firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: b5FLw3MXMK1bZr0meizTcWzYc003NUD_YUjTx6w61LsDPgla1gUFhw==
Age: 30096
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eabb7d9ffae717f7305d63c057755470
3b7f0baccfdbb8d9ffefa4a2215d4d6094be454a
ab48f17e54075e1ecf034278e82bcacd2e3689773186cc84fba9b79aac907294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7593
Expires: Thu, 06 Oct 2022 02:15:27 GMT
Date: Thu, 06 Oct 2022 00:08:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8431
Expires: Thu, 06 Oct 2022 02:29:25 GMT
Date: Thu, 06 Oct 2022 00:08:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FfLt2bYKdjRwggTERkDyo78DcnSpXb6k3j+J1dvE0HTViUJHz0NRVY0P39+Jqur9Wc+P5bFq46fbKqhDaluZmw==
x-amz-request-id: 2V9T4XMFAAWVGV8H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 05 Oct 2022 23:30:31 GMT
age: 2303
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
yeu3x.com/
172.67.171.41301 Moved Permanently 0 B IP 172.67.171.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: yeu3x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Oct 2022 00:08:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://yeu3x.com/
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=omvAALbhsNPDfUqbb5HOGw2R8wJX3L92XJUZiVNr9E%2Fz%2Bm%2B8cvG%2BmbLEcJpWWQytEAOV%2B9Z0GyVjSOgaXfeSI6TjkDmgExGL72IwH2pmwzj4kpQDXFneozi0YAg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 755a2a4e48301c16-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 05 Oct 2022 23:29:33 GMT
Expires: Wed, 05 Oct 2022 23:55:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OM6il0GHrGGKwn7N32SD6lanMRD5JhADRTukFuz_PQ5UcLfQeAwOdA==
Age: 2362
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3819
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 00:08:55 GMT
Last-Modified: Wed, 05 Oct 2022 23:05:16 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.242.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XVRwRpNZ1uF4MqJPTJTgTQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vq/eTk/FFyoxHx8WgyqTk0E0msY=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 00:08:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-62587571-1
142.250.74.168200 OK 43 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-62587571-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash c912a37eb7680b9316e58a76e0a3d4da
c6f1a0095940c210f97a68cd14b96fa6fce4d366
499669bbda257f8eff99515b3f2fa73ce4b9f5d1a9d73d56b6cbe6cd58b92af5
GET /gtag/js?id=UA-62587571-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Oct 2022 00:08:56 GMT
expires: Thu, 06 Oct 2022 00:08:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43410
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 00:08:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:56 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://yeu3x.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 755a2a591c7b0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 00:08:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://yeu3x.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ca8a19b67c1e138d69c55f0e3a496ca
b7b476e425aadcfce607936d3d33558553ee203a
5166a734da8356a1295d45a38b27401ad091adb26b2c4f16ee2f3e9326a5cfd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5166A734DA8356A1295D45A38B27401AD091ADB26B2C4F16EE2F3E9326A5CFD2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6901
Expires: Thu, 06 Oct 2022 02:03:57 GMT
Date: Thu, 06 Oct 2022 00:08:56 GMT
Connection: keep-alive
7phdn6isqgo5.n4.adsco.re/
38.132.109.186200 OK 3.3 kB URL HTTP/1.1 7phdn6isqgo5.n4.adsco.re/
IP 38.132.109.186:0
Hash 501f31dab4ca3b0874caaea03e19c0aa
