| cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a305da8c6a60487e05b30a&source=888.465513.888fb.us. | 51.83.143.92 | 302 Found | 0 B |
URL HTTP/1.1cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a305da8c6a60487e05b30a&source=888.465513.888fb.us. IP51.83.143.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=63a305da8c6a60487e05b30a&source=888.465513.888fb.us. HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 21 Dec 2022 13:11:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2is
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashbbea1550fedd5eb9c265712fab75b137 2c2f981747898a380265f766345f2bb9c8c983fd c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4415
Expires: Wed, 21 Dec 2022 14:24:46 GMT
Date: Wed, 21 Dec 2022 13:11:11 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash04c14564c7083355371e41c5a09acada ea488e34661be5420c798c7e26f193b4dee7bb37 d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6532
Expires: Wed, 21 Dec 2022 15:00:03 GMT
Date: Wed, 21 Dec 2022 13:11:11 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashdcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 21 Dec 2022 12:45:55 GMT
content-type: application/json
age: 1516
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashcf03270e3476f7482a2cc7ddc6a9e857 ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a 43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4562
Expires: Wed, 21 Dec 2022 14:27:13 GMT
Date: Wed, 21 Dec 2022 13:11:11 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash53341dea33f4f3d9b4966f80589f429a 20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /zsQzIHdsy6PKQvQSI0TvoqYH0NjvAmxPAIz2KlKg30IDiIy+7E3ccXBY+HTgFgnacAOVRhIG78=
x-amz-request-id: TV5A8ARX3DPW2TXG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Dec 2022 12:29:51 GMT
age: 2480
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashc57438e0bd6fa8b3d0650a4eb96779c2 28a32eb2096b9318e6e4522ae13c6d08066617cb 3ec7c363d0789e558a2ddefa428b8363d4b21d3ab890e1dc5f14c0059daa32bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3EC7C363D0789E558A2DDEFA428B8363D4B21D3AB890E1DC5F14C0059DAA32BC"
Last-Modified: Mon, 19 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16712
Expires: Wed, 21 Dec 2022 17:49:44 GMT
Date: Wed, 21 Dec 2022 13:11:12 GMT
Connection: keep-alive
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:11 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us. | 51.83.143.92 | 200 OK | 505 B |
URL HTTP/1.1samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us. IP51.83.143.92:0
File typeHTML document text\012- HTML document, ASCII text, with very long lines (557) Hashc598c0728299d1e716f2112b6f5af86a 5bf65258627fafd5fa3b983aa74ec6757d4b1b55 7870f8602cc5b48e3318b82e6e3f639c3b48fc0ff827e9084f66a23a6fd0eb0a
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us. HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 13:11:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63a305f0aa63206bbd0090e8; expires=Sat, 24-Dec-2022 13:11:12 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
|
|
| samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.&bv=1 | 51.83.143.92 | 302 Found | 0 B |
URL HTTP/1.1samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.&bv=1 IP51.83.143.92:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.
Cookie: bt-603611c5b7eaf46891533240=63a305f0aa63206bbd0090e8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 21 Dec 2022 13:11:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
|
|
| samba.trffclb.com/favicon.ico | 51.83.143.92 | 200 OK | 20 B |
URL HTTP/1.1samba.trffclb.com/favicon.ico IP51.83.143.92:0
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.465513.888fb.us.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 13:11:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 21 Dec 2022 13:08:02 GMT
