Report - 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm

Report Overview

Submitted URL
50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0
IP
172.67.214.84
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-02 12:25:29
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cm.g.doubleclick.net	202	2012-05-22T11:58:28Z	2023-03-13T08:33:33Z	1.8 kB	541 B	142.250.74.98
kimberlite.io	166512	2017-09-14T07:18:59Z	2023-03-12T20:22:58Z	405 B	640 B	80.78.249.201
s.uuidksinc.net	3423	2015-07-20T14:00:35Z	2023-03-13T05:57:41Z	631 B	358 B	31.220.27.134
rtb.com.ru	26476	2015-11-23T16:25:15Z	2023-03-13T06:07:27Z	864 B	4.0 kB	83.222.114.189
dmpprof.com	19328	2020-05-10T17:06:33Z	2023-03-13T05:57:42Z	425 B	942 B	85.192.12.173
dmg.digitaltarget.ru	21471	2015-04-23T16:50:51Z	2023-03-13T06:26:03Z	914 B	1.4 kB	185.15.175.174
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	5.7 kB	15 kB	23.33.119.27
uuidksinc.net	3420	2015-05-31T10:43:35Z	2023-03-13T05:57:41Z	517 B	1.4 kB	31.220.27.134
ssp-rtb.sape.ru	31166	2016-02-02T18:01:03Z	2023-03-13T08:33:52Z	556 B	859 B	193.3.184.200
acint.net	22962	2014-02-14T22:23:16Z	2023-03-13T08:33:52Z	631 B	537 B	193.3.184.226
sm.rtb.mts.ru	27154	2019-03-26T15:10:01Z	2023-03-13T08:33:52Z	736 B	1.0 kB	217.66.147.37
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.163
hdtcode.com	unknown	2019-05-01T19:48:45Z	2023-03-13T07:10:36Z	778 B	544 B	185.196.197.130
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
sartojelius.com	unknown	2021-12-24T08:04:06Z	2023-03-13T07:10:38Z	2.1 kB	5.8 kB	88.208.46.22
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.20.226
www.acint.net	29072	2014-02-14T22:23:16Z	2023-03-13T08:33:52Z	1.0 kB	1.6 kB	193.3.184.226
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.21.226
50.biqund.com	unknown	2022-06-09T13:24:50Z	2023-03-01T15:34:08Z	3.5 kB	52 kB	172.67.214.84
d.uuidksinc.net	807677	2015-07-21T09:00:45Z	2023-03-02T15:04:54Z	920 B	426 B	31.220.27.134
dm-eu.hybrid.ai	28847	2021-01-25T12:48:59Z	2023-03-13T06:16:11Z	407 B	528 B	37.18.103.21
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.93.186
ocsp.usertrust.com	899	2012-05-21T17:43:18Z	2023-03-13T08:38:38Z	342 B	1.0 kB	172.64.155.188
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
kadam-sync.rutarget.ru	unknown	2017-02-01T20:16:37Z	2023-03-02T15:04:53Z	381 B	415 B	188.72.107.156
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	44 kB	34.120.237.76
fcgi4.gnezdo.ru	69027	2020-06-11T14:55:54Z	2023-03-13T05:57:42Z	1.3 kB	17 kB	93.95.102.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-02 12:25:45	low	172.67.214.84	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	77 B	2023-03-08	2023-04-02
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:15:07 Last Seen2023-04-02 21:18:42 Times Seen11 Hash e0a84365c627d500de4a58d8e0d590ac 379a4ab28f26004ab66dfff739f004ff7eba1c2a bab5d2f5fdb678e12a017d336165de8f48e507774e0d02167ebb76882930d113 Loading...

	uuidksinc.net/matchx	2.1 kB	2023-03-13	2023-03-13
Pretty URL uuidksinc.net/matchx IP 31.220.27.134 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:33:23 Last Seen2023-03-13 15:00:10 Times Seen1 Hash 8b53de2d4f103588726a65083f110df1 316a3b2d0ddd75c492835c7f00b5b74f48a0e8ca da14dc8e21f8c4e3999a3ce18843f65b6bf6eccaa2656ec6bbfab52908becb0a Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	2.2 kB	2023-03-07	2024-03-29
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2024-03-29 16:46:43 Times Seen189 Hash a40976860ec9865090d3e26ffc73cc94 40f16d9869020c5752974e91bd792ba0d1f015e8 65ba0a06506d4e77ec12f1f4f2a2b0709d8a90c5fbf1a56605433347a396f630 Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	4.8 kB	2023-03-13	2023-03-13
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:00:10 Last Seen2023-03-13 15:00:10 Times Seen1 Hash 048e6df7c70e759910ddb46d71e35fff 0526adef78c9effab8c795082be20fd2633198ed 13d1403c90612d8de15c59ad60dc341ddaa484b4a277e4e76dbe86587d563e52 Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	157 B	2023-03-08	2023-04-02
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:15:07 Last Seen2023-04-02 21:18:42 Times Seen11 Hash 95e3361a66cb84959c93cbefa6421e1c 4ded388f5710fc0b8e2ddb171c29d433efd9f3c7 1b9ad7602755dc40a1462979bd7d054550396d070782786f82c3202b1d5e1b4a Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	695 B	2023-03-07	2024-03-29
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:08:17 Last Seen2024-03-29 16:46:43 Times Seen193 Hash 9e8d92218ee3ebc50c02807f95053e1d 471165c67069eb5e4a1a96bf3de5f2da1c8a1dff a7f50ca9fb45ef36eadc0461fd33f27d2f3032fcec793bcc869c43dba2b5bb73 Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	1.2 kB	2023-03-13	2023-03-13
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:00:10 Last Seen2023-03-13 15:00:10 Times Seen1 Hash 9b082b4a02eac68530003d081fde0452 92d5203b4019ca9a1ea55fde807e288946735dd9 5d49672b2c02c41e66c9a72900a184c3eb552ff8a175f3fdfc3893377b903622 Loading...

