urlquery - report: blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
blueskyactivecontrol.net (4)	0	2022-07-27 21:01:51 UTC	2022-08-30 15:18:39 UTC	185.177.94.108	Unknown ranking
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-08-30 13:55:21 UTC	34.120.237.76
oo00.biz (3)	0	2022-07-11 06:31:27 UTC	2022-08-30 10:22:55 UTC	212.129.26.70	Unknown ranking
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-08-30 20:00:24 UTC	93.184.220.29
0.blueskyactivecontrol.net (4)	0	2022-07-27 21:01:48 UTC	2022-08-30 16:49:02 UTC	185.177.94.108	Unknown ranking
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2022-08-30 04:28:52 UTC	35.160.51.228
oo00.biz (3)	0	2022-07-11 06:31:27 UTC	2022-08-30 10:22:55 UTC	212.83.170.88	Unknown ranking
firefox.settings.services.mozilla.com (2)	867	2016-03-17 08:25:01 UTC	2022-08-30 13:03:36 UTC	143.204.55.115
r3.o.lencr.org (7)	344	2020-12-02 08:52:13 UTC	2022-08-30 04:23:29 UTC	23.36.77.32
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-08-30 04:28:52 UTC	143.204.55.110
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-08-30 04:25:59 UTC	34.117.237.239

Scan Date	Severity	Indicator	Comment
2022-08-30	2	oo00.biz	Sinkholed
2022-08-30	2	oo00.biz	Sinkholed
2022-08-30	2	oo00.biz	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-03-27 08:21:48 +0000	0 - 3 - 0	di4.biz/?auf=heygmm3gg45dgmzsgqxtcmzugq4s6nbp (...)	185.177.94.108
2023-03-27 08:07:44 +0000	0 - 3 - 0	net17.biz/?pu\=hbsggmjrge5ha3ddf4ztkobwredir- (...)	185.177.94.108
2023-03-27 00:00:34 +0000	0 - 3 - 0	us02.biz/	185.177.94.108
2023-03-13 07:58:10 +0000	0 - 3 - 0	go4s.biz/	185.177.94.108
2023-01-07 14:26:41 +0000	0 - 2 - 3	gloveryforredwine.com/	185.177.94.108

Date	UQ / IDS / BL	URL	IP
2023-03-28 12:09:21 +0000	0 - 3 - 0	offergate-apps-publicity.com/8-1ddmdm-cjb-ilf (...)	88.208.46.156
2023-03-28 07:07:04 +0000	0 - 0 - 1	vidox.net/blnd/index.php	192.243.61.225
2023-03-28 06:39:59 +0000	0 - 0 - 0	skirmishharbour.com	192.243.59.20
2023-03-28 04:55:28 +0000	0 - 1 - 3	jetordinarilysouvenirs.com/var34rtyaf?jskavv= (...)	192.243.59.13
2023-03-28 01:40:49 +0000	0 - 0 - 3	blacknesskeepplan.com/iw71eeqvp1?kbb=9&refer= (...)	192.243.61.227

Date	UQ / IDS / BL	URL	IP
2023-01-17 11:07:30 +0000	0 - 0 - 2	blueskyactivecontrol.net/	134.209.192.77
2022-08-30 22:12:10 +0000	0 - 0 - 3	blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg (...)	185.177.94.108

Date	UQ / IDS / BL	URL	IP
2023-03-28 10:48:42 +0000	0 - 4 - 0	traaawmag.com/	68.66.231.78
2023-03-28 10:34:10 +0000	0 - 2 - 0	t64j2.app.link/svhawWPQtyb	54.230.111.16
2023-03-28 03:38:54 +0000	0 - 3 - 0	ipfs.io/ipfs/bafybeigtfci24y6if55nxub3ydzo4t4 (...)	209.94.90.1
2023-03-27 22:07:03 +0000	0 - 0 - 1	cupme.org/cl/367c72c2265e715e?p1=4427719171&p (...)	104.21.57.12
2023-03-27 18:27:52 +0000	0 - 1 - 0	sl.slidegenius.com/t/108599/c/8d587689-dc46-4 (...)	54.87.142.20