10636a7662b99969ae8f6f5b497a1b73bb01025e
06f9476a764d06ffd1c6c2a383032a92be9574c8934a6960c8ea17975b19b6ce
POST / HTTP/1.1
Host: 7phdn6isqgo5.n4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 00:08:56 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13523
Expires: Thu, 06 Oct 2022 03:54:20 GMT
Date: Thu, 06 Oct 2022 00:08:57 GMT
Connection: keep-alive
media.vivaclix.com/js/ifr.html
104.21.234.56200 OK 1.2 kB URL HTTP/2 media.vivaclix.com/js/ifr.html
IP 104.21.234.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4e00deda7b41f75ccd55090dcecd4290
7a5999709a95872fa16a7665c6fc59fbeb45ae97
a6afdd1d7097f21ceeebcf1de903cc7f35be75ca1716fdaa2177492baa0ef159
GET /js/ifr.html HTTP/1.1
Host: media.vivaclix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: text/html
last-modified: Mon, 03 Oct 2022 09:18:10 GMT
expires: Thu, 06 Oct 2022 09:20:09 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 226034
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1Ucqiqm2%2FO14DQgNp0oHILeoV0MojjDlZ0uALbIv9BLNEXzBcWcRE91yH0cIlVBKOOHzDRV5hvPZL0h59F8%2F8h6fB0SMvLzT%2BYLL6DdH8DnTJHcrX7xDnxGf2Qc7GJxM4df%2Fh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755a2a5cde377732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 172 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 82c8fc2399143e79e0d1bb34a841e1f5
c5719da0b704eedf67a3003d775bc07f1fa41172
ac10deb86fe91b6d89caf72ee3fcedf2cc9a7c0410b03af4ca90d2a3b35a0028
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1809
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 00:08:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://yeu3x.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d3175ca-da8b-4a6f-a315-9f1d92299891.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d3175ca-da8b-4a6f-a315-9f1d92299891.jpeg
IP 34.120.237.76:0
Hash aeadf61e20eeba784d337837342ccb5e
482f03c24d832fedf24b8e43e2a8135c01be5589
d7fdb9ef3349b14ea8585a9aade023cfdf0678047ac6128c05010e32fcc1c620
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d3175ca-da8b-4a6f-a315-9f1d92299891.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6693
x-amzn-requestid: 1531f482-cdf5-4506-ba1c-18a66173457b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQNxF45oAMFxJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfa57-28e8e572281d5f110c26dcf1;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:42:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: EimZGdrj091jlG994mCq23siOMuN9SVgRGfKRMGeZW_nifQS_yUXaA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:58:48 GMT
etag: "0f37ee870c8855919900c99204ffffe736548a3f"
content-type: image/jpeg
age: 7809
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aaf2d0a-832d-4fe3-85f6-f6f55993a48e.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aaf2d0a-832d-4fe3-85f6-f6f55993a48e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c37f49b9fb5eeb70a244a759a4ce0d
f2f4664206335b080db6a5608b463945e89de346
cbb8e24144c2118f3e2f2f9db09f2b4d582bca01da68fc2fb29b4d8a6df4dab5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aaf2d0a-832d-4fe3-85f6-f6f55993a48e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8192
x-amzn-requestid: b61498b4-22cd-4860-98e0-c7aad18a4d96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6sGTXoAMFZpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-23d0f24731d3bfab253f2677;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: oRlpmDZZ8uLu-tcn-j2H5XMAxfUCtHkm_xq9jUlROKsPgth0Gu-ugg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:37:06 GMT
age: 9111
etag: "f2f4664206335b080db6a5608b463945e89de346"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yeu3x.com/