age: 190
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash859d899d982bb69df5fb16b8393fa119 580215f1d4f81cda04012c0889cfd9b18ba11863 38159dd549e94d45798b614efa5f968de7b74830c845220d1b6c1435f3940a94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4695
Cache-Control: max-age=162833
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 13:11:12 GMT
Etag: "63a2ccaa-1d7"
Expires: Fri, 23 Dec 2022 10:25:05 GMT
Last-Modified: Wed, 21 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
|
|
| popcash.net/world/go/134600/317194 | 104.21.52.38 | 301 Moved Permanently | 162 B |
URL HTTP/2popcash.net/world/go/134600/317194 IP104.21.52.38:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 21 Dec 2022 13:11:12 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7r%2BLhwzzg8QupvvSvTgTmnIKCulNKf9B6XksBw5dFAlWQiC0JPzXM3Sb1neCTbnbXRTTbkRWOzK6AUWrSwb1HUTuZ2DwSHo0KVaufbNuKXHrc3ZX2POTm0IJeuvZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77d0dcbdeea90afe-OSL
X-Firefox-Spdy: h2
|
|
| ps.popcash.net/go/134600/317194 | 52.20.154.189 | 200 OK | 272 B |
URL HTTP/1.1ps.popcash.net/go/134600/317194 IP52.20.154.189:0
File typeHTML document, ASCII text Hashbac5592f0c4136cbdb708b45191a37e9 3b8bc5466896ddaa578c18a032661e16b09be130 37c6d2214e897d9c422b557ce81312c98f125966395248b98cd00adff03e1c74
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 21 Dec 2022 13:11:12 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 35.82.221.194 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.82.221.194:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RF4BV+tgn5gCP9F9zGL1yQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 82XwZ2ncLjz5h2Y+5PH/3slDfMU=
|
|
| ps.popcash.net/ad/ad?p=134600&w=317194&t=cd4b35281a9a08aa&r=&vw=1280&vh=0 | 52.20.154.189 | 303 See Other | 0 B |
URL HTTP/1.1ps.popcash.net/ad/ad?p=134600&w=317194&t=cd4b35281a9a08aa&r=&vw=1280&vh=0 IP52.20.154.189:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=cd4b35281a9a08aa&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Wed, 21 Dec 2022 13:11:13 GMT
Location: http://ciar-kep.com/zcvisitor/f1ac2f02-8130-11ed-8654-12b209bb2bc1/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=577f4850-5dd5-11ed-9380-0a918cbcbb97#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
|
|
| ciar-kep.com/zcvisitor/f1ac2f02-8130-11ed-8654-12b209bb2bc1/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=577f4850-5dd5-11ed-9380-0a918cbcbb97 | 44.197.81.247 | 302 | 0 B |
URL HTTP/1.1ciar-kep.com/zcvisitor/f1ac2f02-8130-11ed-8654-12b209bb2bc1/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=577f4850-5dd5-11ed-9380-0a918cbcbb97 IP44.197.81.247:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /zcvisitor/f1ac2f02-8130-11ed-8654-12b209bb2bc1/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=577f4850-5dd5-11ed-9380-0a918cbcbb97 HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Wed, 21 Dec 2022 13:11:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://go.money616.xyz/X15?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z
Server: JArRtLxZ
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashca272e871e7c7bf41445ae13622da8ec beeb8e87b823cc31e95c30db8e12625e0896e4b8 8365fe0b806823bfbc0d06dd26979a92d8d554472166fafc854f099d0d493730
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8365FE0B806823BFBC0D06DD26979A92D8D554472166FAFC854F099D0D493730"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9257
Expires: Wed, 21 Dec 2022 15:45:30 GMT
Date: Wed, 21 Dec 2022 13:11:13 GMT
Connection: keep-alive
|
|
| go.money616.xyz/X15?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z | 18.184.197.212 | 200 OK | 439 B |
URL HTTP/1.1go.money616.xyz/X15?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z IP18.184.197.212:0
File typeHTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hash4a889663462e873ed784d08d4a8054dd 457ac94b6e0560990ec50fdeb49efa5d41b606d0 5130ecc05c271773bb225212698e2eff63a292cc1216e3c6912a58b9e828d890
GET /X15?sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z HTTP/1.1
Host: go.money616.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
connection: close
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-powered-by: Short.io link shortener
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
content-length: 439
Date: Wed, 21 Dec 2022 13:11:13 GMT
|
|
| ocsp.sectigo.com/ | 172.64.155.188 | 200 OK | 472 B |
IP172.64.155.188:0
Hash8b09462127c5dc677305716741015d86 f637f0d74994b832422303c1ce03a38d565d5012 2b11b7b80789992a8ac200602eca9e9ce6dbb3a19bd58e76f2fb7c0de1b49fcf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 13:11:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Dec 2022 10:25:06 GMT
Expires: Wed, 28 Dec 2022 10:25:05 GMT
Etag: "f637f0d74994b832422303c1ce03a38d565d5012"
Cache-Control: max-age=594231,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77d0dcc67c2ab4f3-OSL
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3262
Expires: Wed, 21 Dec 2022 14:05:36 GMT
Date: Wed, 21 Dec 2022 13:11:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3262
Expires: Wed, 21 Dec 2022 14:05:36 GMT
Date: Wed, 21 Dec 2022 13:11:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6313
Expires: Wed, 21 Dec 2022 14:56:27 GMT
Date: Wed, 21 Dec 2022 13:11:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdb151f8790fc80bb535b13560972296a 768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1 36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6313
Expires: Wed, 21 Dec 2022 14:56:27 GMT
Date: Wed, 21 Dec 2022 13:11:14 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg | 34.120.237.76 | 200 OK | 9.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd412dc903a0b59ad7b621087ea0ac761 f2ea37308a210ac16412bac93b63a83a5a018c39 08afbc5941a511b6c536d33a8975fae902f5c4c814de0ed1b7f444c1c4233aad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9661
x-amzn-requestid: 7046f4e1-0f80-4ae7-9500-1b1a07839232
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuz0F-OoAMF9Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e7e-720525d72a8ce03b45b37d86;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:04:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: DFhw6VQYvJWY5-UKONEP7sH5rhw7sMPD5Z1zrEYZKDdfu6NVTt4mHA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:07:39 GMT
age: 21815
etag: "f2ea37308a210ac16412bac93b63a83a5a018c39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg | 34.120.237.76 | 200 OK | 9.1 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3bd6359db3b908389343275ee839466b 9094f8e9275252a8e9d5e65fd3e87851b2f80bd7 7380590a93f8a21907c39ddce2f51c599161f219522df4099e9c1a82bcd1e40e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9069
x-amzn-requestid: 103b5caf-fa82-4d66-97e6-99c77027f759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DG_hoAMFoKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-1a4accb80dbf5e9f2f696c85;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D8V_RlBCxL1RHxtCyWkX7_IsCCrOdv2o1Wdic0N_aUz0qguhANp88A==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:41 GMT
age: 56013
etag: "9094f8e9275252a8e9d5e65fd3e87851b2f80bd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9202be4f-c80f-463e-ae97-df62e4689fe3.jpeg | 34.120.237.76 | 200 OK | 9.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9202be4f-c80f-463e-ae97-df62e4689fe3.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash9f6e7d0dd2bed1d198a2be85d9ad3748 70d1ae32facfe702116c64c5fbc18dda254588d7 38d81432aa46cdcf8184fb452abe0ce42bbc35d3416ee39215d5d15b33e6ee30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9202be4f-c80f-463e-ae97-df62e4689fe3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9262