	50.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=26670	43 kB	2023-03-12	2023-03-14
Pretty URL 50.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=26670 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:21:56 Last Seen2023-03-14 13:41:08 Times Seen1 Hash 3f3c44b4999fc05fd33780711f7c6842 f2c559e2403d0f4fe3948f3a45df5ee950a801e1 a24f46d0467ad0952d3cdf750b194341fa03d469620a090aa54f0c678367ceb7 Loading...

	50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0	30 kB	2023-03-08	2023-04-05
Pretty URL 50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 IP 172.67.214.84 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:34:27 Last Seen2023-04-05 01:43:15 Times Seen50 Hash bf5dc2d632990314fa3957bdb7947884 6a3b42f424a7303c46eeedd22ec858d9790db2f4 8c1d60c3544f3a192dd78007c6b2a1f44fe9c576491f2ca85389d4e02cc94cb3 Loading...

HTTP Transactions (64)

URL IP Response Size

50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0

172.67.214.84

200 OK

25 kB

URL HTTP/1.1
50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0
IP
172.67.214.84:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12693), with CRLF, LF line terminators
Size
25 kB (25278 bytes)
Hash
114589a50637859ecbc29443e90ea845
99543c05e0347acb1eb15c26555612f746d138ce
bfbf751f81a1d68d723f7c9ff4acb07f0295290ec3446432ace98fb3f9a355db

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1

HTTP Headers

GET /index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0 HTTP/1.1
Host: 50.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sd5wkW5XnffnAZt1Kami2hifM1NljaSNBsBJRSp2LTc%2BxJEjj%2BU%2FRw2xV%2Be9j5rXaZ6dXKIDX1P5X37R0bJzYvH5qxT7KeMNCTIRl5UShuN7d%2F1nO8MojOnv%2BjMkgJvU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8a51dcc1c02-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12485
Expires: Thu, 02 Feb 2023 15:53:24 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5409
Expires: Thu, 02 Feb 2023 13:55:28 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 11:43:31 GMT
content-type: application/json
age: 2508
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8557
Expires: Thu, 02 Feb 2023 14:47:56 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: FMIQC9o+4/efx6rFxxMSsEgJrOIWA0SZKVJOPltOPFBl3H/4dO3KVrPxu8ujmRPDO+hnVpfq0Ac=
x-amz-request-id: A6Z79KZ0EXGC2HSY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 12:23:06 GMT
age: 133
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

50.biqund.com/assets/styles/arrow.css?v1

172.67.214.84

200 OK

2.1 kB

URL HTTP/1.1
50.biqund.com/assets/styles/arrow.css?v1
IP
172.67.214.84:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.1 kB (2149 bytes)
Hash
42f2eac8fc2d717d43b63c19404d009d
f160ecec8abed0763a70ab4c412697cb661bb9a7
2c64ecb52bdbe782356e6b4c2763127a375d1114c858011f73455cfd27232efc

HTTP Headers

GET /assets/styles/arrow.css?v1 HTTP/1.1
Host: 50.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: W/"636262bc-1a14"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4412
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QquO67IcrY%2Be95M6%2BHYmf1IKCyAZN%2BnMnZCJ%2Bv1CkEwUBjkAqn74EUM9DcagtBx6TNrUo5rTrEA6DGsAeDr0Rk7Ws2AMvkwoCA6ZOKZ%2FPKj%2F8v92ZVIUYxDv6%2FQm3Hid"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8a72fad1c02-OSL
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:25:19 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

50.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=26670

172.67.214.84

200 OK

17 kB

URL HTTP/1.1
50.biqund.com/199f8c6.php?utm_source=ogdd&utm_campaign=26670
IP
172.67.214.84:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (42846), with no line terminators
Size
17 kB (17297 bytes)
Hash
671e8353a6488581dd408c2954905b90
113e8c5db5ff113d4eb0c4b7b1f8e516dd5997d0
13125afb040d05352412b5ca59e0da474941a6c5c8616c02301fb1fb5e90eb0b

HTTP Headers

GET /199f8c6.php?utm_source=ogdd&utm_campaign=26670 HTTP/1.1
Host: 50.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C5v7z1zMm94xORFQRFdVHNkne%2FfkJ3asQkbavP1AOu7ZWOj8ZRywW37IegMN1Ng1Q7qyVmKONBLKpxfwWACMezcG97TL3Q2tl6aPaPvWzptdFNZqgDVUMiIUmx6Xi%2F5N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7932e8a72ef50b51-OSL
alt-svc: h2=":443"; ma=60

50.biqund.com/favicon.ico

172.67.214.84

200 OK

4.0 kB

URL HTTP/1.1
50.biqund.com/favicon.ico
IP
172.67.214.84:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
4.0 kB (4016 bytes)
Hash
a51793fe0317686ba089709c57a35b1a
61575816c708298644a9c26859edc3a17ae91ebd
b81a8f8301df8f22e0ca12689afd9855d710026631f486c9538fdb08b129b084

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 50.biqund.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://50.biqund.com/index/m3?diff=0&utm_source=ogdd&utm_campaign=26670&utm_content=&utm_clickid=hc8s0o8os4488wk8&aurl=https:/d6.hotplayer.ru/downloadm/8d08914ff7ba8fae62da8bab36b89643/54701229_456241560/796bc175f275-11faaddb7f0-f00c18475c3/%D0%B4%D0%BE%D0%BB%D0%B1%D0%B0%D1%91%D0%B1%20-%20%D0%B2%D0%B8%D0%BA%D1%82%D0%BE%D1%80%20%D1%86%D0%BE%D0%B9%20%D1%81%D0%B8%D0%B4%D0%B8%D1%82%20%D0%B8%20%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B8%D1%82%20%D0%BD%D0%B0%20%D0%BF%D1%80%D0%BE%D1%82%D1%8F%D0%B6%D0%B5%D0%BD%D0%B8%D0%B8%20%D0%BC%D0%B8%D0%BD%D1%83%D1%82%D1%8B.mp3?play&an=&utm_term=&site=&isubs=0

