redirecting2.eu/p/nThp/4Le2/B75W
104.21.28.122301 Moved Permanently 0 B URL HTTP/1.1 redirecting2.eu/p/nThp/4Le2/B75W
IP 104.21.28.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/nThp/4Le2/B75W HTTP/1.1
Host: redirecting2.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 09:50:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 10:50:16 GMT
Location: https://redirecting2.eu/p/nThp/4Le2/B75W
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaS4cUBL5fQByB%2BZCBiOm5dZo6%2BrDC8RrmR3YIeWJnoMlWnxybgBM3fFOUO8EGSS9xy0S7Wz2nA%2Bka%2F1vKH%2Fl4yPKaoQpA6kI4bh4199qsBofW%2Fq9t5bVad2peM7IhWzE8A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f2600bac7cb527-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 09:14:07 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cLBr26p5VXd0bC9l-4mAKMFhf_-UU8QnLOS9ISfzWQZrBpw7x_-i9w==
Age: 2170
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19443
Expires: Fri, 23 Sep 2022 15:14:20 GMT
Date: Fri, 23 Sep 2022 09:50:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iQzOGnU4FYjFteWzJdKVyGVyd1zsGowk3aea3of7sfEjRNbeXxiGfA==
age: 18903
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 09:50:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 12 kB IP 142.250.74.3:0
Hash 53c43a6e40e8811a21b4c333df3cd420
f7b34170a13cfa192da09cc7970bcc97ae9381d1
5c48d08755660ee6e025e60764ad45a9c9cdab8493e0096be0f7db7b16e66aea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 09:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redirecting2.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Fri, 23 Sep 2022 08:41:09 GMT
expires: Fri, 23 Sep 2022 10:41:09 GMT
cache-control: public, max-age=7200
age: 4148
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 375756444a8871bbe816165e294fb262
2f9e18473daa3daae633a4df448a2230e77f8c33
c2e94c3082cb76fad8f5ace3c686f46d43c807b7f2d3cb9f2b4d9965b91af4c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 09:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 09:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 09:19:49 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vVvEckP6VS8D2pWJ8dWDFQXM556A0owWvNA9Px8dNTrKsWfRhh3b8w==
Age: 2815
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e6561e23e9d181a4b18c7174cb89a590
221a300522f62c4bde7dd23420609a12ae3bd5b6
a66e6d4e834dfd29d86921222d86c7f8ac5d11a4e0c83ab40ff150629f2b9cec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 09:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6326
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 09:50:17 GMT
Last-Modified: Fri, 23 Sep 2022 08:04:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-110090096-2&cid=2014835023.1663926617&jid=1816301010&gjid=929582205&_gid=830785250.1663926617&_u=IEBAAEAAAAAAAC~&z=1610469238
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-110090096-2&cid=2014835023.1663926617&jid=1816301010&gjid=929582205&_gid=830785250.1663926617&_u=IEBAAEAAAAAAAC~&z=1610469238
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-110090096-2&cid=2014835023.1663926617&jid=1816301010&gjid=929582205&_gid=830785250.1663926617&_u=IEBAAEAAAAAAAC~&z=1610469238 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://redirecting2.eu
Connection: keep-alive
Referer: https://redirecting2.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://redirecting2.eu
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 23 Sep 2022 09:50:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e6561e23e9d181a4b18c7174cb89a590