JavaScript

Executed Scripts (6)

Executed Evals (2)

#1 JavaScript::Eval (size: 7839) - SHA256: 554581c4e5a9899aa8d62502948de16c95adb7bbc4affb1ca1c59bba859e3396

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('/ ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //0.blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://0.blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=df699806-7585-4c86-8256-2122c36265ea&d=gm2gezrzhe5gi3bpg42daoi&land=23',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='/?auf=gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju&s=1&sub1=&sub2=Xtrain6&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/w66899721.js').then(()=>{if(Notification.permission==='granted'){window.location.href='/?auf=gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju&s=1&sub1=&sub2=Xtrain6&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

#2 JavaScript::Eval (size: 7893) - SHA256: 21f30cfbb67cd09a6ce99b056a047e91cc9b47b59c232f75cf9328ff82abd5f9

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('/ ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace(' / ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('
            BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG - xOq6GiK31R - NF--qzgT3_C2jurmRX_N6nY4g ');var denied=function(){window.location.href=' / ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 '};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('
            p256dh '):'
            ';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'
            ';let rawAuthSecret=fff.getKey?fff.getKey('
            auth '):'
            ';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'
            ';return fetch(' / ? send = df699806 - 7585 - 4 c86 - 8256 - 2122 c36265ea & d = gm2gezrzhe5gi3bpg42daoi & land = 23 ',{method:'
            POST ',mode:'
            no - cors ',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href=' / ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 '}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='
            granted '){CCC()}else{denied()}})};if('
            serviceWorker 'in navigator){workerInstaller=navigator.serviceWorker.register(' / w66899721.js ').then(()=>{if(Notification.permission==='
            granted '){window.location.href=' / ? auf = gnrdenbrgq5diojygyxtonbqhextemzpge3dmmjyhe3tkmju & s = 1 & sub1 = & sub2 = Xtrain6 & sub3 = & sub4 = & cpc = 0 & cpm = 0 '}else if(Notification.permission!=='
            denied '){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

Executed Writes (0)

HTTP Transactions (30)