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 12:29:48 GMT
ETag: W/"636262bc-1007"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4412
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmY9jeV7YCiF6DOeJRa67ADDdHeUKl9lGajEBFT9NeHbq%2F4x%2Bhc8zafv4x%2FPas4FuWZEHnhH9aGK%2FGAOTS8zwYU8xXyZ8etKw%2Bq4U837QhXFvepaZhV9eQEBlmONCFxB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8a828010b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
14672c54ecc880f0a3b0b3be8bb3aa8f
79d44e4380222773fb11678c58a0c4c470a46b57
41f3cbae3e0eaaeb020f29c665e4fcebad612839f6b467a17eed3fb6be6e4182

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41F3CBAE3E0EAAEB020F29C665E4FCEBAD612839F6B467A17EED3FB6BE6E4182"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17911
Expires: Thu, 02 Feb 2023 17:23:50 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
13407c2147fc2d590f4032f46ed3d723
c719ff7116ddcfc8c9ef85b697387a29800a4b38
1c3873e6eab69fc2f505697b556449a9a2a49164fa6cccfd3d26f429864886c4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C3873E6EAB69FC2F505697B556449A9A2A49164FA6CCCFD3D26F429864886C4"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10230
Expires: Thu, 02 Feb 2023 15:15:49 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

sartojelius.com/84280

88.208.46.22

200 OK

3.2 kB

URL HTTP/1.1
sartojelius.com/84280
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (3244), with no line terminators
Size
3.2 kB (3244 bytes)
Hash
e798965e7f8adc6bf5180cc67424876b
805cef75cb1b06650e9165d13abbf2e514bb298e
477f69b4334e8ce7041d1fbbdf62559642c5835a4c579179193586005b890f15

HTTP Headers

POST /84280 HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://50.biqund.com/
Content-Type: text/plain;charset=UTF-8
Origin: http://50.biqund.com
Content-Length: 238
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://50.biqund.com
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Set-Cookie: userid=a82f813b-405c-4adc-b1ac-e1603a5e285f; expires=Wed, 02-Feb-2028 12:25:19 GMT; Path=/; SameSite=None; Secure
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

hdtcode.com/event?data=&id=10

185.196.197.130

200 OK

0 B

URL HTTP/2
hdtcode.com/event?data=&id=10
IP
185.196.197.130:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?data=&id=10 HTTP/1.1
Host: hdtcode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://50.biqund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:19 GMT
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

hdtcode.com/event?data=&id=30

185.196.197.130

200 OK

0 B

URL HTTP/2
hdtcode.com/event?data=&id=30
IP
185.196.197.130:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /event?data=&id=30 HTTP/1.1
Host: hdtcode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://50.biqund.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:19 GMT
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

sartojelius.com/event/set

88.208.46.22

200 OK

20 B

URL HTTP/1.1
sartojelius.com/event/set
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

POST /event/set HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://50.biqund.com/
Content-Type: text/plain;charset=UTF-8
Origin: http://50.biqund.com
Content-Length: 116
Connection: keep-alive
Cookie: userid=a82f813b-405c-4adc-b1ac-e1603a5e285f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: http://50.biqund.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Encoding: gzip

sartojelius.com/js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f

88.208.46.22

302 Found

0 B

URL HTTP/1.1
sartojelius.com/js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://50.biqund.com/
Cookie: userid=a82f813b-405c-4adc-b1ac-e1603a5e285f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f; expires=Sat, 04-Mar-2023 12:25:19 GMT; Path=/; domain=.sartojelius.com; SameSite=None; Secure
Location: https://s.uuidksinc.net/match/1165/?remote_uid=a82f813b-405c-4adc-b1ac-e1603a5e285f&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3Da82f813b-405c-4adc-b1ac-e1603a5e285f%26oid%3D%5BUID%5D
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 11:49:05 GMT
age: 2174
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5aa03d944374e364d4fdbb8f9cbf95e
43e3c5a8a5ff027de3c9ad9a41b572e4f33e72f9
483314668ec3c34108277a26d39a4282ce255e416cb5cec43e3d30d5340b8138

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "483314668EC3C34108277A26D39A4282CE255E416CB5CEC43E3D30D5340B8138"
Last-Modified: Wed, 01 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12324
Expires: Thu, 02 Feb 2023 15:50:43 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12711
Expires: Thu, 02 Feb 2023 15:57:10 GMT
Date: Thu, 02 Feb 2023 12:25:19 GMT
Connection: keep-alive

s.uuidksinc.net/match/1165/?remote_uid=a82f813b-405c-4adc-b1ac-e1603a5e285f&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3Da82f813b-405c-4adc-b1ac-e1603a5e285f%26oid%3D%5BUID%5D

31.220.27.134

302 Found

0 B

URL HTTP/2
s.uuidksinc.net/match/1165/?remote_uid=a82f813b-405c-4adc-b1ac-e1603a5e285f&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3Da82f813b-405c-4adc-b1ac-e1603a5e285f%26oid%3D%5BUID%5D
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match/1165/?remote_uid=a82f813b-405c-4adc-b1ac-e1603a5e285f&cb_url=https%3A%2F%2Fsartojelius.com%2Fjs%2Fcs%3Fuuid%3Da82f813b-405c-4adc-b1ac-e1603a5e285f%26oid%3D%5BUID%5D HTTP/1.1
Host: s.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://50.biqund.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:19 GMT
content-length: 0
location: https://sartojelius.com/js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f&oid=gZOR3EVq9GnqBtdDCELx
set-cookie: jcsuuid=gZOR3EVq9GnqBtdDCELx; expires=Fri, 02 Feb 2024 12:25:19 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

sartojelius.com/js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f&oid=gZOR3EVq9GnqBtdDCELx