221a300522f62c4bde7dd23420609a12ae3bd5b6
a66e6d4e834dfd29d86921222d86c7f8ac5d11a4e0c83ab40ff150629f2b9cec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 09:50:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.126.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.126.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MqezbOzJPl7zL+JSo723hQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KZZvw6qImj1drmUthNjlUzCLpyo=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f0410b52db5fdab57636c89f988b79d6
ea9c02141e1248cc535238672adbb8750802d5a3
d69ce41eca78a7cb8037ef0d01170d3f318398626aad55eab8eafb66a21128d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D69CE41ECA78A7CB8037EF0D01170D3F318398626AAD55EAB8EAFB66A21128D8"
Last-Modified: Thu, 22 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10997
Expires: Fri, 23 Sep 2022 12:53:35 GMT
Date: Fri, 23 Sep 2022 09:50:18 GMT
Connection: keep-alive
mega-prizes.life/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006
135.125.12.138200 OK 90 kB URL HTTP/1.1 mega-prizes.life/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006
IP 135.125.12.138:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62481), with CRLF line terminators
Hash 8f53680fe772d5de34546b176a4b362d
3329b9232d9aaebd03945bd8c06a1bbaa35320e0
d539a3c8fa733247721b3501c8d1da0134626f3f9d6c25b7e9a63b98fbfd65b1
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006 HTTP/1.1
Host: mega-prizes.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redirecting2.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:18 GMT
Content-Type: text/html
Content-Length: 90087
Connection: keep-alive
set-cookie: sid=t4~0oqvyfvhpitvor2iebvbfmy1; path=/
sid=t4~0oqvyfvhpitvor2iebvbfmy1; path=/
p1=https://figproax.live/pcvyswme/; path=/
s1=vqgnu3v8ys1i0k47; path=/
cache-control: private, no-transform
mega-prizes.life/media/mainstream/frame.html
135.125.12.138200 OK 39 B URL HTTP/1.1 mega-prizes.life/media/mainstream/frame.html
IP 135.125.12.138:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 086707e4369f60afedcafb16050a7618
8216b0cc6876cbd44f01c158e7dff3833ceccd41
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /media/mainstream/frame.html HTTP/1.1
Host: mega-prizes.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-prizes.life/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006
Cookie: sid=t4~0oqvyfvhpitvor2iebvbfmy1; p1=https://figproax.live/pcvyswme/; s1=vqgnu3v8ys1i0k47
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:18 GMT
Content-Type: text/html
Content-Length: 39
Connection: keep-alive
Last-Modified: Wed, 19 May 2021 13:17:43 GMT
Vary: Accept-Encoding
ETag: "60a50ff7-27"
Cache-Control: no-transform
Accept-Ranges: bytes
mega-prizes.life/favicon.ico
135.125.12.138200 OK 0 B URL HTTP/1.1 mega-prizes.life/favicon.ico
IP 135.125.12.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: mega-prizes.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-prizes.life/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006
Cookie: sid=t4~0oqvyfvhpitvor2iebvbfmy1; p1=https://figproax.live/pcvyswme/; s1=vqgnu3v8ys1i0k47
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:18 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Sat, 06 Jun 2020 22:52:46 GMT
accept-ranges: bytes
etag: "e2e33b32553cd61:0"
Cache-Control: no-transform
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9778
Expires: Fri, 23 Sep 2022 12:33:17 GMT
