refdom=kbjfree.com&hostname=auc-inpage-hz-1-a&site_id=31130434&spot_id=130434&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1675197992&created_at=2023-01-29&is_native=1&auction_queue=0&burl=2oyeF-NRxjHvhZNxVIJt8zG_OBh56400beiyUH46Y9-5POAgGFm6dg&pop_winurl=&ip=91.90.42.154&testab=0&px_id=31130434&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=mq&uniq=&exp=&resp_type=&iabcat=IAB25&min_cpm=0.0018158780088546106&placement_type_id=&skin_test=0&verify_hash=e4093801a3e34ba42543b13f9a165861&score=52.70404082429859&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1948039445%26spot_id%3D130434%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fkbjfree.com%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.036&user_fp=0&v2=0&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=VgB_GCFcpuTaMDM-BTSIxV132sKnW3cZ1PDYqA2RzepnmNRCekLAY0fVk6C-dYe2Sz8T_isIAQQLJDhfWEvJTplhsNkI4ZbpxSHPDeLGLug-faNqckaML5kVmYrkAGZ5XC3xXnUrmdvFF_LtdpXRoAyDr7MO7onidHXXnPtkl6x28aIEK9qnAr0qBYx6iATgi6meooIYAhpzVVUs4hYg4NbPtE36TyV03B744syUD-GC6Esskgfy0g1MF0taGjzGXq1sxH8oxt7GZ1t20n4AJX1-X_cl8FU105hhW6vazdke2GqKDpA4GhgEeiY0HwXDBINv5Xyz4QXhnsiAVkmfmOjBQuHpLeVeiRjQ0kFCZtuDxk2jZBeW9NgRVx-XcAZCi77PPyw3QgyZoRrigToRNbBoBH1j2_uf2qj3rhV0R2H_a7h3PO0MpdzI_8RtUk4wz8OH_Wj-r26lPeO1SXPNtwWfTbAbrdo-ZiCBnv1pmW_hYi2HbWI0Zom-j2TAd3gwH6FZI03clu-6dDLZoSU4U6p9LMfKnNVv9GlvQLIVJ5thW5Vh3PwfrSjitY02u3s9rI_lA8roOm4FAmCuufjEiNVu2_uYXdeJNI9POFWQA5Onx36PmdMCof9opyQJUnlUPNHEqZkU6F_wjhf33_P7Xh0eUtJjNE4iv_Wfl5PAcnmxOVrOidKheEf3Buh_Ypbf1gmlEsThnvBw0D_DcYJQs7NeFgk_XGn9kXzA8zwreK3WJVCQOYqnie9V6HCeoYAlkz2Jt6DlkDyTeFgMG-bwbkO0nc1u_F35eJ_BjrCUYVLWEonD8ZvY4uX96eF3Gnv0q9tE1sGr9n6igYrB8570Ybbdc4VM-GHPROTbr4ltgwgsbVIcJEG0xj3tHCTrV5wRc6JuRVBfmFm0C6fYDr6GihIBypKeO2BEbXLQMa02BUJnHuvMm9Z9sogRIkzQDhWkxeP0IkVtoyF5hQZGGVQO2VQilcGk2zegq29SopDKQ6iPdAptrYrY4D2Hnccq0askDkoQhi9k4xElXzkfCS8rVQvTMAkUfxJt58QPTg7K8fm2aSu7-N7XOtWIMGuJJXq6wklq2Q8TJ2CXRl-abh0zQ8oOPhtp-K9Fgo38pWxtYuaRML8Q_7SkYP_kNYbPk1EeBp6p1lYDQdMcLrFl5QhZRMikJIbNuHm1VdovtY4JAsQkmf1tEkWFHGiL4ePW39RSAj6HrndpsQeHdmSNbDr_HJF1rGgMhJM&image_url=https%3A%2F%2F12112336.pix-cdn.org%2Fm%2Fp%2F0%2F374%2F374539%2Fconversions%2FuaDvnmZE-minify.jpg&skin_id=2&vertical_id=0&real_bid=0.035963999999999996&pr=&user_keywords=&auc_type=1&aid=127&ext_cid=100266&device_theme=light&keywords=test,Asian&label_ids=4,5,0,101&conditions=dch_ip,tz_offset&need_redirect_show=0&cpa=0f285730-c230-416e-a132-a40ec18bcf7a&format=default-slide-b_r-body HTTP/1.1
Host: 9cd589fd54.86b1722d8e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:33 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9367efd4cd0b294bb72eaeb7bcc63e9e
8a10f50b169bf0929fd0b8c8decd210b389170e2
78f781db103a6e29e3dcfc3412ce7d3fc7f209210f2b88c69e205a9d113e06b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:33 GMT
Last-Modified: Sun, 29 Jan 2023 20:17:59 GMT
Server: ECS (amb/6B7F)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29ad49d8d70c8326d5b59d48962aad9a
4a15475ccedbb06a6916125058e15c44cd2b15ea
013441d9d5ebc02827d4af8e0030b58c55bd1d227aef79c79b3c15bd5dc6b715
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "013441D9D5EBC02827D4AF8E0030B58C55BD1D227AEF79C79B3C15BD5DC6B715"
Last-Modified: Sun, 29 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9508
Expires: Sun, 29 Jan 2023 23:25:01 GMT
Date: Sun, 29 Jan 2023 20:46:33 GMT
Connection: keep-alive
12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
45.133.44.24200 OK 9.0 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 300x200, components 3\012- data
Hash ac4fce2099a6cbd7264384fba760fc66
d95ed9daf1b4e01d98b089f6688319cc5e377aad