88.208.46.22

200 OK

43 B

URL HTTP/1.1
sartojelius.com/js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f&oid=gZOR3EVq9GnqBtdDCELx
IP
88.208.46.22:0
ASN
#39572 DataWeb Global Group B.V.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /js/cs?uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f&oid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: sartojelius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://50.biqund.com/
Connection: keep-alive
Cookie: userid=a82f813b-405c-4adc-b1ac-e1603a5e285f; uuid=a82f813b-405c-4adc-b1ac-e1603a5e285f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:25:19 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: oid=gZOR3EVq9GnqBtdDCELx; expires=Sat, 04-Mar-2023 12:25:19 GMT; Path=/; domain=.sartojelius.com; SameSite=None; Secure
Accept-CH: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version

push.services.mozilla.com/

54.149.93.186

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.93.186:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FomT2Q/hVyZlQJL49VNbxQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iK/vVUQaMgt2KenRuE9Jz/bCSnM=

uuidksinc.net/matchx

31.220.27.134

200 OK

1.2 kB

URL HTTP/2
uuidksinc.net/matchx
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2109)
Size
1.2 kB (1196 bytes)
Hash
77fe7fc22142c92573ac61a8f41e2b8f
37e6340ab2bdd58e67113359675957d5a8e19aa0
1c9f4cd49eda1ab241a1172c64bc746fe71e921671b00d33c1255c13bf2ac221

HTTP Headers

GET /matchx HTTP/1.1
Host: uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://50.biqund.com/
Cookie: jcsuuid=gZOR3EVq9GnqBtdDCELx
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d82139609e323e908fac5d93cc352a0
16464d86dbab5ffda5e66d870c5d139ee69f9422
dafce9d952b644da844563623a477eec073d696e74275b56b8329ed44b64aa57

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAFCE9D952B644DA844563623A477EEC073D696E74275B56B8329ED44B64AA57"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3464
Expires: Thu, 02 Feb 2023 13:23:04 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
d0237084bb714e664f1264ed91ada03b
d1737e23291ee1362ab6706efd789ce0da24492a
ab1dd5e3ddba24d6b40d9d14794c9dc08bd3d96dc490d400c11a7bbee1d6583f

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 06 Feb 2023 09:13:26 GMT
ETag: "d1737e23291ee1362ab6706efd789ce0da24492a"
Last-Modified: Thu, 02 Feb 2023 09:13:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 101
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8aedeebb4f4-OSL

dm-eu.hybrid.ai/match?id=158&vid=gZOR3EVq9GnqBtdDCELx

37.18.103.21

204 No Content

0 B

URL HTTP/2
dm-eu.hybrid.ai/match?id=158&vid=gZOR3EVq9GnqBtdDCELx
IP
37.18.103.21:0
ASN
#205675 Hybrid LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match?id=158&vid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: dm-eu.hybrid.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Thu, 02 Feb 2023 12:25:20 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=9108ac33326820293345; Expires=Fri, 02 Feb 2024 12:25:19 GMT; Domain=.hybrid.ai; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 510
x-xss-protection: 1; mode=block
access-control-allow-origin: https://uuidksinc.net
access-control-allow-credentials: true
server: Hybrid Web Server
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
841decbded24a72bf9db2d73a5496128
52dc79bf8713e35e0c4ed18adf8ef7947fd16b7c
1ded9d10ed73c2515cd15bde23f64ca4b35f45d0519de634c32937bf8541cfad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DED9D10ED73C2515CD15BDE23F64CA4B35F45D0519DE634C32937BF8541CFAD"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5131
Expires: Thu, 02 Feb 2023 13:50:51 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

www.acint.net/rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx

193.3.184.226

302 Found

154 B

URL HTTP/2
www.acint.net/rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx
IP
193.3.184.226:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?dp=191&r=https://d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: openresty
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: text/html
content-length: 154
location: /rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx&dp=191&tc=1
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Thu, 02-Feb-23 12:35:20 GMT
aid=CkIDFWPbq7A0WRNhrGGWAopNkBNPmQwWfDjFK0RZxVsESOoj; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2

kimberlite.io/rtb/sync/kadam?u=gZOR3EVq9GnqBtdDCELx

80.78.249.201

307 Temporary Redirect

0 B

URL HTTP/1.1
kimberlite.io/rtb/sync/kadam?u=gZOR3EVq9GnqBtdDCELx
IP
80.78.249.201:0
ASN
#197695 Domain names registrar REG.RU, Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rtb/sync/kadam?u=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: kimberlite.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Length: 0
Connection: keep-alive
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: u=Y9ursPfwdVc~mWlerFJCRuTytXAREyKyS4R9Jr8; path=/; max-age=7776000; samesite=none; httponly; secure
f=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F499%2F%3Fremote_uid%3DY9ursPfwdVc; max-age=30; samesite=none; httponly; secure
n=1; max-age=30; samesite=none; httponly; secure
location: https://sm.rtb.mts.ru/p?ssp=toptraffic&id=Y9ursPfwdVc
referrer-policy: no-referrer
server-timing: app;srv=3;dur=0.0003

www.acint.net/rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx&dp=191&tc=1

193.3.184.226

302 Found

154 B

URL HTTP/2
www.acint.net/rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx&dp=191&tc=1
IP
193.3.184.226:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx&dp=191&tc=1 HTTP/1.1
Host: www.acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission; aid=CkIDFWPbq7A0WRNhrGGWAopNkBNPmQwWfDjFK0RZxVsESOoj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: openresty
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: text/html
content-length: 154
location: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253DgZOR3EVq9GnqBtdDCELx&dp=14
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
set-cookie: cSyncDp14v3=1675340720; expires=Sat, 04-Mar-23 12:25:20 GMT; path=/; Secure; SameSite=None; domain=.acint.net
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b0cfb38a660eea768ac4ce59aaecf86
9ed5da9144c35d7686fa865f0f66858666df1194
2838237a654b7645297c92b273180708e5aaa4d2ebcda3de4481d699774c6956

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2838237A654B7645297C92B273180708E5AAA4D2EBCDA3DE4481D699774C6956"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13031
Expires: Thu, 02 Feb 2023 16:02:31 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

rtb.com.ru/kadam-sync?uid=gZOR3EVq9GnqBtdDCELx

83.222.114.189

302 Found

89 B

URL HTTP/1.1
rtb.com.ru/kadam-sync?uid=gZOR3EVq9GnqBtdDCELx
IP
83.222.114.189:0
ASN
#42632 MnogoByte LLC