Request	Response
GET /?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 HTTP/1.1 Host: blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub (...) FQDN: blueskyactivecontrol.net IP: 185.177.94.108 HASH: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a 185.177.94.108 HTTP/1.1 301 Moved Permanently Content-Type: text/html Server: nginx Date: Tue, 30 Aug 2022 22:11:53 GMT Content-Length: 162 Connection: keep-alive Location: https://blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 162 Md5: 4f8e702cc244ec5d4de32740c0ecbd97 Sha1: 3adb1f02d5b6054de0046e367c1d687b6cdf7aff Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Tue, 30 Aug 2022 21:19:21 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: tb6o4ZhVIooI97O4U5ifbOYfpQb5LunYmn6FrxCaYq1IBro5YQOGVQ== Age: 3152 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 99b7d23c1748d0526782b9ff9ea45f09 Sha1: eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149" Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5916 Expires: Tue, 30 Aug 2022 23:50:29 GMT Date: Tue, 30 Aug 2022 22:11:53 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 517693963cc46e7a35a054296d0edfd5 Sha1: 11dfcd7e118e5f8d31e664e56ac29c57f973b8b3 Sha256: ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 143.204.55.110 HASH: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345 143.204.55.110 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Sat, 20 Aug 2022 23:18:05 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Mon, 29 Aug 2022 22:35:59 GMT etag: "742edb4038f38bc533514982f3d2e861" x-cache: Hit from cloudfront via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: ooMuTD_UFp8eBEwy1iO0RHbbJekGZ0OLpAKKeuPjSVvpGdsEK1Q09Q== age: 84955 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 742edb4038f38bc533514982f3d2e861 Sha1: cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1 Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 199dab970a84284c97da26849b2ac022091de0d33505a2d98036e753def428f8 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "199DAB970A84284C97DA26849B2AC022091DE0D33505A2D98036E753DEF428F8" Last-Modified: Mon, 29 Aug 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=1969 Expires: Tue, 30 Aug 2022 22:44:43 GMT Date: Tue, 30 Aug 2022 22:11:54 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: e612b49755f933095dc948a72d80c636 Sha1: c7ec6b508eba1ce06184828ee057e81c340d230d Sha256: 199dab970a84284c97da26849b2ac022091de0d33505a2d98036e753def428f8
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /w66899721.js HTTP/1.1 Host: blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: blueskyactivecontrol.net/w66899721.js FQDN: blueskyactivecontrol.net IP: 185.177.94.108 HASH: dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad 185.177.94.108 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT content-length: 49 last-modified: Wed, 27 Jul 2022 05:35:25 GMT etag: "62e0ce9d-31" access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 49 Md5: 8b2c9a0f63099698ba10b15b41fa47e4 Sha1: dba24ca51e5b2c0fba6fa07441972a2fcc217088 Sha256: dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
GET /favicon.ico HTTP/1.1 Host: blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: blueskyactivecontrol.net/favicon.ico FQDN: blueskyactivecontrol.net IP: 185.177.94.108 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.94.108 HTTP/2 204 No Content server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 1d86dc23188c1ee53726416e742929415bd761373e7748e3e6cc3217421b91a8 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "1D86DC23188C1EE53726416E742929415BD761373E7748E3E6CC3217421B91A8" Last-Modified: Tue, 30 Aug 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13217 Expires: Wed, 31 Aug 2022 01:52:11 GMT Date: Tue, 30 Aug 2022 22:11:54 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 2968880f18bdd79799eec1766e6ae183 Sha1: bae542e1521cec5b9cd9e36e93280b7d751915db Sha256: 1d86dc23188c1ee53726416e742929415bd761373e7748e3e6cc3217421b91a8
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 143.204.55.115 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 143.204.55.115 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Cache-Control: max-age=3600 Date: Tue, 30 Aug 2022 21:17:12 GMT Expires: Tue, 30 Aug 2022 21:28:24 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: KlHXlbbKnJmGMlBWCk1BunWOajLWmgjbs7eSlPEbOXcdqsAEOf2YKw== Age: 3282 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 608e2b7d208977f18da12165c9eb1539656d7754dc49f3f687736151a4810e06 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5797 Cache-Control: 'max-age=158059' Date: Tue, 30 Aug 2022 22:11:54 GMT Last-Modified: Tue, 30 Aug 2022 20:35:17 GMT Server: ECS (ska/F707) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: f67e41cdd7e5f2aa8f93d031979c9109 Sha1: 5f4c0093f9bf8f8e48e0d7f56ed31aba0c6f43f6 Sha256: 608e2b7d208977f18da12165c9eb1539656d7754dc49f3f687736151a4810e06
GET /w66899721.js HTTP/1.1 Host: 0.blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea; uuid=df699806-7585-4c86-8256-2122c36265ea Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: 0.blueskyactivecontrol.net/w66899721.js FQDN: 0.blueskyactivecontrol.net IP: 185.177.94.108 HASH: dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad 185.177.94.108 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 server: nginx date: Tue, 30 Aug 2022 22:11:55 GMT content-length: 49 last-modified: Wed, 27 Jul 2022 05:35:25 GMT etag: "62e0ce9d-31" access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 49 Md5: 8b2c9a0f63099698ba10b15b41fa47e4 Sha1: dba24ca51e5b2c0fba6fa07441972a2fcc217088 Sha256: dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
GET /favicon.ico HTTP/1.1 Host: 0.blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea; uuid=df699806-7585-4c86-8256-2122c36265ea Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	URL: 0.blueskyactivecontrol.net/favicon.ico FQDN: 0.blueskyactivecontrol.net IP: 185.177.94.108 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.94.108 HTTP/2 204 No Content server: nginx date: Tue, 30 Aug 2022 22:11:55 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 1OdiF9DytwqQ+Xp4LUd4ag== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 35.160.51.228 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 35.160.51.228 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: 4zsznsE6WFB9fRo1XlUGHKVkQ48= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /w66899721.js HTTP/1.1 Host: 0.blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea; uuid=df699806-7585-4c86-8256-2122c36265ea; uuid=df699806-7585-4c86-8256-2122c36265ea Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin If-Modified-Since: Wed, 27 Jul 2022 05:35:25 GMT If-None-Match: "62e0ce9d-31" Cache-Control: max-age=0 TE: trailers	URL: 0.blueskyactivecontrol.net/w66899721.js FQDN: 0.blueskyactivecontrol.net IP: 185.177.94.108 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 185.177.94.108 HTTP/2 304 Not Modified server: nginx date: Tue, 30 Aug 2022 22:11:56 GMT last-modified: Wed, 27 Jul 2022 05:35:25 GMT etag: "62e0ce9d-31" access-control-allow-origin: * X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 1d86dc23188c1ee53726416e742929415bd761373e7748e3e6cc3217421b91a8 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "1D86DC23188C1EE53726416E742929415BD761373E7748E3E6CC3217421B91A8" Last-Modified: Tue, 30 Aug 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13215 Expires: Wed, 31 Aug 2022 01:52:11 GMT Date: Tue, 30 Aug 2022 22:11:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 2968880f18bdd79799eec1766e6ae183 Sha1: bae542e1521cec5b9cd9e36e93280b7d751915db Sha256: 1d86dc23188c1ee53726416e742929415bd761373e7748e3e6cc3217421b91a8
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74" Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8588 Expires: Wed, 31 Aug 2022 00:35:04 GMT Date: Tue, 30 Aug 2022 22:11:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8483eb99dbd130593ed0072e2fbaccf9 Sha1: fcb83f0b4a448f0b94b0bf9db431cc802413dacd Sha256: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74" Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8588 Expires: Wed, 31 Aug 2022 00:35:04 GMT Date: Tue, 30 Aug 2022 22:11:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8483eb99dbd130593ed0072e2fbaccf9 Sha1: fcb83f0b4a448f0b94b0bf9db431cc802413dacd Sha256: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74" Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8588 Expires: Wed, 31 Aug 2022 00:35:04 GMT Date: Tue, 30 Aug 2022 22:11:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8483eb99dbd130593ed0072e2fbaccf9 Sha1: fcb83f0b4a448f0b94b0bf9db431cc802413dacd Sha256: 5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: e221638eff281c27ef4656f76e64963718186285c57e50a8958bd3065e662674 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9980 x-amzn-requestid: b9f6b930-9c47-41b9-879d-ce239e39f033 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: XpTMGHlNoAMFuoA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-630d324d-72ea52c010dff34438bbca28;Sampled=0 x-amzn-remapped-date: Mon, 29 Aug 2022 21:40:29 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: fHSa3fGJD-E4daWDZyyKGaErPw9YBbAwJ2uQ2dxbxl2UJCXXDRykag== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 21:45:04 GMT age: 1612 etag: "0c122f15422cab7ee3461e8fa657183ae54adcc5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9980 Md5: 82bc1c69018845280d29653d6b2d6f8d Sha1: 0c122f15422cab7ee3461e8fa657183ae54adcc5 Sha256: e221638eff281c27ef4656f76e64963718186285c57e50a8958bd3065e662674
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ed547f-030a-462d-a7c7-12a7748cf9c8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5fe0511116c6bd2d6e668c69764905c3a5c93fa23a4dc207b0f4b1604783ceb6 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5925 x-amzn-requestid: 15e5a8fd-8a14-486d-9e83-7da3dafd1713 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: XpSfZEEooAMFbeA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-630d312f-05652d4e06746e8b4f4be29b;Sampled=0 x-amzn-remapped-date: Mon, 29 Aug 2022 21:35:43 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: bYTWcGb1-aWdEhGox1If7F0NpZ0JDobDMZK6l0J7a2tb9_ejGKDiDQ== via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 21:45:09 GMT age: 1607 etag: "ec2a4baf0a21c1738a541d89756cccd6f3bef5fd" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5925 Md5: 91310bc1fb5ae0efa502a9bafe046399 Sha1: ec2a4baf0a21c1738a541d89756cccd6f3bef5fd Sha256: 5fe0511116c6bd2d6e668c69764905c3a5c93fa23a4dc207b0f4b1604783ceb6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19e4053-4c42-4436-ba83-5e76fd16f5a4.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: f722656c432bbec2baa63b6edc4116c1996850462864456105d9fea9c3bc7ff4 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10056 x-amzn-requestid: 2eb7bbf2-47ad-4f80-98e8-ecb45e98961b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Xguh2H_woAMFXnQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6309c472-7dda060b4e7c81262aef3421;Sampled=0 x-amzn-remapped-date: Sat, 27 Aug 2022 07:14:58 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 1cunCq4Z1J-oQSmTlcAtgfXO0A4_XpHKl2UHpRCbf75--3eHEIgZGQ== via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 11:39:46 GMT age: 37930 etag: "110f2eecf72c6b89f250ebefeff5ef664dc2f3f6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10056 Md5: 0502c5060f29d82fd10f9f79459e2ce0 Sha1: 110f2eecf72c6b89f250ebefeff5ef664dc2f3f6 Sha256: f722656c432bbec2baa63b6edc4116c1996850462864456105d9fea9c3bc7ff4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4955929-0b9f-4215-9599-dffe8c74c90c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 09a5ddc32918b441b6d3ce3eed211d674d3844db6770e06bb3fecb86cc85771a 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8909 x-amzn-requestid: 2c4357d3-5c22-465a-a65a-e281d87c5305 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: XnTxZGYEIAMFeZA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-630c666f-36b5010a793ab9c87182a895;Sampled=0 x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: 2Y3cwsCGFKFQYWkxG96XsjTJMrCMccbdhjRvbB04PCNF2YupDcEcng== via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 07:33:49 GMT age: 52687 etag: "143f7bb98f57f8e6189e73e75a9fc93d29548962" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8909 Md5: feb433a0823cccb81dc4c5fa13ba4ed2 Sha1: 143f7bb98f57f8e6189e73e75a9fc93d29548962 Sha256: 09a5ddc32918b441b6d3ce3eed211d674d3844db6770e06bb3fecb86cc85771a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac04243-b8b9-46aa-ad1f-285d333e6c88.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 0e0b84df674d48517a04819604deb555c904518f093784691de4914b6ddb9e9d 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10672 x-amzn-requestid: 9044b578-ffc7-4890-a16f-bf6d5e242f46 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: XnTWcEUnoAMF_UA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-630c65c2-4397932f1417f6ab2463c4b0;Sampled=0 x-amzn-remapped-date: Mon, 29 Aug 2022 07:07:46 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: uc8twk9uXve3wFxTvsZa_sg-aduiVBxXjTvOdqBc_BZmgw4BldMyHQ== via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 07:15:20 GMT age: 53796 etag: "bf1d4347e1641da5aebe6ae438c0431232ae6242" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10672 Md5: 9f9132960db725a095b0db1773dc6f69 Sha1: bf1d4347e1641da5aebe6ae438c0431232ae6242 Sha256: 0e0b84df674d48517a04819604deb555c904518f093784691de4914b6ddb9e9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd073058d-a781-4fa3-abd4-05363877c306.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 2284c74b04493c7a67907b2477bac252832f3550c6a7e57c221abefc45a12549 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8478 x-amzn-requestid: 8ae5ce3f-0d58-412b-84f1-579c5cf21fd8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: XpTWIH5JoAMFh9g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-630d328d-7bb707102a3acb0320585b52;Sampled=0 x-amzn-remapped-date: Mon, 29 Aug 2022 21:41:33 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: G0y5MCu_U2IUMTrWxPmyUefwSkF5tcEWpPh7sZ-Bn_1lXZv12tlpgQ== via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google date: Tue, 30 Aug 2022 21:57:58 GMT age: 838 etag: "b2866f84f93b73d97e9aecfa2293ff47131b6d67" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8478 Md5: 87425d52d274ccbc12298aa7a47395f2 Sha1: b2866f84f93b73d97e9aecfa2293ff47131b6d67 Sha256: 2284c74b04493c7a67907b2477bac252832f3550c6a7e57c221abefc45a12549
GET /?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 HTTP/1.1 Host: blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub (...) FQDN: blueskyactivecontrol.net IP: 185.177.94.108 185.177.94.108 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT access-control-allow-origin: * set-cookie: uuid=df699806-7585-4c86-8256-2122c36265ea; expires=Thu, 29-Sep-2022 22:11:54 GMT; Max-Age=2592000; path=/; domain=blueskyactivecontrol.net strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info ---
GET /sw/w1s.js HTTP/1.1 Host: oo00.biz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://blueskyactivecontrol.net/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	URL: oo00.biz/sw/w1s.js FQDN: oo00.biz IP: 212.83.170.88 212.83.170.88 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT access-control-allow-origin: * expires: Wed, 30 Aug 2023 22:11:54 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Alerts: Blocklists: - quad9: Sinkholed
GET /?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6 HTTP/1.1 Host: 0.blueskyactivecontrol.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://blueskyactivecontrol.net/ Cookie: uuid=df699806-7585-4c86-8256-2122c36265ea Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-site TE: trailers	URL: 0.blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&s (...) FQDN: 0.blueskyactivecontrol.net IP: 185.177.94.108 185.177.94.108 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Tue, 30 Aug 2022 22:11:54 GMT access-control-allow-origin: * set-cookie: uuid=df699806-7585-4c86-8256-2122c36265ea; expires=Thu, 29-Sep-2022 22:11:54 GMT; Max-Age=2592000; path=/; domain=0.blueskyactivecontrol.net strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info ---
GET /sw/w1s.js HTTP/1.1 Host: oo00.biz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.blueskyactivecontrol.net/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers	URL: oo00.biz/sw/w1s.js FQDN: oo00.biz IP: 212.83.170.88 212.83.170.88 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Tue, 30 Aug 2022 22:11:55 GMT access-control-allow-origin: * expires: Wed, 30 Aug 2023 22:11:55 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Alerts: Blocklists: - quad9: Sinkholed
GET /sw/w1s.js HTTP/1.1 Host: oo00.biz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: oo00.biz/sw/w1s.js FQDN: oo00.biz IP: 212.129.26.70 212.129.26.70 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Tue, 30 Aug 2022 22:11:56 GMT access-control-allow-origin: * expires: Wed, 30 Aug 2023 22:11:56 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Alerts: Blocklists: - quad9: Sinkholed

URL	blueskyactivecontrol.net/?p=gm2gezrzhe5gi3bpg42daoi&sub2=Xtrain6
IP	185.177.94.108 (United Kingdom)
ASN	#39572 DataWeb Global Group B.V.
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-08-30 22:12:10 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	3
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.177.94.108

Last 5 reports on ASN: DataWeb Global Group B.V.

Last 2 reports on domain: blueskyactivecontrol.net

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (2)

#1 JavaScript::Eval (size: 7839) - SHA256: 554581c4e5a9899aa8d62502948de16c95adb7bbc4affb1ca1c59bba859e3396

#2 JavaScript::Eval (size: 7893) - SHA256: 21f30cfbb67cd09a6ce99b056a047e91cc9b47b59c232f75cf9328ff82abd5f9

Executed Writes (0)

HTTP Transactions (30)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.177.94.108

Last 5 reports on ASN: DataWeb Global Group B.V.

Last 2 reports on domain: blueskyactivecontrol.net

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (2)

#1 JavaScript::Eval (size: 7839) - SHA256: 554581c4e5a9899aa8d62502948de16c95adb7bbc4affb1ca1c59bba859e3396

#2 JavaScript::Eval (size: 7893) - SHA256: 21f30cfbb67cd09a6ce99b056a047e91cc9b47b59c232f75cf9328ff82abd5f9

Executed Writes (0)

HTTP Transactions (30)

Network Intrusion Detection Systems