x-amzn-requestid: 4111d2bd-948e-4b1e-8704-5558f3f4c550
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da4XCHiCoAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10760-144810cd3cfd845135d7c807;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:52:48 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: rnGo6u5QyZO-OnZYTmZy0zfLCbfUPB5uIEVyHVImdEA5afGb3U6Z_A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 9825a45e2b387a61504c0c3df20048ee.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 11:44:02 GMT
age: 5232
etag: "70d1ae32facfe702116c64c5fbc18dda254588d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd4aa7e9e3fe28e9c401786f7415171f7 8482a47175ff105957d640269bc14ee1fbc97448 2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: axz1LSfJfBvAFuJl53Sl6Kh7r2R4FiTuDB3Xb_XI5AwXB20Gs4rg5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:49:59 GMT
age: 55275
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg | 34.120.237.76 | 200 OK | 9.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash8f5b2e482a0944dfc0de3a69659fa002 64dd897d9163a6eceadc0c5460cdd135d323abb3 feb1a63a27859b88257d50c3c8723131978fd1f363a6f9e1297b91549b4aed9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 981a0010-ec53-4659-818b-4cfa39fa8cd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuhqGUbIAMF_QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e0a-65b084547c4d2b4414236f84;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:02:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -AR7jIQqHV2XWDLH1W7rybyRGcDQ4oSGQsneAScw7MHK3nwjYYkjWg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:02:35 GMT
age: 22119
etag: "64dd897d9163a6eceadc0c5460cdd135d323abb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg | 34.120.237.76 | 200 OK | 6.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash5ee781b4dac0e5f31cad54166a2bf7ae a5357119d272bbe12c5b04ce485adde44baab79e 888def1ab766561e373c83c6e9479a0ac0a8644f92bcf02ebf4cd110d0f53579
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a093de-42e4-4a82-ae88-ffa4606c2565.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6809
x-amzn-requestid: 392b7c42-81b7-4ab8-84bc-e2bc48eb6c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dX5RAE19oAMFVKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639fd59f-78738e5d7cec75db6ccc5507;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: khJQIYa8pgVvRmBe4gdU5a8InsztW9pdj0wBDk7Ih-W4wJjNJm-GTg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 03:36:37 GMT
age: 34477
etag: "a5357119d272bbe12c5b04ce485adde44baab79e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.sectigo.com/ | 172.64.155.188 | 200 OK | 472 B |
IP172.64.155.188:0
Hash8b09462127c5dc677305716741015d86 f637f0d74994b832422303c1ce03a38d565d5012 2b11b7b80789992a8ac200602eca9e9ce6dbb3a19bd58e76f2fb7c0de1b49fcf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 13:11:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Dec 2022 10:25:06 GMT
Expires: Wed, 28 Dec 2022 10:25:05 GMT
Etag: "f637f0d74994b832422303c1ce03a38d565d5012"
Cache-Control: max-age=594230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77d0dcc8ef6ab4f3-OSL
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 313 B |
IP93.184.220.29:0
Hashebedf17e5bf098a6ebff53d6d9dfc2a7 2971fcea33b0287cfda93ba9535b0fdb0641df87 f45cf269f7b2848dd0b94a714cd985c672440c61888b38589117d04e44497bd8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1481
Cache-Control: max-age=126184
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 13:11:14 GMT
Etag: "63a24a11-139"
Expires: Fri, 23 Dec 2022 00:14:18 GMT
Last-Modified: Tue, 20 Dec 2022 23:49:37 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 313
|
|