104.21.39.179200 OK 41 kB IP 104.21.39.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047)
Hash b89d86f6fc383235b07d2b183ea623d1
5d808f949debf449f8cd33a8d3996e5d024c3fbd
2790a86652f2b1495bdd6a5ee1ab45d7f04aaa314b7e7216569dd0deedc1f058
GET / HTTP/1.1
Host: yeu3x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LHFC2NC3wi4lkaWAO7xmmelmFfYJZC8PfyYVCMafpdoCC%2BBzqsc85bTrVMiIBY4rToyUyyB%2BpXOseCOlYKD5HGBw4%2BpzWXvltX%2BG2lwYzBz%2FxLDd4n1ZzRZXgkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755a2a521a6d0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbffd8689-87c3-4efb-b880-4109e3dc9294.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbffd8689-87c3-4efb-b880-4109e3dc9294.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72ad6f9b79e7a3d11e3ace6b0e969614
a9cd62230d4aabfcc2e8b2494e687d854254113e
1d59cd22b3316da6f1d44076089ba983faed5327d174ddb3cb3d58f487ccae51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbffd8689-87c3-4efb-b880-4109e3dc9294.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7919
x-amzn-requestid: 01497827-07e5-4129-abf2-120b00eed8c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjPs5F1LoAMF8Ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df985-4b0c175142a6ace915d5e5d2;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:39:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: QElSCxuAj2dM9Psp2_fPTSi1goaNKkylf7D9ITOplorOFLIGIV332g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:52:46 GMT
age: 8171
etag: "a9cd62230d4aabfcc2e8b2494e687d854254113e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F585959dc-efc9-453b-bdef-59b834c43800.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F585959dc-efc9-453b-bdef-59b834c43800.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa6c2f48dc4f2d67c8918e35396e901f
4897d9af4414d827043507c90b992d5c8d8344f1
0b287a86cf539a00b0b0c839c07f0453796ed71b571664bb2ea64363198bd633
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F585959dc-efc9-453b-bdef-59b834c43800.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6363
x-amzn-requestid: d0de2bff-da5b-487b-9058-6f33b35b594d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO8FHWAIAMFbUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df84d-736ce6cb2fc072a22e65a803;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:34:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Rlg9tzQaVbL_qon437VaTKEpDWQdmrMPkXXSUu8xZRMeRBmnmx9n6w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 22:58:20 GMT
age: 4237
etag: "4897d9af4414d827043507c90b992d5c8d8344f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 72168
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
28252.deliverytrafficnews.com/v3/a/pst/js/197588
88.208.59.102204 No Content 0 B URL HTTP/2 28252.deliverytrafficnews.com/v3/a/pst/js/197588
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/a/pst/js/197588 HTTP/1.1
Host: 28252.deliverytrafficnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
r3oodleaw5au4ssir.com/t/9/fret/meow4/1879888/6e1975af.js
62.122.171.6200 OK 32 kB URL HTTP/2 r3oodleaw5au4ssir.com/t/9/fret/meow4/1879888/6e1975af.js
IP 62.122.171.6:0
Hash 2044f3300530f654ffc4c545c10496cc
183b24b4fad9f9e95850a5b4d93b9f938a6ee85e
129af2e74cc0a291d1009fb6fa9e758fb5cdf38a88e8b4ca203702ab5f3a74eb
Analyzer Verdict Alert quad9 Sinkholed
GET /t/9/fret/meow4/1879888/6e1975af.js HTTP/1.1
Host: r3oodleaw5au4ssir.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 14:13:52 GMT
vary: Accept-Encoding
etag: W/"633d9120-10b22"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
r3oodleaw5au4ssir.com/solid.gif?z=1879888&abvar=0