0e5e7942344997c25d52522d74def5e71eb22337f2fecf13ac63fe940bcdb176
GET /m/p/0/374/374539/conversions/uaDvnmZE-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: image/jpeg
content-length: 9014
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:18:07 GMT
etag: "62e4e93f-2336"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pn.bquildna43.site/in/tip_shows/?katds_ep=Uv6vpr6YFKSIPCFz2AQIHKqI8NM_y4baJhBlVnVQYJ7I9_pb7Lrh0Dy7XDhB5n3or0_HJ2SF4locE2QLUzFKLzJgUWj3Zw-31loseyhuFvh7HSwz7mDW-lFds12i3OOwAqYu3HL6zCbStXZtUDWTgUFk84FUmz9g-5Ol73ew1r9VLL5qQWiSo_OGSPNygBUko4sxOfKrTk7HYL3-eYK9MhcHfalr9HyME1geXN-S7kIbOJNUxctenOcoQs55wua6FIQpiaPaEMpXriyuGqCi754Q2KP9_0QJbHOQ_fU6gWHXKG8UWAy30XA5G9au493gINdv49a-HFI6wJpvV3ZZPjrZ82l34GC5Rz9BshQ0CKVM_ZSTuppjLKztPow0d4Sao-vTnRmFV9M0W9hbRQRtLpzlgEYBNiQ6b6H9wP2bUaur5kC-nFrUDdmHjsCLPLl54lktUqJ6hevWdJENUFm-krTxJkT3-nl3gLupRqf9A68yg8gtrOH5omi1Pz1qFE5w-PMDwo8PGzaah58oVoJqvRQ4lGd4V5_Hp1QjOd5RK1zPWWhRpzZODAMfFOkElmkVZCIF30piuKAgTGxezEIi-QatOkzXUJ8romdxpZPBnjYyFoI3LCrWfTNzOBQZLO1Nnm2M72bJrtkpA0tpox9EdARg8CM22Hyjcx-J2_0CB92jsmGvLfYmf9Lprwd2oIFdesWzwmy0wggU2kiOmIgV1CBSP4TeeZ_wzvVaVo0qQfiVKK0nQ_HiqDCqMjdo7SzcswCLhAQcTDO1f1csLucYvy37zgSzM_GdYxBxeK9p3MsqTXP-KtSUefRLtQ&sp=${SECOND_PRICE}&cpa=adcc4d40-07ba-4f8c-a53c-4d905492b13e&format=default-slide-b_r-body
188.114.97.1302 Found 0 B URL HTTP/2 pn.bquildna43.site/in/tip_shows/?katds_ep=Uv6vpr6YFKSIPCFz2AQIHKqI8NM_y4baJhBlVnVQYJ7I9_pb7Lrh0Dy7XDhB5n3or0_HJ2SF4locE2QLUzFKLzJgUWj3Zw-31loseyhuFvh7HSwz7mDW-lFds12i3OOwAqYu3HL6zCbStXZtUDWTgUFk84FUmz9g-5Ol73ew1r9VLL5qQWiSo_OGSPNygBUko4sxOfKrTk7HYL3-eYK9MhcHfalr9HyME1geXN-S7kIbOJNUxctenOcoQs55wua6FIQpiaPaEMpXriyuGqCi754Q2KP9_0QJbHOQ_fU6gWHXKG8UWAy30XA5G9au493gINdv49a-HFI6wJpvV3ZZPjrZ82l34GC5Rz9BshQ0CKVM_ZSTuppjLKztPow0d4Sao-vTnRmFV9M0W9hbRQRtLpzlgEYBNiQ6b6H9wP2bUaur5kC-nFrUDdmHjsCLPLl54lktUqJ6hevWdJENUFm-krTxJkT3-nl3gLupRqf9A68yg8gtrOH5omi1Pz1qFE5w-PMDwo8PGzaah58oVoJqvRQ4lGd4V5_Hp1QjOd5RK1zPWWhRpzZODAMfFOkElmkVZCIF30piuKAgTGxezEIi-QatOkzXUJ8romdxpZPBnjYyFoI3LCrWfTNzOBQZLO1Nnm2M72bJrtkpA0tpox9EdARg8CM22Hyjcx-J2_0CB92jsmGvLfYmf9Lprwd2oIFdesWzwmy0wggU2kiOmIgV1CBSP4TeeZ_wzvVaVo0qQfiVKK0nQ_HiqDCqMjdo7SzcswCLhAQcTDO1f1csLucYvy37zgSzM_GdYxBxeK9p3MsqTXP-KtSUefRLtQ&sp=${SECOND_PRICE}&cpa=adcc4d40-07ba-4f8c-a53c-4d905492b13e&format=default-slide-b_r-body
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=Uv6vpr6YFKSIPCFz2AQIHKqI8NM_y4baJhBlVnVQYJ7I9_pb7Lrh0Dy7XDhB5n3or0_HJ2SF4locE2QLUzFKLzJgUWj3Zw-31loseyhuFvh7HSwz7mDW-lFds12i3OOwAqYu3HL6zCbStXZtUDWTgUFk84FUmz9g-5Ol73ew1r9VLL5qQWiSo_OGSPNygBUko4sxOfKrTk7HYL3-eYK9MhcHfalr9HyME1geXN-S7kIbOJNUxctenOcoQs55wua6FIQpiaPaEMpXriyuGqCi754Q2KP9_0QJbHOQ_fU6gWHXKG8UWAy30XA5G9au493gINdv49a-HFI6wJpvV3ZZPjrZ82l34GC5Rz9BshQ0CKVM_ZSTuppjLKztPow0d4Sao-vTnRmFV9M0W9hbRQRtLpzlgEYBNiQ6b6H9wP2bUaur5kC-nFrUDdmHjsCLPLl54lktUqJ6hevWdJENUFm-krTxJkT3-nl3gLupRqf9A68yg8gtrOH5omi1Pz1qFE5w-PMDwo8PGzaah58oVoJqvRQ4lGd4V5_Hp1QjOd5RK1zPWWhRpzZODAMfFOkElmkVZCIF30piuKAgTGxezEIi-QatOkzXUJ8romdxpZPBnjYyFoI3LCrWfTNzOBQZLO1Nnm2M72bJrtkpA0tpox9EdARg8CM22Hyjcx-J2_0CB92jsmGvLfYmf9Lprwd2oIFdesWzwmy0wggU2kiOmIgV1CBSP4TeeZ_wzvVaVo0qQfiVKK0nQ_HiqDCqMjdo7SzcswCLhAQcTDO1f1csLucYvy37zgSzM_GdYxBxeK9p3MsqTXP-KtSUefRLtQ&sp=${SECOND_PRICE}&cpa=adcc4d40-07ba-4f8c-a53c-4d905492b13e&format=default-slide-b_r-body HTTP/1.1
Host: pn.bquildna43.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: application/json
content-length: 0