Date: Fri, 23 Sep 2022 09:50:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9778
Expires: Fri, 23 Sep 2022 12:33:17 GMT
Date: Fri, 23 Sep 2022 09:50:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9778
Expires: Fri, 23 Sep 2022 12:33:17 GMT
Date: Fri, 23 Sep 2022 09:50:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9778
Expires: Fri, 23 Sep 2022 12:33:17 GMT
Date: Fri, 23 Sep 2022 09:50:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6uqNnpll2kgC_0_t5e9yp0AgFAvprQq_GF_jgwj2sX2TE9S1l023Aw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:58:47 GMT
age: 21092
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 42679
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eab8da8cc1495a0221efadddd1a0bcc
4156c37b612d5fb99c6b061187a3cb0b314ae4a8
2fc5dbd9216f775cd305de80d17db2e6c74abcb1e30bfa7065c4d763a7345026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9481
x-amzn-requestid: d527d22a-6822-4b90-b9cb-034f58f73c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0IGl7oAMFSKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4e7-13a676d9596cbd20663d2d8f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V8vtLV7n0bPpR5xQtqcH6WK7uBV4ObaMdy_9qN_TtISqAozEwPe0hA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:12:22 GMT
age: 41877
etag: "4156c37b612d5fb99c6b061187a3cb0b314ae4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56c6b5fd-d351-45b8-9f62-d5052869881a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56c6b5fd-d351-45b8-9f62-d5052869881a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 948abf9bedd1bd67010284080ba06d01
dd94d525ad264856a0fdcb7a4b1faa2d68c3f68b
236639cc2279c6f269dd521796a087a40b43b252cb55faf3e4214cbdc8369a62
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56c6b5fd-d351-45b8-9f62-d5052869881a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 0cec2f7d-e906-4f5f-baa7-5d8a1a7c6820
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2P7bEeQoAMFhGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf9e2-5bdf18be72eed24028034edb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 06:00:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Pj5hSr5LtIWPRDYjHxp8-K8gVghjf8GlO-FnXDvxscJqdygfZH8hIA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 19:36:01 GMT
age: 51258
etag: "dd94d525ad264856a0fdcb7a4b1faa2d68c3f68b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 42334
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 42714
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d8a03714c918f06b8c5abd9f732ed79e
f87e555e189513a034b1445d027dfbca794411da
39a4b50f920d72cbbd6edd9c08a5816b5bd2738f73fae271f9a8a67cba3ae8b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39A4B50F920D72CBBD6EDD9C08A5816B5BD2738F73FAE271F9A8A67CBA3AE8B3"
Last-Modified: Thu, 22 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5737
Expires: Fri, 23 Sep 2022 11:25:56 GMT
Date: Fri, 23 Sep 2022 09:50:19 GMT
Connection: keep-alive
239.figproax.live/pcvyswme/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006&f=1&sid=t4~0oqvyfvhpitvor2iebvbfmy1&fp=ucQKfHPn6llucrUqFJwjykbPih2sNSFz1Eq3I5eeKDQioDTFuP2CSClt51fpa9Xk9MUiLYeIaxIkezteEd9%2FkAnj7jw86%2BvvVYdYaRpF2L3tfSodOe0DnFF68%2FbOHcJh1HZy8UiUshxgZSEOe6UKcuEd3uRZxFB0zkzdvGXlI1QxQASqyM9TFSsNNzfYEORNDmZDPZmKitBGvz9boyFLKPk%2F7eU%2B9hpWsY7zkXPaWL0X5VJbycb0XalgLjWOSIIp2a6s4VoG%2FxepZRNQ%2Bg%2FtqO6sCs5CoWLhDvExTavteHTLg3%2FYLgv6uzRR29dKgSGbyGkaXI8vGeJPzeVm%2B8eKcOcHf5mqeSZmBDoT8d4JbdIHnrOFaydKTowxpMdnhqKzT3OzwWFF%2FI83km2tnUlmQVVVjjVxoPdRjfeuAmsz5OcL7xzyMAB%2BU9ZzhlerLKZ%2FPz1Dy2Hsrud%2FlBR6g0%2FGxOOnpBrJ12NStRAB4ffKNTvk%2FbDu%2Bnz%2BxS9AR6CZ4GWx%2BFHWdIVdbVPFY587lseXijV82izlJxNXTFGJvF5WgJxrXRLVOwPuUaMsKJTFOReMpITPQ%2Fefl%2BfwwoNTJ4P8Ymk2ebShCUEOPV7rnNIQtuVmZ8koY3Q9kLYd9APRuZ5c7AMXOuIQu6eCtzIp3z78DPXZM5S7YOGkydb4iENAzI6X%2F5tn7NFFjtzYup9DwxfVTr4GuKqikWCnU9NxXVOy%2BnGj3hwwvmYa2f5Mm0wqk6IVvb8WvgaCIB0cH4yjkmVONQherKoqWV5zpnLANIEs%2BFhCrNsgB5PFQWqCEmRWbJfxZ94igWB0Vvliu%2FaJWmhdS8iTqx3Z%2B585ZVpX5BNS0ZlJ8kTpDiYE8WtLNNOOPe89NJL1R6wXyzc0BRP3bywNoFNFlwVgoCAEjQ5pnKKfia51nTQOhbY6QHrWxdgerXDJ6irybRsTBoQWONCzU6C1OTeoHuKvDO5hHfC%2ByMNrHcFseJ0MQgqo3tWtjBnGOkSPQQJ1EHnXiMYB7RYV6Yx%2BwO2e1C6CGO68hf1VTcaYHkkp1RGRgeqEgaS0cYvzkCEA2RYZigU45lG6VZpBVrwhlyGQM%2FnJETgDdoAPS3bxkpUyXOHbbGot0RnJ0WrQ27sSG9g8yLF70MH6CHlIMxfmXI47XCIBZ%2B8Vp8%2F6CeJZ2egTluWIYfCA6yT2OKKE1NjvbRoJ70ORkhq%2F0S5%2B96KKjLgvCeV3lR4IE2wsRLzAZ0sFzJCsFu2frnQFS5GvO%2BAm10%2B0OAkvgP77zP6icsTUEph5ssVJpQv0%2BQIZU59dtN0cgwYtxmTD2YhGpNhepTq2NG%2BbHSduJ%2FzhU%2BItCU6gkj81wmgXiLq%2Bsvbc%2BKvshcW066dVX1ylqfG3ICT7CO3Ook7j9hRJ4hyF0EmN08PriQLKcqXKrZvY9VhwIMdhYVG4o3xuoRV%2B2Z6%2BEQtuUczTj5X4a3%2BYTJnkXUynwTdaUcVd7w3mn00uRBsCQx1EJQSxnK8g4RALHcYbKmeOBKwcjaNY1RjiVMg2n4GNQBkKbUSApBaQTWt9SlQgCGwMCCEe5cF6dykeeYQiGlOb%2BaejsBn2QXCEQzhKtpoGUMnweODj0DIMhvFK8MMAzhKe7yX8aF%2FTK4eaaWTIgbLPXMbVuAIsujZMXEfeDe2TDgSFtIHKFArRsLP95aQrUZSI4l8K797pDj11XzLhFEWMFCx55mK3rM1POQjHliFloKijp8rnmXZHCPnRzXJTrlzz%2B7mFMw3b5K2Vho3fxrFRvq2XGAjItKHaqg28IbCakyQLWBa%2BWzi7w2Tvr6muPml2Lda0aK10h1HlusAq%2Fz%2BVxeKLJxmKPqwzCirQupQgnIpvR5d2n9h8idpYgNcaFHfyIJbGccjqKNHXYVdrjfF6CVxhCOa%2Fm2HpBGdVWKwj0FxZrM87jFXEvy1Nxqq4y19b6g%3D%3D
141.94.19.38200 OK 1.5 kB URL HTTP/1.1 239.figproax.live/pcvyswme/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006&f=1&sid=t4~0oqvyfvhpitvor2iebvbfmy1&fp=ucQKfHPn6llucrUqFJwjykbPih2sNSFz1Eq3I5eeKDQioDTFuP2CSClt51fpa9Xk9MUiLYeIaxIkezteEd9%2FkAnj7jw86%2BvvVYdYaRpF2L3tfSodOe0DnFF68%2FbOHcJh1HZy8UiUshxgZSEOe6UKcuEd3uRZxFB0zkzdvGXlI1QxQASqyM9TFSsNNzfYEORNDmZDPZmKitBGvz9boyFLKPk%2F7eU%2B9hpWsY7zkXPaWL0X5VJbycb0XalgLjWOSIIp2a6s4VoG%2FxepZRNQ%2Bg%2FtqO6sCs5CoWLhDvExTavteHTLg3%2FYLgv6uzRR29dKgSGbyGkaXI8vGeJPzeVm%2B8eKcOcHf5mqeSZmBDoT8d4JbdIHnrOFaydKTowxpMdnhqKzT3OzwWFF%2FI83km2tnUlmQVVVjjVxoPdRjfeuAmsz5OcL7xzyMAB%2BU9ZzhlerLKZ%2FPz1Dy2Hsrud%2FlBR6g0%2FGxOOnpBrJ12NStRAB4ffKNTvk%2FbDu%2Bnz%2BxS9AR6CZ4GWx%2BFHWdIVdbVPFY587lseXijV82izlJxNXTFGJvF5WgJxrXRLVOwPuUaMsKJTFOReMpITPQ%2Fefl%2BfwwoNTJ4P8Ymk2ebShCUEOPV7rnNIQtuVmZ8koY3Q9kLYd9APRuZ5c7AMXOuIQu6eCtzIp3z78DPXZM5S7YOGkydb4iENAzI6X%2F5tn7NFFjtzYup9DwxfVTr4GuKqikWCnU9NxXVOy%2BnGj3hwwvmYa2f5Mm0wqk6IVvb8WvgaCIB0cH4yjkmVONQherKoqWV5zpnLANIEs%2BFhCrNsgB5PFQWqCEmRWbJfxZ94igWB0Vvliu%2FaJWmhdS8iTqx3Z%2B585ZVpX5BNS0ZlJ8kTpDiYE8WtLNNOOPe89NJL1R6wXyzc0BRP3bywNoFNFlwVgoCAEjQ5pnKKfia51nTQOhbY6QHrWxdgerXDJ6irybRsTBoQWONCzU6C1OTeoHuKvDO5hHfC%2ByMNrHcFseJ0MQgqo3tWtjBnGOkSPQQJ1EHnXiMYB7RYV6Yx%2BwO2e1C6CGO68hf1VTcaYHkkp1RGRgeqEgaS0cYvzkCEA2RYZigU45lG6VZpBVrwhlyGQM%2FnJETgDdoAPS3bxkpUyXOHbbGot0RnJ0WrQ27sSG9g8yLF70MH6CHlIMxfmXI47XCIBZ%2B8Vp8%2F6CeJZ2egTluWIYfCA6yT2OKKE1NjvbRoJ70ORkhq%2F0S5%2B96KKjLgvCeV3lR4IE2wsRLzAZ0sFzJCsFu2frnQFS5GvO%2BAm10%2B0OAkvgP77zP6icsTUEph5ssVJpQv0%2BQIZU59dtN0cgwYtxmTD2YhGpNhepTq2NG%2BbHSduJ%2FzhU%2BItCU6gkj81wmgXiLq%2Bsvbc%2BKvshcW066dVX1ylqfG3ICT7CO3Ook7j9hRJ4hyF0EmN08PriQLKcqXKrZvY9VhwIMdhYVG4o3xuoRV%2B2Z6%2BEQtuUczTj5X4a3%2BYTJnkXUynwTdaUcVd7w3mn00uRBsCQx1EJQSxnK8g4RALHcYbKmeOBKwcjaNY1RjiVMg2n4GNQBkKbUSApBaQTWt9SlQgCGwMCCEe5cF6dykeeYQiGlOb%2BaejsBn2QXCEQzhKtpoGUMnweODj0DIMhvFK8MMAzhKe7yX8aF%2FTK4eaaWTIgbLPXMbVuAIsujZMXEfeDe2TDgSFtIHKFArRsLP95aQrUZSI4l8K797pDj11XzLhFEWMFCx55mK3rM1POQjHliFloKijp8rnmXZHCPnRzXJTrlzz%2B7mFMw3b5K2Vho3fxrFRvq2XGAjItKHaqg28IbCakyQLWBa%2BWzi7w2Tvr6muPml2Lda0aK10h1HlusAq%2Fz%2BVxeKLJxmKPqwzCirQupQgnIpvR5d2n9h8idpYgNcaFHfyIJbGccjqKNHXYVdrjfF6CVxhCOa%2Fm2HpBGdVWKwj0FxZrM87jFXEvy1Nxqq4y19b6g%3D%3D