62.122.171.6200 OK 43 B URL HTTP/2 r3oodleaw5au4ssir.com/solid.gif?z=1879888&abvar=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1879888&abvar=0 HTTP/1.1
Host: r3oodleaw5au4ssir.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b1914e702d9edf1b2f241cadd82026a
11d8599b1ffb646583ea9c2e58527a62099b9aca
a981de3a5425beba86b32a0900cd71c7fae780de6424d6789a57889ca91fac6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A981DE3A5425BEBA86B32A0900CD71C7FAE780DE6424D6789A57889CA91FAC6F"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14062
Expires: Thu, 06 Oct 2022 04:03:19 GMT
Date: Thu, 06 Oct 2022 00:08:57 GMT
Connection: keep-alive
28252.deliverytrafficnews.com/v3/a/pop/js/197484
88.208.59.102200 OK 26 kB URL HTTP/2 28252.deliverytrafficnews.com/v3/a/pop/js/197484
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (15819)
Hash 270c765e0fc7f83bd1716fabcfe3bc7a
c145ede3ed4ed493ae2f117744ef68137365e9dd
23bbbbcb08f3c3685d35b910b6bbc19e74069096977bcfc1597221a5d7585c49
GET /v3/a/pop/js/197484 HTTP/1.1
Host: 28252.deliverytrafficnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3791fae35fa0754166a153c17b4d33c
2416c0ebeb59a5dbb874c88a747242fa03e32bb6
6ed8a41c16f75035977b43d3574fc577c3473b46db106480c4a64ca72462458a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6172
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 00:08:57 GMT
Last-Modified: Wed, 05 Oct 2022 22:26:05 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
region1.google-analytics.com/g/collect?v=2&tid=G-CFBS7DNT4Y>m=2oea50&_p=1286318527&cid=610417430.1665014937&ul=en-us&sr=1280x1024&_s=1&sid=1665014936&sct=1&seg=0&dl=https%3A%2F%2Fyeu3x.com%2F&dt=Phim%20Sex%20M%E1%BB%9Bi%2C%20Phim%203X%20Online%20Full%20HD%20C%E1%BA%ADp%20Nh%E1%BA%ADt%20Li%C3%AAn%20T%E1%BB%A5c&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-CFBS7DNT4Y>m=2oea50&_p=1286318527&cid=610417430.1665014937&ul=en-us&sr=1280x1024&_s=1&sid=1665014936&sct=1&seg=0&dl=https%3A%2F%2Fyeu3x.com%2F&dt=Phim%20Sex%20M%E1%BB%9Bi%2C%20Phim%203X%20Online%20Full%20HD%20C%E1%BA%ADp%20Nh%E1%BA%ADt%20Li%C3%AAn%20T%E1%BB%A5c&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-CFBS7DNT4Y>m=2oea50&_p=1286318527&cid=610417430.1665014937&ul=en-us&sr=1280x1024&_s=1&sid=1665014936&sct=1&seg=0&dl=https%3A%2F%2Fyeu3x.com%2F&dt=Phim%20Sex%20M%E1%BB%9Bi%2C%20Phim%203X%20Online%20Full%20HD%20C%E1%BA%ADp%20Nh%E1%BA%ADt%20Li%C3%AAn%20T%E1%BB%A5c&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://yeu3x.com
date: Thu, 06 Oct 2022 00:08:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bacb6be4e0b8a3daa8dde272177d48e9
1a7235c1bf5f773f0e1e29dd53c2147ea32cdb87
d9e35a6e9a85373f358397a0ab980db9be03563b6ee7c57d052976945f895011
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 00:08:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 18:57:10 GMT
Expires: Wed, 12 Oct 2022 18:57:09 GMT
Etag: "1a7235c1bf5f773f0e1e29dd53c2147ea32cdb87"
Cache-Control: max-age=585491,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755a2a5eae380b4d-OSL
limurol.com/ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2210051908a736df3d5054461a93931e8252; Path=/; Expires=Fri, 06 Oct 2023 00:08:57 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3791fae35fa0754166a153c17b4d33c
2416c0ebeb59a5dbb874c88a747242fa03e32bb6
6ed8a41c16f75035977b43d3574fc577c3473b46db106480c4a64ca72462458a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6172
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 00:08:57 GMT
Last-Modified: Wed, 05 Oct 2022 22:26:05 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