File type
HTML document, ASCII text
Size
89 B (89 bytes)
Hash
e66e13db6e636f829b1b745a9da1866e
ec8b515aa3823c9702bf76696a8b494bc8aea553
4dfd6b744a12c9687eb29e450160e7247e5f06534788c2cf46c883408c63c766

HTTP Headers

GET /kadam-sync?uid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: rtb.com.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 89
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: /sync?noRedirect=&sspKey=60&sspUserID=gZOR3EVq9GnqBtdDCELx
P3p: CP="rtb.com.ru does not have a P3P policy"
Set-Cookie: as-user=63dbabb08e88142b63b63090; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
625db98ded64d33f3649378918788897
e48be419f8559bf38d62d48bb391251f40553fcf
934f40c7f5a20e2d2f241da3087d4166bcb2481a6ee6e3970c93b8ccfeddf543

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "934F40C7F5A20E2D2F241DA3087D4166BCB2481A6EE6E3970C93B8CCFEDDF543"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1590
Expires: Thu, 02 Feb 2023 12:51:50 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

dmpprof.com/matching/external/pixel.gif?sid=14&uid=gZOR3EVq9GnqBtdDCELx

85.192.12.173

200 OK

43 B

URL HTTP/2
dmpprof.com/matching/external/pixel.gif?sid=14&uid=gZOR3EVq9GnqBtdDCELx
IP
85.192.12.173:0
ASN
#12695 LLC Digital Network

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /matching/external/pixel.gif?sid=14&uid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: dmpprof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: image/gif
content-length: 43
last-modified: Thu, 02 Feb 2023 12:25:20 GMT
expires: Wed, 11 Nov 1998 11:11:11 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: nmatch=14_gZOR3EVq9GnqBtdDCELx; expires=Fri, 03 Feb 2023 00:25:20 GMT; path=/; secure; SameSite=None
uid=temp-91.90.42.154-; expires=Thu, 02 Feb 2023 14:25:20 GMT; path=/; secure; SameSite=None
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH, GET, POST, OPTIONS
access-control-allow-headers: Origin,Content-Type,Accept,Authorization,X-Requested-With, DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
X-Firefox-Spdy: h2

ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253DgZOR3EVq9GnqBtdDCELx&dp=14

193.3.184.200

302 Moved Temporarily

142 B

URL HTTP/1.1
ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253DgZOR3EVq9GnqBtdDCELx&dp=14
IP
193.3.184.200:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
142 B (142 bytes)
Hash
82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c

HTTP Headers

GET /rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fd.uuidksinc.net%252Fmatch%252F383%252F%253Fremote_uid%253DgZOR3EVq9GnqBtdDCELx&dp=14 HTTP/1.1
Host: ssp-rtb.sape.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Type: text/html
Content-Length: 142
Connection: keep-alive
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Location: https://acint.net/rmatch?dp=14&euid=3203420AB0ABDB634C00859002E04043&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Set-Cookie: sspuid=CkIDMmPbq7CQhQBMQ0DgAl4KRpusLMTFkFVnn1QtZMzauRXj; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None

rtb.com.ru/sync?noRedirect=&sspKey=60&sspUserID=gZOR3EVq9GnqBtdDCELx

83.222.114.189

302 Found

1.5 kB

URL HTTP/1.1
rtb.com.ru/sync?noRedirect=&sspKey=60&sspUserID=gZOR3EVq9GnqBtdDCELx
IP
83.222.114.189:0
ASN
#42632 MnogoByte LLC

File type
HTML document, ASCII text, with very long lines (1534)
Size
1.5 kB (1536 bytes)
Hash
e9c6f35fa93ea95632b5502c2d06e39d
88185084ebd0c07b59b4bc8077256be257696397
5c6d447ba4650ec82532f955ce7c799fd487369b217f2ed2a62118bda351ee63

HTTP Headers

GET /sync?noRedirect=&sspKey=60&sspUserID=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: rtb.com.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: as-user=63dbabb08e88142b63b63090
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1536
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Location: https://cm.g.doubleclick.net/pixel?google_nid=adspend&google_cm&google_hm=63dbabb08e88142b63b63090&r=https%3A%2F%2Fprodmp.ru%2Frefocus.gif%3Fdsp_provider_id%3D2%26uid%3D63dbabb08e88142b63b63090%26duid%3DgZOR3EVq9GnqBtdDCELx%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D6472613%2526id%253D63dbabb08e88142b63b63090%2526dest%253Dhttps%25253A%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D63dbabb08e88142b63b63090%252526i%25253D5491247901896292591%252526r%25253Dhttps%2525253A%2525252F%2525252Fsync.1dmp.io%2525252Fpixel.gif%2525253Fcid%2525253Dfe2375b0-c617-4a6d-ab2d-f9f457ba8100%25252526pid%2525253Dw%25252526uid%2525253D63dbabb08e88142b63b63090%25252526ru%2525253Dhttps%252525253A%252525252F%252525252Fcm.p.altergeo.ru%252525252Fspnd%252525253Faid%252525253D63dbabb08e88142b63b63090%2525252526nc%252525253D2188086235371847917%2525252526url%252525253Dhttps%25252525253A%25252525252F%25252525252Fadx.com.ru%25252525252Fadspend-sync%25252525253Fuid%25252525253D63dbabb08e88142b63b63090%252525252526r%25252525253Dhttps%2525252525253A%2525252525252F%2525252525252Fan.yandex.ru%2525252525252Fsetud%2525252525252Fadspend%2525252525252F66BT5VW9mAupCghmcCqpA4%2525252525253Fsign%2525252525253D80112731%25252525252526location%2525252525253Dhttps%252525252525253A%252525252525252F%252525252525252Ftop-fwz1.mail.ru%252525252525252Fcounter%252525252525253Fid%252525252525253D3138228%252525252525253Bpid%252525252525253D63dbabb08e88142b63b63090
P3p: CP="rtb.com.ru does not have a P3P policy"
Set-Cookie: as-user=63dbabb08e88142b63b63090; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None

acint.net/rmatch?dp=14&euid=3203420AB0ABDB634C00859002E04043&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx

193.3.184.226

302 Found

154 B

URL HTTP/2
acint.net/rmatch?dp=14&euid=3203420AB0ABDB634C00859002E04043&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx
IP
193.3.184.226:0
ASN
#50214 QWARTA LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /rmatch?dp=14&euid=3203420AB0ABDB634C00859002E04043&r=https%3A%2F%2Fd.uuidksinc.net%2Fmatch%2F383%2F%3Fremote_uid%3DgZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: acint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission; aid=CkIDFWPbq7A0WRNhrGGWAopNkBNPmQwWfDjFK0RZxVsESOoj; cSyncDp14v3=1675340720
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: openresty
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: text/html
content-length: 154
location: https://d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2

d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx

31.220.27.134

200 OK

74 B

URL HTTP/2
d.uuidksinc.net/match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
74 B (74 bytes)
Hash
9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

HTTP Headers

GET /match/383/?remote_uid=gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=gZOR3EVq9GnqBtdDCELx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:20 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96c794fe0eb0984074775ba4e182ed9d
bd6f5a86011fa199bc4197a37fb84079eb487f7e
3f626fa9d03173ededfce2c39da3be2989781484ca87bed7d8a8fd0f68fb051b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F626FA9D03173EDEDFCE2C39DA3BE2989781484CA87BED7D8A8FD0F68FB051B"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5365
Expires: Thu, 02 Feb 2023 13:54:45 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:25:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cm.g.doubleclick.net/pixel?google_nid=adspend&google_cm&google_hm=63dbabb08e88142b63b63090&r=https%3A%2F%2Fprodmp.ru%2Frefocus.gif%3Fdsp_provider_id%3D2%26uid%3D63dbabb08e88142b63b63090%26duid%3DgZOR3EVq9GnqBtdDCELx%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D6472613%2526id%253D63dbabb08e88142b63b63090%2526dest%253Dhttps%25253A%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D63dbabb08e88142b63b63090%252526i%25253D5491247901896292591%252526r%25253Dhttps%2525253A%2525252F%2525252Fsync.1dmp.io%2525252Fpixel.gif%2525253Fcid%2525253Dfe2375b0-c617-4a6d-ab2d-f9f457ba8100%25252526pid%2525253Dw%25252526uid%2525253D63dbabb08e88142b63b63090%25252526ru%2525253Dhttps%252525253A%252525252F%252525252Fcm.p.altergeo.ru%252525252Fspnd%252525253Faid%252525253D63dbabb08e88142b63b63090%2525252526nc%252525253D2188086235371847917%2525252526url%252525253Dhttps%25252525253A%25252525252F%25252525252Fadx.com.ru%25252525252Fadspend-sync%25252525253Fuid%25252525253D63dbabb08e88142b63b63090%252525252526r%25252525253Dhttps%2525252525253A%2525252525252F%2525252525252Fan.yandex.ru%2525252525252Fsetud%2525252525252Fadspend%2525252525252F66BT5VW9mAupCghmcCqpA4%2525252525253Fsign%2525252525253D80112731%25252525252526location%2525252525253Dhttps%252525252525253A%252525252525252F%252525252525252Ftop-fwz1.mail.ru%252525252525252Fcounter%252525252525253Fid%252525252525253D3138228%252525252525253Bpid%252525252525253D63dbabb08e88142b63b63090

142.250.74.98

200 OK

170 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=adspend&google_cm&google_hm=63dbabb08e88142b63b63090&r=https%3A%2F%2Fprodmp.ru%2Frefocus.gif%3Fdsp_provider_id%3D2%26uid%3D63dbabb08e88142b63b63090%26duid%3DgZOR3EVq9GnqBtdDCELx%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D6472613%2526id%253D63dbabb08e88142b63b63090%2526dest%253Dhttps%25253A%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D63dbabb08e88142b63b63090%252526i%25253D5491247901896292591%252526r%25253Dhttps%2525253A%2525252F%2525252Fsync.1dmp.io%2525252Fpixel.gif%2525253Fcid%2525253Dfe2375b0-c617-4a6d-ab2d-f9f457ba8100%25252526pid%2525253Dw%25252526uid%2525253D63dbabb08e88142b63b63090%25252526ru%2525253Dhttps%252525253A%252525252F%252525252Fcm.p.altergeo.ru%252525252Fspnd%252525253Faid%252525253D63dbabb08e88142b63b63090%2525252526nc%252525253D2188086235371847917%2525252526url%252525253Dhttps%25252525253A%25252525252F%25252525252Fadx.com.ru%25252525252Fadspend-sync%25252525253Fuid%25252525253D63dbabb08e88142b63b63090%252525252526r%25252525253Dhttps%2525252525253A%2525252525252F%2525252525252Fan.yandex.ru%2525252525252Fsetud%2525252525252Fadspend%2525252525252F66BT5VW9mAupCghmcCqpA4%2525252525253Fsign%2525252525253D80112731%25252525252526location%2525252525253Dhttps%252525252525253A%252525252525252F%252525252525252Ftop-fwz1.mail.ru%252525252525252Fcounter%252525252525253Fid%252525252525253D3138228%252525252525253Bpid%252525252525253D63dbabb08e88142b63b63090
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
170 B (170 bytes)
Hash
e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