IP 141.94.19.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators
Hash 848790157f78abcae741c1111b033515
4c552f4c955b014261b622d5772ad83a60f0ea5e
6975a2fb6b5d2d29a8fe0dfa9207b48fdd1c7f6d15f468af3ce438cbb8bd91ec
GET /pcvyswme/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006&f=1&sid=t4~0oqvyfvhpitvor2iebvbfmy1&fp=ucQKfHPn6llucrUqFJwjykbPih2sNSFz1Eq3I5eeKDQioDTFuP2CSClt51fpa9Xk9MUiLYeIaxIkezteEd9%2FkAnj7jw86%2BvvVYdYaRpF2L3tfSodOe0DnFF68%2FbOHcJh1HZy8UiUshxgZSEOe6UKcuEd3uRZxFB0zkzdvGXlI1QxQASqyM9TFSsNNzfYEORNDmZDPZmKitBGvz9boyFLKPk%2F7eU%2B9hpWsY7zkXPaWL0X5VJbycb0XalgLjWOSIIp2a6s4VoG%2FxepZRNQ%2Bg%2FtqO6sCs5CoWLhDvExTavteHTLg3%2FYLgv6uzRR29dKgSGbyGkaXI8vGeJPzeVm%2B8eKcOcHf5mqeSZmBDoT8d4JbdIHnrOFaydKTowxpMdnhqKzT3OzwWFF%2FI83km2tnUlmQVVVjjVxoPdRjfeuAmsz5OcL7xzyMAB%2BU9ZzhlerLKZ%2FPz1Dy2Hsrud%2FlBR6g0%2FGxOOnpBrJ12NStRAB4ffKNTvk%2FbDu%2Bnz%2BxS9AR6CZ4GWx%2BFHWdIVdbVPFY587lseXijV82izlJxNXTFGJvF5WgJxrXRLVOwPuUaMsKJTFOReMpITPQ%2Fefl%2BfwwoNTJ4P8Ymk2ebShCUEOPV7rnNIQtuVmZ8koY3Q9kLYd9APRuZ5c7AMXOuIQu6eCtzIp3z78DPXZM5S7YOGkydb4iENAzI6X%2F5tn7NFFjtzYup9DwxfVTr4GuKqikWCnU9NxXVOy%2BnGj3hwwvmYa2f5Mm0wqk6IVvb8WvgaCIB0cH4yjkmVONQherKoqWV5zpnLANIEs%2BFhCrNsgB5PFQWqCEmRWbJfxZ94igWB0Vvliu%2FaJWmhdS8iTqx3Z%2B585ZVpX5BNS0ZlJ8kTpDiYE8WtLNNOOPe89NJL1R6wXyzc0BRP3bywNoFNFlwVgoCAEjQ5pnKKfia51nTQOhbY6QHrWxdgerXDJ6irybRsTBoQWONCzU6C1OTeoHuKvDO5hHfC%2ByMNrHcFseJ0MQgqo3tWtjBnGOkSPQQJ1EHnXiMYB7RYV6Yx%2BwO2e1C6CGO68hf1VTcaYHkkp1RGRgeqEgaS0cYvzkCEA2RYZigU45lG6VZpBVrwhlyGQM%2FnJETgDdoAPS3bxkpUyXOHbbGot0RnJ0WrQ27sSG9g8yLF70MH6CHlIMxfmXI47XCIBZ%2B8Vp8%2F6CeJZ2egTluWIYfCA6yT2OKKE1NjvbRoJ70ORkhq%2F0S5%2B96KKjLgvCeV3lR4IE2wsRLzAZ0sFzJCsFu2frnQFS5GvO%2BAm10%2B0OAkvgP77zP6icsTUEph5ssVJpQv0%2BQIZU59dtN0cgwYtxmTD2YhGpNhepTq2NG%2BbHSduJ%2FzhU%2BItCU6gkj81wmgXiLq%2Bsvbc%2BKvshcW066dVX1ylqfG3ICT7CO3Ook7j9hRJ4hyF0EmN08PriQLKcqXKrZvY9VhwIMdhYVG4o3xuoRV%2B2Z6%2BEQtuUczTj5X4a3%2BYTJnkXUynwTdaUcVd7w3mn00uRBsCQx1EJQSxnK8g4RALHcYbKmeOBKwcjaNY1RjiVMg2n4GNQBkKbUSApBaQTWt9SlQgCGwMCCEe5cF6dykeeYQiGlOb%2BaejsBn2QXCEQzhKtpoGUMnweODj0DIMhvFK8MMAzhKe7yX8aF%2FTK4eaaWTIgbLPXMbVuAIsujZMXEfeDe2TDgSFtIHKFArRsLP95aQrUZSI4l8K797pDj11XzLhFEWMFCx55mK3rM1POQjHliFloKijp8rnmXZHCPnRzXJTrlzz%2B7mFMw3b5K2Vho3fxrFRvq2XGAjItKHaqg28IbCakyQLWBa%2BWzi7w2Tvr6muPml2Lda0aK10h1HlusAq%2Fz%2BVxeKLJxmKPqwzCirQupQgnIpvR5d2n9h8idpYgNcaFHfyIJbGccjqKNHXYVdrjfF6CVxhCOa%2Fm2HpBGdVWKwj0FxZrM87jFXEvy1Nxqq4y19b6g%3D%3D HTTP/1.1
Host: 239.figproax.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mega-prizes.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:19 GMT
Content-Type: text/html
Content-Length: 1485
Connection: keep-alive
cache-control: private, no-transform
239.figproax.live/web/?sid=t4~0oqvyfvhpitvor2iebvbfmy1
141.94.19.38302 Found 372 B URL HTTP/1.1 239.figproax.live/web/?sid=t4~0oqvyfvhpitvor2iebvbfmy1
IP 141.94.19.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0d0f7213673819a2ac921fb22b234441
969110ac977f3933dab5c0c77f2fdef2813b8f70
215b51936043526cd17d803049d303edd5d13a54094328ab73a7fc04a2ef7f28
Analyzer Verdict Alert fortinet Malware
GET /web/?sid=t4~0oqvyfvhpitvor2iebvbfmy1 HTTP/1.1
Host: 239.figproax.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://239.figproax.live/pcvyswme/?u=kcdweky&o=cawpazh&cid=mlClick-bLUuiBne&t=538006&f=1&sid=t4~0oqvyfvhpitvor2iebvbfmy1&fp=ucQKfHPn6llucrUqFJwjykbPih2sNSFz1Eq3I5eeKDQioDTFuP2CSClt51fpa9Xk9MUiLYeIaxIkezteEd9%2FkAnj7jw86%2BvvVYdYaRpF2L3tfSodOe0DnFF68%2FbOHcJh1HZy8UiUshxgZSEOe6UKcuEd3uRZxFB0zkzdvGXlI1QxQASqyM9TFSsNNzfYEORNDmZDPZmKitBGvz9boyFLKPk%2F7eU%2B9hpWsY7zkXPaWL0X5VJbycb0XalgLjWOSIIp2a6s4VoG%2FxepZRNQ%2Bg%2FtqO6sCs5CoWLhDvExTavteHTLg3%2FYLgv6uzRR29dKgSGbyGkaXI8vGeJPzeVm%2B8eKcOcHf5mqeSZmBDoT8d4JbdIHnrOFaydKTowxpMdnhqKzT3OzwWFF%2FI83km2tnUlmQVVVjjVxoPdRjfeuAmsz5OcL7xzyMAB%2BU9ZzhlerLKZ%2FPz1Dy2Hsrud%2FlBR6g0%2FGxOOnpBrJ12NStRAB4ffKNTvk%2FbDu%2Bnz%2BxS9AR6CZ4GWx%2BFHWdIVdbVPFY587lseXijV82izlJxNXTFGJvF5WgJxrXRLVOwPuUaMsKJTFOReMpITPQ%2Fefl%2BfwwoNTJ4P8Ymk2ebShCUEOPV7rnNIQtuVmZ8koY3Q9kLYd9APRuZ5c7AMXOuIQu6eCtzIp3z78DPXZM5S7YOGkydb4iENAzI6X%2F5tn7NFFjtzYup9DwxfVTr4GuKqikWCnU9NxXVOy%2BnGj3hwwvmYa2f5Mm0wqk6IVvb8WvgaCIB0cH4yjkmVONQherKoqWV5zpnLANIEs%2BFhCrNsgB5PFQWqCEmRWbJfxZ94igWB0Vvliu%2FaJWmhdS8iTqx3Z%2B585ZVpX5BNS0ZlJ8kTpDiYE8WtLNNOOPe89NJL1R6wXyzc0BRP3bywNoFNFlwVgoCAEjQ5pnKKfia51nTQOhbY6QHrWxdgerXDJ6irybRsTBoQWONCzU6C1OTeoHuKvDO5hHfC%2ByMNrHcFseJ0MQgqo3tWtjBnGOkSPQQJ1EHnXiMYB7RYV6Yx%2BwO2e1C6CGO68hf1VTcaYHkkp1RGRgeqEgaS0cYvzkCEA2RYZigU45lG6VZpBVrwhlyGQM%2FnJETgDdoAPS3bxkpUyXOHbbGot0RnJ0WrQ27sSG9g8yLF70MH6CHlIMxfmXI47XCIBZ%2B8Vp8%2F6CeJZ2egTluWIYfCA6yT2OKKE1NjvbRoJ70ORkhq%2F0S5%2B96KKjLgvCeV3lR4IE2wsRLzAZ0sFzJCsFu2frnQFS5GvO%2BAm10%2B0OAkvgP77zP6icsTUEph5ssVJpQv0%2BQIZU59dtN0cgwYtxmTD2YhGpNhepTq2NG%2BbHSduJ%2FzhU%2BItCU6gkj81wmgXiLq%2Bsvbc%2BKvshcW066dVX1ylqfG3ICT7CO3Ook7j9hRJ4hyF0EmN08PriQLKcqXKrZvY9VhwIMdhYVG4o3xuoRV%2B2Z6%2BEQtuUczTj5X4a3%2BYTJnkXUynwTdaUcVd7w3mn00uRBsCQx1EJQSxnK8g4RALHcYbKmeOBKwcjaNY1RjiVMg2n4GNQBkKbUSApBaQTWt9SlQgCGwMCCEe5cF6dykeeYQiGlOb%2BaejsBn2QXCEQzhKtpoGUMnweODj0DIMhvFK8MMAzhKe7yX8aF%2FTK4eaaWTIgbLPXMbVuAIsujZMXEfeDe2TDgSFtIHKFArRsLP95aQrUZSI4l8K797pDj11XzLhFEWMFCx55mK3rM1POQjHliFloKijp8rnmXZHCPnRzXJTrlzz%2B7mFMw3b5K2Vho3fxrFRvq2XGAjItKHaqg28IbCakyQLWBa%2BWzi7w2Tvr6muPml2Lda0aK10h1HlusAq%2Fz%2BVxeKLJxmKPqwzCirQupQgnIpvR5d2n9h8idpYgNcaFHfyIJbGccjqKNHXYVdrjfF6CVxhCOa%2Fm2HpBGdVWKwj0FxZrM87jFXEvy1Nxqq4y19b6g%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 23 Sep 2022 09:50:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 372
Connection: keep-alive
location: https://cloudnetstorage.com/?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
Cache-Control: no-transform
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9391f9d9424881cb37f9b28a3df62ce3
f8c36320187944d54ed697183210c981c094fe41
79fd515c3bf94ad6cb32465b2af8ed26ffdd66c76f9a591c6e8bbb45ef4221ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FD515C3BF94AD6CB32465B2AF8ED26FFDD66C76F9A591C6E8BBB45EF4221EF"
Last-Modified: Wed, 21 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12346
Expires: Fri, 23 Sep 2022 13:16:06 GMT
Date: Fri, 23 Sep 2022 09:50:20 GMT
Connection: keep-alive
cloudnetstorage.com/?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
5.188.51.87302 Found 0 B URL HTTP/1.1 cloudnetstorage.com/?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
IP 5.188.51.87:0
ASN #209813 Fast Content Delivery LTD
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D HTTP/1.1
Host: cloudnetstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://239.figproax.live/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 23 Sep 2022 09:50:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /away.php?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
cloudnetstorage.com/away.php?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
5.188.51.87200 OK 262 B URL HTTP/1.1 cloudnetstorage.com/away.php?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D
IP 5.188.51.87:0
ASN #209813 Fast Content Delivery LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 73a36ebcd1ddd260eeed5b89c8ad60e0
dcdbbaa36802618851490fadc800fef0dc83caf9
99afbeed77228c231f69ef05469abb2ee6468807a0b7ae6a008578c7ba8bc0f1
GET /away.php?url=I4WHKFughjJyFrljrCL72IntYEpXAQ7fQUlfhV33uZRiJVonRtDFhiow%2FTeWnkCR2k89y5vXnthe4Olp6w6aCeG6Z%2FsUctYh8KElL2R82Io%2BexYnISRCSB%2FrDl8W8A5dxmwHYzUNHsXZmysoMi5UB2WvpX997p8tJdur%2FtvzAqjpQCuyP52NESOGA%2BC1%2B%2FbdmQf1F8GsSbM%3D HTTP/1.1
Host: cloudnetstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://239.figproax.live/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
cloudnetstorage.com/favicon.ico
5.188.51.87200 OK 318 B URL HTTP/1.1 cloudnetstorage.com/favicon.ico
IP 5.188.51.87:0
ASN #209813 Fast Content Delivery LTD
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0eb6a3e58fb0f61f080bfd48d9be4a2d
669802179243bd9c47aae26d03090f5f8e40a015
3755ed10fae26af17e06f7ff740b9138c0f6b47b524d6bbbaae98f999433e1ea
GET /favicon.ico HTTP/1.1
Host: cloudnetstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 09:50:20 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Mon, 23 Mar 2020 14:03:11 GMT
Connection: keep-alive
ETag: "5e78c19f-13e"
Accept-Ranges: bytes
new.bestageoffers22.com/favicon.ico
108.178.23.114200 OK 1.2 kB URL HTTP/2 new.bestageoffers22.com/favicon.ico
IP 108.178.23.114:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: new.bestageoffers22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.bestageoffers22.com/?utm_term=7146510415860596815&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
Cookie: u=7ec79eadb049d127cc88c05425852c87
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 09:50:20 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Sat, 24 Sep 2022 09:50:20 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2
d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7146510415860596815&pub=20961&pid=20961-fccac22f-8bd3989d&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
162.55.4.52302 Found 746 kB URL HTTP/1.1 d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7146510415860596815&pub=20961&pid=20961-fccac22f-8bd3989d&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 162.55.4.52:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text, with very long lines (65210), with CRLF line terminators
Size 746 kB (745589 bytes)
Hash 6ba023703f7011d5fb117529f1454ec1
264bbc9919ed603b55195ea12ff47ee33bc01d8d
da15f86e10396469758e1ab3e98e13d3bfa1454df83528f2fc3fb43144f47eef
GET /go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7146510415860596815&pub=20961&pid=20961-fccac22f-8bd3989d&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: d0zi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.bestageoffers22.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Fri, 23 Sep 2022 09:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
d0zi.com/favicon.ico
162.55.4.52200 OK 20 B IP 162.55.4.52:0
ASN #24940 Hetzner Online GmbH
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /favicon.ico HTTP/1.1
Host: d0zi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7146510415860596815&pub=20961&pid=20961-fccac22f-8bd3989d&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 23 Sep 2022 09:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
new.bestageoffers22.com/proc.php?4d6bdeaa69a3e739d9ff1b1c331a3992c891b93b
108.178.23.114200 OK 0 B URL HTTP/2 new.bestageoffers22.com/proc.php?4d6bdeaa69a3e739d9ff1b1c331a3992c891b93b
IP 108.178.23.114:0
GET /proc.php?4d6bdeaa69a3e739d9ff1b1c331a3992c891b93b HTTP/1.1
Host: new.bestageoffers22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.bestageoffers22.com/?utm_term=7146510415860596815&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
Cookie: u=7ec79eadb049d127cc88c05425852c87
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 09:50:24 GMT
content-type: text/html; charset=UTF-8
location: https://d0zi.com/go.php?ad=6pvgwjuc578zbpcgxykd&sid=M7146510415860596815&pub=20961&pid=20961-fccac22f-8bd3989d&c=0&app=unknown&br=Firefox&os=[[os]]&d=Mozilla+Firefox&ca=NO+WiFi&a=0
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
redirecting2.eu/p/nThp/4Le2/B75W
104.21.28.122200 OK 0 B URL HTTP/2 redirecting2.eu/p/nThp/4Le2/B75W
IP 104.21.28.122:0
GET /p/nThp/4Le2/B75W HTTP/1.1
Host: redirecting2.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 23 Sep 2022 09:50:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, no-store, private
x-robots-tag: noindex, nofollow
set-cookie: 9df76ce1ec81221482cf5ba7f1d27150=9df76ce1ec81221482cf5ba7f1d27150; expires=Sat, 23-Sep-2023 09:50:17 GMT; Max-Age=31536000; path=/; secure; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPcyisamrH%2BkFXo1PKIhtsH2LcNcccTjUcaYMHh0cuLTjtq5ztC9YwfVHH5%2FBFleHgFMJR6aOjff3FipkMJrHSaGf3DfzydrevQOg6OJY0ycIjIC986OPvC9rEOLkQ5bqjM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f2600d4e2a0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
new.bestageoffers22.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=8b3001ac-bbfb-4294-bde9-6d18c039b6a4&np=1
108.178.23.114200 OK 0 B URL HTTP/2 new.bestageoffers22.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=8b3001ac-bbfb-4294-bde9-6d18c039b6a4&np=1
IP 108.178.23.114:0
GET /?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=8b3001ac-bbfb-4294-bde9-6d18c039b6a4&np=1 HTTP/1.1
Host: new.bestageoffers22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 09:50:20 GMT
content-type: text/html; charset=UTF-8
location: https://new.bestageoffers22.com/?utm_term=7146510415860596815&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=7ec79eadb049d127cc88c05425852c87; expires=Sat, 23-Sep-2023 09:50:20 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
new.bestageoffers22.com/?utm_term=7146510415860596815&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
108.178.23.114200 OK 0 B URL HTTP/2 new.bestageoffers22.com/?utm_term=7146510415860596815&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 108.178.23.114:0
GET /?utm_term=7146510415860596815&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: new.bestageoffers22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://new.bestageoffers22.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=8b3001ac-bbfb-4294-bde9-6d18c039b6a4&np=1
Cookie: u=7ec79eadb049d127cc88c05425852c87
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 09:50:20 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2