| adspredictiv.com/script/i.php?stamat=m%257C%252C%252CAiImdiE2tGU3B5-GH0dEdHP3xP.2cf%252CevmYBJZSjgPWD9S9vJ_JkB-J_OrTZO3uWAjSph4CNTArDoQJ4u70_8I_gTeYFl83pSnEYOxra1n_IbPAXb3j_pMnsMYPNrAKUU9Dg9a_zL8UcL6gMUX5VEgFl-JmRYde1LOU0bBwtIVwCXAb_lUx0GwDbg2qOCbFAkGAvWqggEEFJHaRM9_NAFtzjzp6APkrY_0aE4itftgL2HLG5dbs2EPya7MxexpagTKAW0qu-bAKTWq-_dzBetLruBU0Ygp5S7ghUPI_Wvy-CDI6v_wiV5owfP1ujPwoE_EE4lEzoh6PSGsyPGkqc-mNA1QIpF3Kb0uJAQkFxRSKD6ImY2RZzZbp6DNJVg3rDan0vgHWnpH4k7RYyeC3yIFLaKvjj2Nk05crRn_p4AVLMU95oFySgy9BmrNZQalAeGy_t3qSrzfedwrgeih_qsIYbuOf__lxDBHaTsOtX2R_gKmSgjWIQrn_YqbcMAztNt-hJqAOaJ0VFDL8xA_kwhDTjBMyIjT5zy-n7hov6z-jLXAenhpJD-uUxfCqaQZKlZUE0zLsHBJ0MTGaRvYX4ry0Rl27IDYoIv_6eKku8j-7T1WGPvSNnQ%252C%252C | 35.190.38.40 | 302 Found | 1 B |
URL HTTP/2adspredictiv.com/script/i.php?stamat=m%257C%252C%252CAiImdiE2tGU3B5-GH0dEdHP3xP.2cf%252CevmYBJZSjgPWD9S9vJ_JkB-J_OrTZO3uWAjSph4CNTArDoQJ4u70_8I_gTeYFl83pSnEYOxra1n_IbPAXb3j_pMnsMYPNrAKUU9Dg9a_zL8UcL6gMUX5VEgFl-JmRYde1LOU0bBwtIVwCXAb_lUx0GwDbg2qOCbFAkGAvWqggEEFJHaRM9_NAFtzjzp6APkrY_0aE4itftgL2HLG5dbs2EPya7MxexpagTKAW0qu-bAKTWq-_dzBetLruBU0Ygp5S7ghUPI_Wvy-CDI6v_wiV5owfP1ujPwoE_EE4lEzoh6PSGsyPGkqc-mNA1QIpF3Kb0uJAQkFxRSKD6ImY2RZzZbp6DNJVg3rDan0vgHWnpH4k7RYyeC3yIFLaKvjj2Nk05crRn_p4AVLMU95oFySgy9BmrNZQalAeGy_t3qSrzfedwrgeih_qsIYbuOf__lxDBHaTsOtX2R_gKmSgjWIQrn_YqbcMAztNt-hJqAOaJ0VFDL8xA_kwhDTjBMyIjT5zy-n7hov6z-jLXAenhpJD-uUxfCqaQZKlZUE0zLsHBJ0MTGaRvYX4ry0Rl27IDYoIv_6eKku8j-7T1WGPvSNnQ%252C%252C IP35.190.38.40:0
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /script/i.php?stamat=m%257C%252C%252CAiImdiE2tGU3B5-GH0dEdHP3xP.2cf%252CevmYBJZSjgPWD9S9vJ_JkB-J_OrTZO3uWAjSph4CNTArDoQJ4u70_8I_gTeYFl83pSnEYOxra1n_IbPAXb3j_pMnsMYPNrAKUU9Dg9a_zL8UcL6gMUX5VEgFl-JmRYde1LOU0bBwtIVwCXAb_lUx0GwDbg2qOCbFAkGAvWqggEEFJHaRM9_NAFtzjzp6APkrY_0aE4itftgL2HLG5dbs2EPya7MxexpagTKAW0qu-bAKTWq-_dzBetLruBU0Ygp5S7ghUPI_Wvy-CDI6v_wiV5owfP1ujPwoE_EE4lEzoh6PSGsyPGkqc-mNA1QIpF3Kb0uJAQkFxRSKD6ImY2RZzZbp6DNJVg3rDan0vgHWnpH4k7RYyeC3yIFLaKvjj2Nk05crRn_p4AVLMU95oFySgy9BmrNZQalAeGy_t3qSrzfedwrgeih_qsIYbuOf__lxDBHaTsOtX2R_gKmSgjWIQrn_YqbcMAztNt-hJqAOaJ0VFDL8xA_kwhDTjBMyIjT5zy-n7hov6z-jLXAenhpJD-uUxfCqaQZKlZUE0zLsHBJ0MTGaRvYX4ry0Rl27IDYoIv_6eKku8j-7T1WGPvSNnQ%252C%252C HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adverster.g2afse.com/click?pid=162&offer_id=75&sub4=6415938-828379781-353572507&sub1=167162827410000TNOTV415326358024V4b
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe6a6d9648c333480f19e45ff86466ea9 cbac10872db2d6b7dc4ed96c753ff080ed68c1c7 9d8b44cb58d21b66992d9365d3a691865be5cf8d4a29acedee618d196e8c0ea8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D8B44CB58D21B66992D9365D3A691865BE5CF8D4A29ACEDEE618D196E8C0EA8"
Last-Modified: Wed, 21 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3797
Expires: Wed, 21 Dec 2022 14:14:31 GMT
Date: Wed, 21 Dec 2022 13:11:14 GMT
Connection: keep-alive
|
|
| free3dgame.xyz/files/jquery.min.js | 146.190.28.107 | 200 OK | 35 kB |
URL HTTP/2free3dgame.xyz/files/jquery.min.js IP146.190.28.107:0
Hashf2b9a78e3f2d4a2f51b36a89c9fbebd6 d31d54bbeaac83da760b3ae4f5f4e8fecb244ea9 c53f0c4d9316b50dd3cbc7e8e90c6094c2194d2c6b8591f743ace0ea685eff6f
GET /files/jquery.min.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 10:25:01 GMT
vary: Accept-Encoding
etag: W/"628cb27d-15851"
expires: Thu, 22 Dec 2022 01:11:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| free3dgame.xyz/files/main.css | 146.190.28.107 | 200 OK | 2.3 kB |
URL HTTP/2free3dgame.xyz/files/main.css IP146.190.28.107:0
Hash00f8ed7cb1522be9616fbe0b4c8d6d85 4402aca47fddb561ea814aeaf3075db4b9890ccc ca2a797093f34ffecbe3ee3fac7c92fdb76b3385af34bc00a7241edf70b69833
GET /files/main.css HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: text/css
last-modified: Wed, 25 May 2022 07:54:53 GMT
vary: Accept-Encoding
etag: W/"628de0cd-11de"
expires: Thu, 22 Dec 2022 01:11:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| free3dgame.xyz/files/1.png | 146.190.28.107 | 200 OK | 91 kB |