location: https://12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: 2357.0=1; expires=Mon, 30 Jan 2023 20:46:32 GMT; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9yWA0Wp3HBTChGYkdPIOZiu2d4eAkh14IiXh%2B5THusFGDSJTi%2B6E5Lbl23EIWK%2FRld7HlTfTWqizy8p8IhJtjvv%2BPyKsPttChSDIJxuGqtcQGiV1i%2B8jFmbTH%2B4dC2SO4Bs%2B88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d163bd200b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
94.130.197.140200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP 94.130.197.140:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=97c336a8-1121-4e33-ab80-89441703666f&mlc=1&format=default-slide-b_r-body
94.130.197.140200 OK 790 B URL HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=97c336a8-1121-4e33-ab80-89441703666f&mlc=1&format=default-slide-b_r-body
IP 94.130.197.140:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?mlf=1&cpa=97c336a8-1121-4e33-ab80-89441703666f&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9367efd4cd0b294bb72eaeb7bcc63e9e
8a10f50b169bf0929fd0b8c8decd210b389170e2
78f781db103a6e29e3dcfc3412ce7d3fc7f209210f2b88c69e205a9d113e06b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 20:46:33 GMT
Last-Modified: Sun, 29 Jan 2023 20:17:59 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
45.133.44.24200 OK 2.9 kB URL HTTP/2 12112336.pix-cdn.org/m/p/0/374/374538/conversions/6OTjphwd-minify.jpg
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3\012- data
Hash 66098442dc8934e8c6f5351e39d40e71
6bdebd9a664636433febe19afd7a5b37bff07126
b264aead392358ee4523a21bdd6726c1ec24c6ff849dbdf07dfd15bc6dedff4e
GET /m/p/0/374/374538/conversions/6OTjphwd-minify.jpg HTTP/1.1
Host: 12112336.pix-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:33 GMT
content-type: image/jpeg
content-length: 2921
server: nginx/1.12.2
last-modified: Sat, 30 Jul 2022 08:17:53 GMT
etag: "62e4e931-b69"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/380634?v2=1&fill=0&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25&s2=%25subid2%25
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/spots/380634?v2=1&fill=0&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25&s2=%25subid2%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/380634?v2=1&fill=0&kw=korean%20bj%2Ckbj%2Cchaturbate%2Conlyfans%2Cfantrie%2Cpandatv%2Cwinktv%2Cflextv%2Cpopkontv%2Cchaturbate.com%2Conlyfans.com%2Cfantrie.com%2Cwinktv.co.kr%2Cpandalive.co.kr%2Cflextv.co.kr%2Cpopkontv.com&s1=%25subid1%25&s2=%25subid2%25 HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Cookie: nauid=tdDVsKvJORRuEOUu0px1; __cf_bm=KFYSjzNQyl374csZtNVlABgyLYt7qKENnDdf5kkUA74-1675025189-0-Af22x1mHSEtq8fcqoquv33jp+6xEXW9sulaGykxewHc+V8DaljHAHnTNbpX3bQMY33aSVtLQqY3cXPrHdFMkJokyKbc9I/BCvdpjq9Srf+cFB/NdAHmFRfG2FRB1EGRypolUzS8upA563G4aaYF/sVc=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://kbjfree.com
access-control-expose-headers: X-Asg-Config, X-t
x-t: 0
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Sun, 29 Jan 2023 20:51:30 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S872812440%3A1675025192435541&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfcQ0Ci_W235AgVUR5T7gwpJS528XpbjXBX2HsYQECCXdJPAKG40aX4wy-vwQHXaZFYsAQboQ
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S872812440%3A1675025192435541&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfcQ0Ci_W235AgVUR5T7gwpJS528XpbjXBX2HsYQECCXdJPAKG40aX4wy-vwQHXaZFYsAQboQ
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S872812440%3A1675025192435541&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHfcQ0Ci_W235AgVUR5T7gwpJS528XpbjXBX2HsYQECCXdJPAKG40aX4wy-vwQHXaZFYsAQboQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 29 Jan 2023 20:46:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-QjF6bG3KkFYa_JHQPB2aRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
kbjfree.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.234.26200 OK 0 B URL HTTP/2 kbjfree.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.234.26:0
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/model/imzi95
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3UShOjc0H2sUv7AQKtYaiceOwptTDDi%2FoKtUfTuaqb2RaC%2BuZXGhfQPeyzjhkHD4%2B7dK6uNkEEkAxUah2x1zYEQrVHRLXgmptaA%2BtBXQgN3pDnyb%2F6fRdyj0lHLsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d1445d837780-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 31 Jan 2023 20:46:28 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
kbjfree.com/banner_2.svg
104.21.234.26200 OK 0 B IP 104.21.234.26:0
GET /banner_2.svg HTTP/1.1
Host: kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/model/imzi95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: image/svg+xml
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: public, max-age=14400
last-modified: Tue, 11 Oct 2022 12:27:32 GMT
etag: W/"22cb-183c703b320"
vary: Accept-Encoding
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nhXyBunWO5O7Qpgv2EQ90cpbWbmwNLds1fz2LyZYQ%2BatlMaa25IZao8Ajf5F0KTuVrgQSqfdzTcEPcKu%2B0yz1SYhfIuW1ESSFEL%2B5RqR%2BjHdstkEuotDr9K0HH%2FnaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d1445d7e7780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slave.kbjfree.com/api/settings/367171
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/settings/367171
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/settings/367171 HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.16200 OK 0 B URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://slave.kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: application/javascript
etag: W/"c86623937323852b5fe82a29fcb"
expires: Tue, 24 Jan 2023 13:18:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675030828
server: CDN77-Turbo
x-77-nzt: AblMCQ0QbVX/KBQAAA
x-77-nzt-ray: c0a4cc28783d72fb24dbd6633fa65437
x-cache: HIT
x-age: 5160
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.205.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Mz1eIGshDwmkCILPW0SWYw0PYPSo7hA4J6g/hUEfyycWYj4bs5GhnBlfn6lMdO9VxRjTbf2SxfShHJCx9syXCQ==
date: Sun, 29 Jan 2023 20:46:32 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: text/plain
set-cookie: csu=1067837060875328@1@1675025192; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://kbjfree.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CehjH0yi146j%2F301dkAIR3dHsuHUvpu2uLFX0IvBDt8gOxOIOIUnCgu7U9Qb748kbFk9Y0msTxoR9xUDq0l52mkI%2B%2B7Sye9i%2BvD4Rx48i1S3amriehqNYj%2BLernEoiqT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d15cca3376a4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slave.kbjfree.com/api/spots/367167?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 slave.kbjfree.com/api/spots/367167?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/367167?p=1&s1=%subid1%&kw= HTTP/1.1
Host: slave.kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=tdDVsKvJORRuEOUu0px1; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d144c95eb4ed-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
iifvcfwiqi.com/get/1949853?zoneid=1949853&jp=_cl193uuqsom584931vicis&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4894849055429805
62.122.171.6200 OK 0 B URL HTTP/2 iifvcfwiqi.com/get/1949853?zoneid=1949853&jp=_cl193uuqsom584931vicis&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4894849055429805
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1949853?zoneid=1949853&jp=_cl193uuqsom584931vicis&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4894849055429805 HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2301291546d0cf5a69b9464dbeb1cd63d7fc; Path=/; Expires=Mon, 29 Jan 2024 20:46:28 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 0 B IP 172.64.198.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kbjfree.com/
Origin: https://kbjfree.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:32 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://kbjfree.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sun, 29 Jan 2023 18:37:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bf0OPOt6RUtXJT7rbXbmoPJ9glK%2FgMe1rey%2FTKHG%2FC0%2BhJPzLXSa3akQ94UGABHHUyM9ny0IQzRuiT26UvQ%2FEPK6Z0Ye%2BulC3kvrdmCpPit3vQnvYKtw7vHh5o8fDy2L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7914d15cca3b76a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kbjfree.com/_next/static/css/e06defdae6c0cd95.css
104.21.234.26200 OK 0 B URL HTTP/2 kbjfree.com/_next/static/css/e06defdae6c0cd95.css
IP 104.21.234.26:0
GET /_next/static/css/e06defdae6c0cd95.css HTTP/1.1
Host: kbjfree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/model/imzi95
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-bgj: minify
cf-polished: origSize=14358
etag: W/"3816-185e77d9448"
last-modified: Wed, 25 Jan 2023 05:54:05 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 398717
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exZ2Jrg6cVlpnp1Y5Luip83mxRFYPY8eIGeOw2uobIZoFpqLlm9uXOo6HKOzP3lwWauW7JB5qeT03zAZwm9Bk0mko1I%2FYfO37388iVQO485JVavKqvfvkH0x4XKpew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7914d1445d767780-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.intelligenceadx.com/js-data-firebase.min.js
185.76.9.15200 OK 0 B URL HTTP/2 www.intelligenceadx.com/js-data-firebase.min.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /js-data-firebase.min.js HTTP/1.1
Host: www.intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kbjfree.com
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Fri, 03 Feb 2023 05:12:30 GMT
access-control-allow-origin: *
link: <https://intelligenceadx.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1675401150
server: CDN77-Turbo
x-77-nzt: AblMCQ1Qebb/5n0DAA
x-77-nzt-ray: c0a4cc28db3fa3f824dbd663fd986229
x-cache: HIT
x-age: 228838
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
a.realsrv.com/js.php?t=17&idzone=4737578
185.76.9.16200 OK 0 B URL HTTP/2 a.realsrv.com/js.php?t=17&idzone=4737578
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /js.php?t=17&idzone=4737578 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d6db25b1c5f1.378243011294171488%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22108.0199%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 20:46:30 GMT
content-type: application/javascript
expires: Sun, 29 Jan 2023 17:55:07 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1675025217
server: CDN77-Turbo
x-77-nzt: AblMCQ0fBqb/FSoAAA
x-77-nzt-ray: c0a4cc28783d72fb26dbd6632ecf3917
x-cache: HIT
x-age: 10773
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
iifvcfwiqi.com/lv/esnk/1949853/code.js
62.122.171.6200 OK 0 B URL HTTP/2 iifvcfwiqi.com/lv/esnk/1949853/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1949853/code.js HTTP/1.1
Host: iifvcfwiqi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kbjfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 20:46:28 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 13:21:09 GMT
vary: Accept-Encoding
etag: W/"63d27e45-1a2c5"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2