HTTP Headers

GET /pixel?google_nid=adspend&google_cm&google_hm=63dbabb08e88142b63b63090&r=https%3A%2F%2Fprodmp.ru%2Frefocus.gif%3Fdsp_provider_id%3D2%26uid%3D63dbabb08e88142b63b63090%26duid%3DgZOR3EVq9GnqBtdDCELx%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D6472613%2526id%253D63dbabb08e88142b63b63090%2526dest%253Dhttps%25253A%25252F%25252Fdmg.digitaltarget.ru%25252F1%25252F224%25252Fi%25252Fi%25253Fa%25253D224%252526e%25253D63dbabb08e88142b63b63090%252526i%25253D5491247901896292591%252526r%25253Dhttps%2525253A%2525252F%2525252Fsync.1dmp.io%2525252Fpixel.gif%2525253Fcid%2525253Dfe2375b0-c617-4a6d-ab2d-f9f457ba8100%25252526pid%2525253Dw%25252526uid%2525253D63dbabb08e88142b63b63090%25252526ru%2525253Dhttps%252525253A%252525252F%252525252Fcm.p.altergeo.ru%252525252Fspnd%252525253Faid%252525253D63dbabb08e88142b63b63090%2525252526nc%252525253D2188086235371847917%2525252526url%252525253Dhttps%25252525253A%25252525252F%25252525252Fadx.com.ru%25252525252Fadspend-sync%25252525253Fuid%25252525253D63dbabb08e88142b63b63090%252525252526r%25252525253Dhttps%2525252525253A%2525252525252F%2525252525252Fan.yandex.ru%2525252525252Fsetud%2525252525252Fadspend%2525252525252F66BT5VW9mAupCghmcCqpA4%2525252525253Fsign%2525252525253D80112731%25252525252526location%2525252525253Dhttps%252525252525253A%252525252525252F%252525252525252Ftop-fwz1.mail.ru%252525252525252Fcounter%252525252525253Fid%252525252525253D3138228%252525252525253Bpid%252525252525253D63dbabb08e88142b63b63090 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/png
date: Thu, 02 Feb 2023 12:25:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc797e4e4215c50a42918f78bf25dd9b
3a9d446065eb8b0d530dab59538a290125b4647b
9fe7badd15d6591176c688dafa284fdf9d8f991109e0c3a9e56a17d8c61efd2e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FE7BADD15D6591176C688DAFA284FDF9D8F991109E0C3A9E56A17D8C61EFD2E"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4015
Expires: Thu, 02 Feb 2023 13:32:15 GMT
Date: Thu, 02 Feb 2023 12:25:20 GMT
Connection: keep-alive

ocsp.usertrust.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c60ca4b761622aee6dac8fcd5a7b47bb
bf27b8a42a03073eb548b79b3adfc1c4a09921ba
55e4d169563b096866bbab23531097fd09fa620a64f56261165cf190aa90aaa7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 04:18:19 GMT
Expires: Mon, 06 Feb 2023 04:18:18 GMT
Etag: "bf27b8a42a03073eb548b79b3adfc1c4a09921ba"
Cache-Control: max-age=604094,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1041
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8b20b7eb50c-OSL

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:25:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
7f820e533b0144698053612a199e5374
72da4a26fff0d7268d8b6e8c12ef54507dda5595
f0c5a658f84619e4fe0e820a40c27be806dbeb29292e13f687dcb18eea58024d

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:25:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 06 Feb 2023 09:53:08 GMT
ETag: "72da4a26fff0d7268d8b6e8c12ef54507dda5595"
Last-Modified: Thu, 02 Feb 2023 09:53:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2025
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7932e8b23bd3b518-OSL

fcgi4.gnezdo.ru/cookie_matching/kadam/gZOR3EVq9GnqBtdDCELx

93.95.102.105

302 Found

0 B

URL HTTP/2
fcgi4.gnezdo.ru/cookie_matching/kadam/gZOR3EVq9GnqBtdDCELx
IP
93.95.102.105:0
ASN
#48347 JSC Mediasoft ekspert

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie_matching/kadam/gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 02 Feb 2023 12:25:20 GMT
location: https://fcgi4.gnezdo.ru/cookie_matching/kadam/gZOR3EVq9GnqBtdDCELx/?redirect=1
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With
access-control-allow-credentials: true
set-cookie: uid=XV9maWPbq7A8XyUR97gmAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2

fcgi4.gnezdo.ru/cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx/?redirect=1

93.95.102.105

204 No Content

0 B

URL HTTP/2
fcgi4.gnezdo.ru/cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx/?redirect=1
IP
93.95.102.105:0
ASN
#48347 JSC Mediasoft ekspert

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx/?redirect=1 HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:25:21 GMT
set-cookie: uid=XV9maWPbq7E8XyUR97hpAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2

dmg.digitaltarget.ru/1/6573/i/i?a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814

185.15.175.174

307 Temporary Redirect

0 B

URL HTTP/1.1
dmg.digitaltarget.ru/1/6573/i/i?a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814
IP
185.15.175.174:0
ASN
#43226 SafeData LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/6573/i/i?a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Length: 0
Connection: keep-alive
Location: https://dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675340720983&a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814
Set-Cookie: viuserid=Po6x0.3LudKFssf7BY6e; Max-Age=93312000; Expires=Sat, 17 Jan 2026 12:25:20 GMT; SameSite=None; Path=/; Domain=dmg.digitaltarget.ru; Secure; HTTPOnly
Request-Time: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only

kadam-sync.rutarget.ru/sync

188.72.107.156

302 Moved Temporarily

0 B

URL HTTP/1.1
kadam-sync.rutarget.ru/sync
IP
188.72.107.156:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sync HTTP/1.1
Host: kadam-sync.rutarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 02 Feb 2023 12:25:20 GMT
Content-Length: 0
Connection: close
Location: https://d.uuidksinc.net/match/386/?remote_uid=2yeraNmqAz_l
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
Set-Cookie: userId=2yeraNmqAz_l; Path=/; Domain=.rutarget.ru; Expires=Tue, 01 Aug 2023 12:25:20 GMT; SameSite=None; Secure

d.uuidksinc.net/match/386/?remote_uid=2yeraNmqAz_l

31.220.27.134

200 OK

74 B

URL HTTP/2
d.uuidksinc.net/match/386/?remote_uid=2yeraNmqAz_l
IP
31.220.27.134:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
74 B (74 bytes)
Hash
9e24e19b024c44b778301d880bd8e6f4
d2b1b39cb4434d34c22c2cf52cbbe9967b1b688e
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb

HTTP Headers

GET /match/386/?remote_uid=2yeraNmqAz_l HTTP/1.1
Host: d.uuidksinc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Cookie: jcsuuid=gZOR3EVq9GnqBtdDCELx
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.0
date: Thu, 02 Feb 2023 12:25:21 GMT
content-type: image/png
content-length: 74
X-Firefox-Spdy: h2

dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675340720983&a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814