cdn4ads.com/HhnPL.asp?_=BAYAYz4cmQFjPhyZgAGBAsAAIH5owc3Rb54UvzSx94ev_gWXJ8JmtXnwYAJoZCOQQHEbwQBIMEYCIQD7LvqMbfmkIthxFbQsnEJd7C-ZVQ72SJF4t1CArwK2rwIhAMh5JWhL1RNsvmHoRahq3gmivtZsIBWxvAnwG0EjAgOw&v=4&KboETlzn=4755295&nNywOcfv=&iJZSgKTw=1:1,1:1,0&YNyfQJbt=&kaeqYTzB=&s=1280,1024,1,1280,1024,0
216.59.63.128200 OK 803 B URL HTTP/2 cdn4ads.com/HhnPL.asp?_=BAYAYz4cmQFjPhyZgAGBAsAAIH5owc3Rb54UvzSx94ev_gWXJ8JmtXnwYAJoZCOQQHEbwQBIMEYCIQD7LvqMbfmkIthxFbQsnEJd7C-ZVQ72SJF4t1CArwK2rwIhAMh5JWhL1RNsvmHoRahq3gmivtZsIBWxvAnwG0EjAgOw&v=4&KboETlzn=4755295&nNywOcfv=&iJZSgKTw=1:1,1:1,0&YNyfQJbt=&kaeqYTzB=&s=1280,1024,1,1280,1024,0
IP 216.59.63.128:0
File type ASCII text, with very long lines (1125), with no line terminators
Hash a7255e03a6734a571ffdf848d504dc9b
c84249250970cdde5a6eaa279c46ce1a4b751c5a
de0118818631dce232a2a92e0d2bfb7ff7e9f3aa04b17359a6023e3d7c4bcea8
GET /HhnPL.asp?_=BAYAYz4cmQFjPhyZgAGBAsAAIH5owc3Rb54UvzSx94ev_gWXJ8JmtXnwYAJoZCOQQHEbwQBIMEYCIQD7LvqMbfmkIthxFbQsnEJd7C-ZVQ72SJF4t1CArwK2rwIhAMh5JWhL1RNsvmHoRahq3gmivtZsIBWxvAnwG0EjAgOw&v=4&KboETlzn=4755295&nNywOcfv=&iJZSgKTw=1:1,1:1,0&YNyfQJbt=&kaeqYTzB=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: cdn4ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 6
cache-control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
pragma: no-cache
content-type: application/javascript; charset=utf-8
set-cookie: PP_CV=yes; expires=Thu, 06-Oct-2022 01:08:57 GMT; Max-Age=3600
fraudcheck=f29545290f4e4b12ffdca281466135a9; expires=Sat, 05-Nov-2022 00:08:57 GMT; Max-Age=2592000; path=/; domain=.popads.net
PopAds_CF_Pass=1; expires=Thu, 06-Oct-2022 06:08:57 GMT; Max-Age=21600
link: <https://free-cosmetics-online.com>;rel=preconnect
content-length: 803
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Oct 2022 00:08:57 GMT
X-Firefox-Spdy: h2
7phdn6isqgo5.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 7phdn6isqgo5.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: 7phdn6isqgo5.s4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 00:08:57 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2686f1865074a6fae2cd59c197577076
9601e7292edc7dabf9b4c4acbeb5a9a15669f0fb
82a410cebdf1e49de6f5acd5a11c5fce741698cfc9f7b95bb48f326f61c3d74a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "82A410CEBDF1E49DE6F5ACD5A11C5FCE741698CFC9F7B95BB48F326F61C3D74A"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15399
Expires: Thu, 06 Oct 2022 04:25:36 GMT
Date: Thu, 06 Oct 2022 00:08:57 GMT
Connection: keep-alive
limurol.com/ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1879888/?pb=1872545183cac592214085b5f668294e1665022137&psp=dg58vu8nb0aXg7OAB1Vfzb-e7JI2ScpenYa-uyrGyDmbOuZsvs3-qXQuJkU0Vc7iR38m9Qel8cCyg2lv3gd0mdurlPIXGIiOt2gpiSStgy7Qt-srFf5Tnu8az-mGw6zPnSSkRjceGkM9FzxVUSEW1LGHfYHCFBe2ocBod8td2zxllc1A89JUKapYT7U0AWcpvuEc93PN6F1LWwT_UA0RSnTzPge1p0s-8Sh-lyTvWuntLlN2rKVkS-7M0KkKRxGBFNKceeqizrouC19BijLWkoJ78iuThHKWy9KcAaHkqCNnwgknOWE8ps4zPqgPobSnx7du569sHaS4tOv87LkeLtp_TkGEFFi6FosimrwSnQj4GPxcvBGY_zDpb0WyMw3EKlKGDHdY0bAlHnydcpdyfxrkUVt2j6eHv9An36mBt4F_ZY8StN425jiHVHx11HCyuThw9YvI2vAYJDbaFAX9ia44eZn9YZnqAKGZc_ddzOQOhCUn6NrMX_d-W48UnvcdSNeGyIsZOnwHUDso3QtNG_L4JbP31TMzpY_IGS7D07r_3WxvingeYNTyR6SNk9e0vR6Hbo-Drl5M3qeEp8HxMU4=&cb=_cldj082e18aago3iub9cxz&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2210051908d7eb293dbc004a76ad6e7b9714; Path=/; Expires=Fri, 06 Oct 2023 00:08:57 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2686f1865074a6fae2cd59c197577076
9601e7292edc7dabf9b4c4acbeb5a9a15669f0fb
82a410cebdf1e49de6f5acd5a11c5fce741698cfc9f7b95bb48f326f61c3d74a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "82A410CEBDF1E49DE6F5ACD5A11C5FCE741698CFC9F7B95BB48F326F61C3D74A"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15399
Expires: Thu, 06 Oct 2022 04:25:36 GMT
Date: Thu, 06 Oct 2022 00:08:57 GMT
Connection: keep-alive
free-cosmetics-online.com/favicon.ico
104.21.23.47404 Not Found 152 B URL HTTP/2 free-cosmetics-online.com/favicon.ico
IP 104.21.23.47:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 2f90d09dda34ec17dd7633cab2a8f899
169fb3694629d59c895db49f2085558e0f21119f
a6ec76f6ed1c21aadbe211fed1c31558591906020a7c06df66603455030198e7
GET /favicon.ico HTTP/1.1
Host: free-cosmetics-online.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 11
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hmNuq0J8xnF9B9WcjYSiwq4r4w5xKlfNkdtA2lr6E0c1fTXt5z4b049IZLdTGGbX1kFJ2%2BQuwoqaZ6rAHLxv4GJpGwa97sURaakiOJnOKk%2Fot2DslKY23JypA1B5XEEurIhZ2AYqTPuOX2O6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755a2a60ddc4b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
media.vivaclix.com/js/code.min.js?4.3.1
104.21.234.56200 OK 14 kB URL HTTP/2 media.vivaclix.com/js/code.min.js?4.3.1
IP 104.21.234.56:0
File type ASCII text, with very long lines (15751)
Hash 1ef34cc986f0b9b6139a3d0b926709c4
c5c3ee96cf81cb6d18791da61965ee6ae08c3dbb
04488d31d42cd1b6e77ebe5927a4330e1d1e75c671b10f8056f94f450e678a72
GET /js/code.min.js?4.3.1 HTTP/1.1
Host: media.vivaclix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://media.vivaclix.com/js/ifr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 09:18:10 GMT
etag: W/"633aa8d2-8d7d"
expires: Thu, 06 Oct 2022 09:20:10 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 152688
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DaYqCQGNTV2svJ7n9hkl6CEGiYpmx%2FNgD4BW3qpcyQHBCUDWLnaCotEGo4k%2BL%2FMa1OUdKP4wT9XJnEJjR9VCOvoX3SP0ByiYy6sKYupqAtyUdseP1vcFthXmP54egTJTH%2FoKXqE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755a2a5d3eaa7732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf3cf74b-e020-403d-b52e-28fa9422685f.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf3cf74b-e020-403d-b52e-28fa9422685f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3222f99612aade6e826abd0777d174ab
87a07ee9edaede64877f4fb54343aacd5aa01fcf
18f2f9a9fa80180dda5cab4593580eff2345829c3a90304437987ce603b8f4c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf3cf74b-e020-403d-b52e-28fa9422685f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: c07cda09-37f4-4ec9-b1e9-93c69a1bc591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjPuoGvsIAMFpUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df990-1a7a7cdf117520d30028adb4;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:39:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: QGIXuZufYmPU4vyoTeV6pOvqBuuFZPVcolaS4REnc_ZcqYGoDQQZ2A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 22:08:05 GMT
age: 7258
etag: "87a07ee9edaede64877f4fb54343aacd5aa01fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3oodleaw5au4ssir.com/get/1879888?zoneid=1879888&jp=_clqxk3m3a15jlbfc0pd4ku&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5457142976444660
62.122.171.6200 OK 0 B URL HTTP/2 r3oodleaw5au4ssir.com/get/1879888?zoneid=1879888&jp=_clqxk3m3a15jlbfc0pd4ku&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5457142976444660
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1879888?zoneid=1879888&jp=_clqxk3m3a15jlbfc0pd4ku&nojs=0&ix=0&abvar=0&t=0&x=1280&y=898&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=5457142976444660 HTTP/1.1
Host: r3oodleaw5au4ssir.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22100519080be2c57131594128afa0412a2e; Path=/; Expires=Fri, 06 Oct 2023 00:08:57 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
www.cdn4ads.com/bricks.min.js
185.76.9.15200 OK 0 B URL HTTP/2 www.cdn4ads.com/bricks.min.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /bricks.min.js HTTP/1.1
Host: www.cdn4ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:56 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Sat, 08 Oct 2022 08:54:32 GMT
access-control-allow-origin: *
link: <https://cdn4ads.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1665219272
server: CDN77-Turbo
x-77-nzt: AblMCQ1YSlz/UBwGAA
x-77-nzt-ray: +xJzMoZtcr4
x-cache: HIT
x-age: 400464
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
media.vivaclix.com/js/code.min.js
104.21.234.56200 OK 0 B URL HTTP/2 media.vivaclix.com/js/code.min.js
IP 104.21.234.56:0
GET /js/code.min.js HTTP/1.1
Host: media.vivaclix.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 00:08:57 GMT
content-type: application/javascript
last-modified: Mon, 12 Sep 2022 08:16:16 GMT
etag: W/"631eead0-8d7d"
expires: Fri, 23 Sep 2022 11:54:09 GMT
cache-control: max-age=259200
x-robots-tag: noindex, nofollow, noarchive, noimageindex
cf-cache-status: HIT
age: 1340075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HQ4BTkPxsSrHZoNBc68MipDqvpyp3IS27Rf50fkxa6uXoMCN%2BD%2Fc5Mop%2BM3qEr3DrVh1Eg5VhID2m37vhZgNKNfyBx%2FVtHerYT%2F68M6ejGwV71gmoAE3pEPzXp2cmsVSvKcuZns%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755a2a5cbe177732-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
28252.deliverytrafficnews.com/jiJAC4U5PwbhZtdxoEWUMWYX08lV8t-Bc_1Yfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLiAbQETLr0kJHptv8tNrt8jinMAiRrlVxeor-EJyk0?kws=phim%2Csex%2Conline%2Cfull&abl=0&fsb=0&pageUri=https%3A%2F%2Fyeu3x.com%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22898%22%2C%221268%22%2C%22898%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Oct%2006%202022%2000%3A08%3A57%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fyeu3x.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
88.208.59.102200 OK 0 B URL HTTP/2 28252.deliverytrafficnews.com/jiJAC4U5PwbhZtdxoEWUMWYX08lV8t-Bc_1Yfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLiAbQETLr0kJHptv8tNrt8jinMAiRrlVxeor-EJyk0?kws=phim%2Csex%2Conline%2Cfull&abl=0&fsb=0&pageUri=https%3A%2F%2Fyeu3x.com%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22898%22%2C%221268%22%2C%22898%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Oct%2006%202022%2000%3A08%3A57%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fyeu3x.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
GET /jiJAC4U5PwbhZtdxoEWUMWYX08lV8t-Bc_1Yfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLiAbQETLr0kJHptv8tNrt8jinMAiRrlVxeor-EJyk0?kws=phim%2Csex%2Conline%2Cfull&abl=0&fsb=0&pageUri=https%3A%2F%2Fyeu3x.com%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22898%22%2C%221268%22%2C%22898%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Oct%2006%202022%2000%3A08%3A57%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fyeu3x.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A HTTP/1.1
Host: 28252.deliverytrafficnews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yeu3x.com
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 00:09:00 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://yeu3x.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 06 Oct 2022 00:09:00 UTC
expires: Thu, 06 Oct 2022 00:09:00 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeu3x.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 5V1xQQYkVCGkYo/1aoA9hPnZt871I2zaCowY7h6s8wedYAMClkF0tQnrFbFlZ631bBGpcP4U82BU4sSb3cF8ig==
date: Thu, 06 Oct 2022 00:08:57 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2