URL HTTP/2free3dgame.xyz/files/1.png IP146.190.28.107:0
File typePNG image data, 268 x 341, 8-bit/color RGBA, non-interlaced\012- data Hashb1ca79a348b74c1f02654dcdc06fbd7a 015f9320975c34adbacd595681605c79797c0880 19ddba2395038bfe50d196bd2313219bcace3ebf24837e50c700d1f8f5e63a87
GET /files/1.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: image/png
content-length: 91434
last-modified: Tue, 24 May 2022 10:25:50 GMT
etag: "628cb2ae-1652a"
expires: Fri, 20 Jan 2023 13:11:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hasheadadfec0a65bce69128230cfa49f936 1ae7fbb4969315fc2d13cf0a63d1909c499147db bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 13:11:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162 | 146.190.28.107 | 200 OK | 518 kB |
URL HTTP/2free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162 IP146.190.28.107:0
Size518 kB (517889 bytes) Hash7334db2fb3bb39ab21af5561c7873112 59d5d1bf8b3e283d1c37ca0b3d31df5f4f3b9037 1532710c0b5e1f5370d71335c927cafb75b296b595276491f80cee74ccc8b7ca
GET /?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162 HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: text/html
last-modified: Tue, 24 May 2022 17:49:19 GMT
vary: Accept-Encoding
etag: W/"628d1a9f-730"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| free3dgame.xyz/files/mob.jpg | 146.190.28.107 | 200 OK | 294 kB |
URL HTTP/2free3dgame.xyz/files/mob.jpg IP146.190.28.107:0
File typeJPEG image data, progressive, precision 8, 1182x2100, components 3\012- data Size294 kB (294511 bytes) Hash6293f6397f0fc4f54cdee9f1016aa620 e1fe2d942487529eef53fc77e5eae9b518ec2944 657405356cbcd646c8090fdb0dbc62755bea4b1b2b0fae0fdade66a4af776f2b
GET /files/mob.jpg HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: image/jpeg
content-length: 294511
last-modified: Tue, 24 May 2022 11:28:39 GMT
etag: "628cc167-47e6f"
expires: Fri, 20 Jan 2023 13:11:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 | 216.58.207.227 | 200 OK | 32 kB |
URL HTTP/2fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 31516, version 1.0\012- data Hash9e4726d312080161871f0472659ecf14 e0231f21da02732e9ef19c2280ea5a7aa25f04de 68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
GET /s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://free3dgame.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 03:12:41 GMT
expires: Fri, 15 Dec 2023 03:12:41 GMT
cache-control: public, max-age=31536000
age: 554314
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hasheadadfec0a65bce69128230cfa49f936 1ae7fbb4969315fc2d13cf0a63d1909c499147db bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 13:11:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| free3dgame.xyz/files/lang.js | 146.190.28.107 | 200 OK | 40 kB |
URL HTTP/2free3dgame.xyz/files/lang.js IP146.190.28.107:0
Hash91688249388e29d5d5c0a5e2a38fdf22 b2c9083bc8b63b3f4d49219109a477949734d6f8 e8aaeee15cb57aa7bb5a506c9e5339ab5f1fdb09aeb6a9d58ba112a8b6b157c2
GET /files/lang.js HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 12:43:28 GMT
vary: Accept-Encoding
etag: W/"628cd2f0-1f66"
expires: Thu, 22 Dec 2022 01:11:14 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| free3dgame.xyz/files/apple-touch-icon.png | 146.190.28.107 | 200 OK | 9.4 kB |
URL HTTP/2free3dgame.xyz/files/apple-touch-icon.png IP146.190.28.107:0
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data Hash049ac8181fb1c147054e1ec9ae763d70 565397e7f0a82d7c31abccddbd9a310fddb3591d 6812893aafb0fdffa269b19ed588193637747a850b3d20ac51c38d09ccffdc95
GET /files/apple-touch-icon.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:15 GMT
content-type: image/png
content-length: 9390
last-modified: Tue, 24 May 2022 10:25:37 GMT
etag: "628cb2a1-24ae"
expires: Fri, 20 Jan 2023 13:11:15 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| free3dgame.xyz/files/favicon-16x16.png | 146.190.28.107 | 200 OK | 493 B |
URL HTTP/2free3dgame.xyz/files/favicon-16x16.png IP146.190.28.107:0
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data Hasha2a4b5d7c260fd7b81ea7daa0922c45c 736f12c449c0d7b8809bd0efc96a041b2dd0b377 80a2bb3256c6169c7b0784d69b3f199510a9e345bbff1f7480ac209fcd985b78
GET /files/favicon-16x16.png HTTP/1.1
Host: free3dgame.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free3dgame.xyz/?key=uipkpesg6utwznp7fqly&code=63a305f203bb520001f2fa52&sub1=167162827410000TNOTV415326358024V4b&sub2=XXX-road_v1+low&sub3=ADCASH_PREPAY&sub4=6415938-828379781-353572507&sub5=162
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 13:11:15 GMT
content-type: image/png
content-length: 493
last-modified: Tue, 24 May 2022 10:22:25 GMT
etag: "628cb1e1-1ed"
expires: Fri, 20 Jan 2023 13:11:15 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hasheadadfec0a65bce69128230cfa49f936 1ae7fbb4969315fc2d13cf0a63d1909c499147db bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 13:11:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc7ac0b5738bab6b4ed770c26ca922250 e56fd4ee2f5354a54a6271db2be528f98eecd3d7 5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _nupdrdRDG-S085FRNoJgzDQVg9Ngb_nYDR5C1AkkterWy8vlXBxGw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:41:22 GMT
age: 55798
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| adspredictiv.com/jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z | 35.190.38.40 | 200 OK | 0 B |
URL HTTP/2adspredictiv.com/jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z IP35.190.38.40:0
GET /jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 21 Dec 2022 13:11:13 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| adspredictiv.com/jump/next.php?stamat=m%257CN6NjPmdjaQdH8AH0dEdHP3xP.f84%252C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRoBat7QIJfrezTCMvtRMzvl1ekjJ_B-J_8n2H0xGjIqTi6RdUqK4eEqMnQXFZZCyLC7SPfMXWL75GkJypNL7yoH&cbpage=https://adspredictiv.com/jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6558384882849401&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= | 35.190.38.40 | 302 Found | 0 B |
URL HTTP/2adspredictiv.com/jump/next.php?stamat=m%257CN6NjPmdjaQdH8AH0dEdHP3xP.f84%252C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRoBat7QIJfrezTCMvtRMzvl1ekjJ_B-J_8n2H0xGjIqTi6RdUqK4eEqMnQXFZZCyLC7SPfMXWL75GkJypNL7yoH&cbpage=https://adspredictiv.com/jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6558384882849401&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= IP35.190.38.40:0
GET /jump/next.php?stamat=m%257CN6NjPmdjaQdH8AH0dEdHP3xP.f84%252C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRoBat7QIJfrezTCMvtRMzvl1ekjJ_B-J_8n2H0xGjIqTi6RdUqK4eEqMnQXFZZCyLC7SPfMXWL75GkJypNL7yoH&cbpage=https://adspredictiv.com/jump/next.php?r=6415938&sub1=vitellary-lion&sub2=whiskey-ria-ss9gkru3z&cbur=0.6558384882849401&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Wed, 21 Dec 2022 13:11:14 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adspredictiv.com/script/i.php?stamat=m%257C%252C%252CAiImdiE2tGU3B5-GH0dEdHP3xP.2cf%252CevmYBJZSjgPWD9S9vJ_JkB-J_OrTZO3uWAjSph4CNTArDoQJ4u70_8I_gTeYFl83pSnEYOxra1n_IbPAXb3j_pMnsMYPNrAKUU9Dg9a_zL8UcL6gMUX5VEgFl-JmRYde1LOU0bBwtIVwCXAb_lUx0GwDbg2qOCbFAkGAvWqggEEFJHaRM9_NAFtzjzp6APkrY_0aE4itftgL2HLG5dbs2EPya7MxexpagTKAW0qu-bAKTWq-_dzBetLruBU0Ygp5S7ghUPI_Wvy-CDI6v_wiV5owfP1ujPwoE_EE4lEzoh6PSGsyPGkqc-mNA1QIpF3Kb0uJAQkFxRSKD6ImY2RZzZbp6DNJVg3rDan0vgHWnpH4k7RYyeC3yIFLaKvjj2Nk05crRn_p4AVLMU95oFySgy9BmrNZQalAeGy_t3qSrzfedwrgeih_qsIYbuOf__lxDBHaTsOtX2R_gKmSgjWIQrn_YqbcMAztNt-hJqAOaJ0VFDL8xA_kwhDTjBMyIjT5zy-n7hov6z-jLXAenhpJD-uUxfCqaQZKlZUE0zLsHBJ0MTGaRvYX4ry0Rl27IDYoIv_6eKku8j-7T1WGPvSNnQ%252C%252C
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|