185.15.175.174

200 OK

64 B

URL HTTP/1.1
dmg.digitaltarget.ru/awg/custom/6573/i/i?call_source=awg&ts=1675340720983&a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814
IP
185.15.175.174:0
ASN
#43226 SafeData LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
ffd585dfb1ac6320633a0be46d579437
5a6033d23bc9cd5d1de9ee61de69a44428086dcb
df18d81deb0cc1c48ae87e6481bb4ee375b40cce0fec3d226e002704d49f6cc8

HTTP Headers

GET /awg/custom/6573/i/i?call_source=awg&ts=1675340720983&a=662&e=gZOR3EVq9GnqBtdDCELx&i=0.35052644582291814 HTTP/1.1
Host: dmg.digitaltarget.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uuidksinc.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:25:21 GMT
Content-Type: image/gif
Content-Length: 64
Connection: keep-alive
Vary: Accept-Encoding
Request-Time: 1
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 86400
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
X-Permitted-Cross-Domain-Policies: master-only

sm.rtb.mts.ru/p?ssp=toptraffic&id=Y9ursPfwdVc

217.66.147.37

301 Moved Permanently

0 B

URL HTTP/1.1
sm.rtb.mts.ru/p?ssp=toptraffic&id=Y9ursPfwdVc
IP
217.66.147.37:0
ASN
#29209 MTS PJSC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p?ssp=toptraffic&id=Y9ursPfwdVc HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 02 Feb 2023 12:25:21 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://sm.rtb.mts.ru/match/second?ssp=59&exu=Y9ursPfwdVc
Set-Cookie: dspid=92932bd5-43c8-4ebf-a13c-7077744c7027; expires=Wed, 24 Jan 2024 12:25:21 GMT; domain=.mts.ru; path=/; secure; SameSite=None

sm.rtb.mts.ru/match/second?ssp=59&exu=Y9ursPfwdVc

217.66.147.37

200 OK

0 B

URL HTTP/1.1
sm.rtb.mts.ru/match/second?ssp=59&exu=Y9ursPfwdVc
IP
217.66.147.37:0
ASN
#29209 MTS PJSC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /match/second?ssp=59&exu=Y9ursPfwdVc HTTP/1.1
Host: sm.rtb.mts.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:25:21 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Vary: Origin
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9922
Expires: Thu, 02 Feb 2023 15:10:43 GMT
Date: Thu, 02 Feb 2023 12:25:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9922
Expires: Thu, 02 Feb 2023 15:10:43 GMT
Date: Thu, 02 Feb 2023 12:25:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9922
Expires: Thu, 02 Feb 2023 15:10:43 GMT
Date: Thu, 02 Feb 2023 12:25:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9922
Expires: Thu, 02 Feb 2023 15:10:43 GMT
Date: Thu, 02 Feb 2023 12:25:21 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5356 bytes)
Hash
7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i697kJpdT4ZPeMLWIftWf16pWCic0-v4tL4GDKfVfTZLo-E4-3FwDQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 50623
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1ea9f44-4a0b-4366-b041-d2bd88c5fcb5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7960 bytes)
Hash
604c573da6f79effa2a81e711c14ad9e
322a3a510ca73e124d78e31b49d676ec891a6762
8d2b897fe4251106be9183fa2a6a3b0918cd1f4dcc5f814aa88a630a77b4045c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1ea9f44-4a0b-4366-b041-d2bd88c5fcb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: 774cebdf-b2bf-4a98-9d2b-e2abd4bd1a2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BG-hoAMFTSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-234163873ca67e934d684a1d;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uBOoIV3qLgPgjOas4bG9LnzvJyW5AmcxMm7xqxI2keBg3er2G3MldA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:01:31 GMT
etag: "322a3a510ca73e124d78e31b49d676ec891a6762"
content-type: image/jpeg
age: 51830
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6783 bytes)
Hash
f1d06527f75868ea84da730b7c8b5660
6c0cb65a477d6bc7d013529411d5735bd39e3d46
2ff4fb12b9ac4dff67bf89cc69f1bfce3ffa738696f904172044a5a537a704c9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6783
x-amzn-requestid: 5ab60169-ec65-483a-828b-3312c74ee4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BGjqoAMFV6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-73a465244f89adaa27626246;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EnMwKHnlZQbvGDjPKuFqW9G8CBaRAV6QKzJ2VFOtRPDm3EIgVUpmYQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:29 GMT
age: 52072
etag: "6c0cb65a477d6bc7d013529411d5735bd39e3d46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11367 bytes)
Hash
395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 52050
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7450 bytes)
Hash
41c44051cc3b4c69924df66048e7566b
5c6a12595c3f6005fec4baa84b16575951e72178
72dff70bcb417c088aba013a486e1dbabe099b40fb718a283f1ba220b142b848

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 1b3ef150-9b12-4b8b-94e6-0d6debbd24ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTDFmPoAMF-UQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-0fea883b0ce1a1b933dc2be8;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qON7fRZ1XPCkl7ldiGagd0UcPynLKMzysXr8LZSRvS1ily9cN5w_wA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:22:55 GMT
age: 50546
etag: "5c6a12595c3f6005fec4baa84b16575951e72178"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fcgi4.gnezdo.ru/cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx

93.95.102.105

302 Found

16 kB

URL HTTP/2
fcgi4.gnezdo.ru/cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx
IP
93.95.102.105:0
ASN
#48347 JSC Mediasoft ekspert

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx HTTP/1.1
Host: fcgi4.gnezdo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uuidksinc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 02 Feb 2023 12:25:20 GMT
location: https://fcgi4.gnezdo.ru/cookie_matching/kadam_resell/gZOR3EVq9GnqBtdDCELx/?redirect=1
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With
access-control-allow-credentials: true
set-cookie: uid=XV9maWPbq7A8XyUR97hAAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=gnezdo.ru; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML