firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 18:10:29 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oEQg5BOf4oJfBFetIlT92RF7VDu_GXccdbFLhcWxCKv4i4aTgdLjAA==
Age: 2590
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11157
Expires: Thu, 15 Sep 2022 21:59:36 GMT
Date: Thu, 15 Sep 2022 18:53:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BkCZPJG6l02P-2ZTUtRiiVeEGA_jWiHVoqfdk0orIr1pwcpHKo9aNQ==
age: 51504
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 15 Sep 2022 18:03:22 GMT
Expires: Thu, 15 Sep 2022 18:03:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OkL7HYrnwRmMgVa04xjSpP0An5k3bVocGyn8GR8xNZSIvNFrM3vPug==
Age: 3017
ar.moddroid.co/apps/videomusic/soundcloud
104.18.21.115301 Moved Permanently 154 B URL HTTP/1.1 ar.moddroid.co/apps/videomusic/soundcloud
IP 104.18.21.115:0
File type HTML document, ASCII text, with no line terminators
Hash c11fd21d7ddfbff6e505e4d003e75249
9ccc81c34c90c95c2f6ed315f62cce5a2028d1be
97cf4639518f67c660bdd7969f2e4328d789f66cc77384dd4584d1e245f644a5
Analyzer Verdict Alert fortinet Malware
GET /apps/videomusic/soundcloud HTTP/1.1
Host: ar.moddroid.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 15 Sep 2022 18:53:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://ar.moddroid.co/apps/videomusic/soundcloud
Vary: Accept, Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b390fe7ac00b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3391
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:39 GMT
Last-Modified: Thu, 15 Sep 2022 17:57:08 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.246.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.246.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7ik+6D/qK0hrUndUlFqr9Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fTRsGonvoD9Cyqx0yN077U7Oiq8=
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-2.jpg
104.18.17.131200 OK 56 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-2.jpg
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2f49819283ea3ed6d2448aaa9bba8c9e
3e59f5a0a55db7506770dc0a986ba9f760402173
04c5cc7ff6016255bed93ea9a2187c5947c1ea92e9496825e5aa9c197e3b6d7a
GET /moddroid-uploads/2021/04/soundcloud-2.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 55454
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=77352
content-disposition: inline; filename="soundcloud-2.webp"
etag: "617a4513-12e28"
last-modified: Thu, 28 Oct 2021 06:37:07 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7ooR6imWh
x-77-nzt-ray: ywrJGpx3Poo
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 294
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b39107fac4fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/packages/com.soundcloud.android/icon_27dbfd.png
104.18.17.131200 OK 4.0 kB URL HTTP/2 cdn.ezjojoy.com/packages/com.soundcloud.android/icon_27dbfd.png
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 330ce7ec304a73cf917b1aca10faba51
77d6debd2f81e903f8fbf0dc6bc2000e7624024e
4d4a5a941a4efc4a70f7b7ac7c8f1498e7336b42d37cfbca65ff55b94057bc2f
GET /packages/com.soundcloud.android/icon_27dbfd.png HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 4044
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6160
content-disposition: inline; filename="icon_27dbfd.webp"
etag: "61e5800a-1810"
last-modified: Mon, 17 Jan 2022 14:41:14 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7oo1anGih
x-77-nzt-ray: bggOnUXbuoI
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 179106
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b39107facafabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-1.jpg
104.18.17.131200 OK 70 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-1.jpg
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 02888a88c7e56dea75e2a1e6c7241d1a
2863a37fc9bd37e3eef36b8e9a4dae7eba8f1c02
f64e243b0c0fbdcc28aef9cd2cf88f8df41d1d5d50e1b986b7c85cc9a3e27f83
GET /moddroid-uploads/2021/04/soundcloud-1.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 70410
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=91233
content-disposition: inline; filename="soundcloud-1.webp"
etag: "617a4516-16461"
last-modified: Thu, 28 Oct 2021 06:37:10 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7oo27enCh
x-77-nzt-ray: e2u1aTX2W1k
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 294
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b391080ad2fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud.jpg
104.18.17.131200 OK 126 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud.jpg
IP 104.18.17.131:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x889, components 3\012- data
Size 126 kB (126104 bytes)
Hash 5db5b00427d729a2d5c60a516b9efa5f
eb287cd13de81035e3f742ff201a8bac99166659
c233a598f84c04adebc0017c05e5e9ed87987584fa97fac46b644904cbfe9430
GET /moddroid-uploads/2021/04/soundcloud.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/jpeg
content-length: 126104
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=154935, status=webp_bigger
etag: "617a4518-25d37"
last-modified: Thu, 28 Oct 2021 06:37:12 GMT
x-77-cache: MISS
x-77-nzt: AVm7oo206B6h
x-77-nzt-ray: axI5vNSCCRg
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 294
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b391080acefabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-3.jpg
104.18.17.131200 OK 66 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-3.jpg
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 92599a1d06b84b3040e72125f23a3e75
005cec2fc1a05fe4b5bfc68991ec95ad44b2f2b3
ffc2d4888e7b7dd68a5772b57dac594b90b7bb4c53032fc93da6716c301426eb
GET /moddroid-uploads/2021/04/soundcloud-3.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 65838
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=89555
content-disposition: inline; filename="soundcloud-3.webp"
etag: "617a4513-15dd3"
last-modified: Thu, 28 Oct 2021 06:37:07 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7ooQpVRih
x-77-nzt-ray: Cl0zJbch3dE
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 294
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b391081ae3fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-4.jpg
104.18.17.131200 OK 56 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-4.jpg
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bbdbc9e3007a4f630ce9cb998f3335a7
0ab507ee560a41d342034ceacccb0cbd31592ee4
6f4742d0d50d123eb8bccac84741ef684c85b20e294eaac87b417669a9920886
GET /moddroid-uploads/2021/04/soundcloud-4.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 56540
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=83947
content-disposition: inline; filename="soundcloud-4.webp"
etag: "617a4511-147eb"
last-modified: Thu, 28 Oct 2021 06:37:05 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7ooTQvr2h
x-77-nzt-ray: 2g8Ca7Y6rMg
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 294
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b391082aeafabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-5.jpg
104.18.17.131200 OK 66 kB URL HTTP/2 cdn.ezjojoy.com/moddroid-uploads/2021/04/soundcloud-5.jpg
IP 104.18.17.131:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 164dd80908cbd2d01d5298daa115119b
dd3a7b56c910bc85889191b954117c323b1241eb
2c6ccc6785947c4c669eea9ef0b189765aee445f03888bc95dcb0fa596e58328
GET /moddroid-uploads/2021/04/soundcloud-5.jpg HTTP/1.1
Host: cdn.ezjojoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: image/webp
content-length: 66150
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=107814
content-disposition: inline; filename="soundcloud-5.webp"
etag: "617a4510-1a526"
last-modified: Thu, 28 Oct 2021 06:37:04 GMT
vary: Accept
x-77-cache: MISS
x-77-nzt: AVm7ooT/sOCh
x-77-nzt-ray: y8oSNBdsc34
x-77-pop: singapore2SG
x-cache: MISS
cf-cache-status: HIT
age: 295
expires: Thu, 15 Sep 2022 22:53:40 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 74b39107fac9fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash 465de127c8084e5a41dd09dcb2279c65
d197ae9b2c6962ab5d1f8d6a3e26a67fadf65eb0
010ac3a7eda353e67e68012a075cd09ce486d5db13150e3fbe6cf803178c316c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "010AC3A7EDA353E67E68012A075CD09CE486D5DB13150E3FBE6CF803178C316C"
Last-Modified: Wed, 14 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7021
Expires: Thu, 15 Sep 2022 20:50:41 GMT
Date: Thu, 15 Sep 2022 18:53:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.242200 OK 2.4 kB IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash 39334a74e7641012c0091ba4e2a3e095
c1482d44fe9814b26e0211a19bfdde231e0a48d3
03f65b53b34902a358a683a12993daba9f9b132f4a03b58ce7605128d3735db5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "07F61518FA3437E72B86CC24BF15677F8E6AA1CCD5BC43D9261CDBBC80363324"
Last-Modified: Tue, 13 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9684
Expires: Thu, 15 Sep 2022 21:35:04 GMT
Date: Thu, 15 Sep 2022 18:53:40 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash 0cf29ca0e68319c19ef7dcfbaa45f932
2fcf2239666b3aa8134d617305732295582a95f0
a0e831e370eca6d0afde38adf8307319b87ac9aae217004ca64597b3f53763f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0E831E370ECA6D0AFDE38ADF8307319B87AC9AAE217004CA64597B3F53763F9"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21264
Expires: Fri, 16 Sep 2022 00:48:04 GMT
Date: Thu, 15 Sep 2022 18:53:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash 51a81875cfc576cfdef5dc96f978e713
b9a85de614d936aff9daa4b1bd78d724b6849d13
56e3788cc93f90cd8ca56314c7e3d43672dce2a51b4558b2ceacc26a2496db9a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56E3788CC93F90CD8CA56314C7E3D43672DCE2A51B4558B2CEACC26A2496DB9A"
Last-Modified: Wed, 14 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14020
Expires: Thu, 15 Sep 2022 22:47:20 GMT
Date: Thu, 15 Sep 2022 18:53:40 GMT
Connection: keep-alive
ej.showishsinus.com/r9H1cTBGF0vL/51749
23.109.82.79200 OK 25 B URL HTTP/1.1 ej.showishsinus.com/r9H1cTBGF0vL/51749
IP 23.109.82.79:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /r9H1cTBGF0vL/51749 HTTP/1.1
Host: ej.showishsinus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 18:53:40 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ar.moddroid.co
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Fri, 16-Sep-2022 18:53:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Fri, 16-Sep-2022 18:53:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
hb.towerycacara.com/taHBeGeWGMfxFL/51740
23.109.150.138200 OK 25 B URL HTTP/1.1 hb.towerycacara.com/taHBeGeWGMfxFL/51740
IP 23.109.150.138:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /taHBeGeWGMfxFL/51740 HTTP/1.1
Host: hb.towerycacara.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 18:53:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ar.moddroid.co
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Fri, 16-Sep-2022 18:53:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Fri, 16-Sep-2022 18:53:40 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=G-72DT1JGQ0Z
142.250.74.72200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-72DT1JGQ0Z
IP 142.250.74.72:0
File type ASCII text, with very long lines (20189)
Hash f2be98612627a67373858c89b238438b
8958e4c29808968380ca28fa22cbec39676c4d74
743f6ba2fb4d47cb343cb6c8e3e37f95acc66bbee04f078aefa4251ef40390c3
GET /gtag/js?id=G-72DT1JGQ0Z HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 15 Sep 2022 18:53:40 GMT
expires: Thu, 15 Sep 2022 18:53:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 56b4a90e8be043082aa30d490fe93e47
6c94d4b9610ec757d7e7851ac2e478edff1309f8
c59724a0ece262f497d3f09f4e90ae49a11a3a150134183cc10ef2c47f5fe9b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash 8abaae08e857ce70e2e3e05e3c892c3a
d964ba316c59addf10e29018f95e7bc12c55b793
5c12e411338b132d76660e348ce57e6e1ff73c8e8e40e8dfd4e6a697aea1a2bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C12E411338B132D76660E348CE57E6E1FF73C8E8E40E8DFD4E6A697AEA1A2BC"
Last-Modified: Wed, 14 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 15 Sep 2022 22:57:15 GMT
Date: Thu, 15 Sep 2022 18:53:40 GMT
Connection: keep-alive
propu.sh/zone?pub=0&zone_id=5234444&is_mobile=false&domain=ar.moddroid.co&var=&ymid=&var_3=
139.45.197.250200 OK 705 B URL HTTP/2 propu.sh/zone?pub=0&zone_id=5234444&is_mobile=false&domain=ar.moddroid.co&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 5366b3c8099dea174fe272a945817bd2
f020790b96b48d2a5fbc9e344a3fb5b4a4caa486
2208e4571f9dffa8707e97a95bbc1cc322aa8c463da1991647d502285eb6d704
GET /zone?pub=0&zone_id=5234444&is_mobile=false&domain=ar.moddroid.co&var=&ymid=&var_3= HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: f19236c4757d7d26727d18dc25482112
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
propu.sh/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
OPTIONS /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
propu.sh/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Content-Type: application/json
Origin: https://ar.moddroid.co
Content-Length: 392
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 83ef676f8ca480f70ffe49ffaae9463d
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ar.moddroid.co/apps/videomusic/soundcloud/
104.18.20.115200 OK 18 kB URL HTTP/2 ar.moddroid.co/apps/videomusic/soundcloud/
IP 104.18.20.115:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6056)
Hash 81e2b2198596289c01fbef11b8f5f9e6
4de68143ca1da65e4d77760e390bf5cd2ef4964b
1fb451aae426ab9297e5d6905b034c85f1bd18853c8dfd171b17917e6ded0928
Analyzer Verdict Alert fortinet Malware
GET /apps/videomusic/soundcloud/ HTTP/1.1
Host: ar.moddroid.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: Express
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74b391055b78b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Content-Type: text/plain;charset=UTF-8
Origin: https://ar.moddroid.co
Content-Length: 1537
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 15 Sep 2022 18:53:55 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ar.moddroid.co
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7517
Expires: Thu, 15 Sep 2022 20:58:58 GMT
Date: Thu, 15 Sep 2022 18:53:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7517
Expires: Thu, 15 Sep 2022 20:58:58 GMT
Date: Thu, 15 Sep 2022 18:53:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7517
Expires: Thu, 15 Sep 2022 20:58:58 GMT
Date: Thu, 15 Sep 2022 18:53:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2157f7cfbdeb607f28ae51eb090f2c3
33d0dcadaa42179b2eae914c8ad16c9c088afbc9
135cd89c2c82f0f5e53d2612d5eac868c175b28a567a07e63a2073942e36a066
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4d822c-5153-4c55-bcb3-aa6ee72e3b62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6078
x-amzn-requestid: e09c099f-5a2d-49d7-b6ab-e16f09c28bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavJEEM5IAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f8a0-0fbb7b3d0cd6fbfa04f5a5d2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:39:44 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Rx8KX_QI5I2x7q0gcvxcJX7QzZUe2KkfqAUVR64lEujF4xDEWWDhZQ==
via: 1.1 9b21fd56256eda6d1379e32829c4c446.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:13 GMT
age: 81148
etag: "33d0dcadaa42179b2eae914c8ad16c9c088afbc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ef9865421a37eae9a4df04083d27485
c7cf1f6a259cece60a34261ec83ee00736e1d72b
723b65ba660f22281f85d6caceea23e9cd932ee9084dc905a08a585746c4c4cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F706eea65-3ba8-43f4-85c3-967026936660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9922
x-amzn-requestid: de1e3e45-74ff-41b2-986f-e78473cb6d98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVc1SGM7IAMFw0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631edb54-2099524d6f2c338b41eea101;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 07:10:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MtgQUzYMa3mT0lxPhQ5ZCp9XVVyBH8T0dlx_0wSLMZlaFEiCikTXMw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:25:51 GMT
age: 73670
etag: "c7cf1f6a259cece60a34261ec83ee00736e1d72b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e5f57ba37fac4e6047a9a321a8ec084
f6b742549ea35a4b1345cffb937a8bbcceee08ef
f8c67c54806e47089b9ba297599e3e4cde1fd2e2e38b76acc9e8de0e99d7b77e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fafb10f81-8409-401c-bd62-3ec01954600c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6770
x-amzn-requestid: b7c9513c-b8ba-41c7-9f9a-0a9d2266172d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEVRIAMFygA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7a4408363cdc46c9355a9f47;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fqj5PljprRruE1jwYAVwKoHkjys-RakUjzuV67_Ued6T4et99JPxPg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:45:05 GMT
age: 76116
etag: "f6b742549ea35a4b1345cffb937a8bbcceee08ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4833535b1650b0ac875704023b650e66
96ab8cd8e14350f730d26731f3445710324e24e2
d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZVnPAYUOBCRUYD3wEx79lIMjBJCKyVB9CmnTqMJIaFPbQGPoHwB73w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:37 GMT
age: 81124
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f50c34bc30a732593e8fe465055a44ff
af100925cba1be716fd2200715d6136bd7f0c5bc
703049736ccc8815945d69634059c4cd39533417e0969107d460c36a6787c761
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1266c973-1bdd-4969-82ca-1106689fe929.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5078
x-amzn-requestid: b6177371-a8ba-4541-a48d-21bd806e866e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0erUHT-IAMFWKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311ab15-157ed5b700e0aad5481f5c0f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:04:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MYJf90B8rX8_nPUl4stpbZcQeQDaZ2Hgyu6GmsfdqUh-0Nx5OJJThw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:54 GMT
age: 81107
etag: "af100925cba1be716fd2200715d6136bd7f0c5bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1633672fad0b564108cf81ad711dc881
d37ad0f40bc1f3f0022467dd0af2478980bd858a
cc7176a297f6009f07074fb9af796132b4452833be675bf378cc950fe81a582a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb035d64b-46a7-4c49-b95b-e454aa90f817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9071
x-amzn-requestid: b450f7cf-6cc7-4d1f-aef3-4496f0971727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeIxuEq6oAMF9jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632254d7-6912ef8731d81fa43b805e5b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:25:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6LDUuDX1W8-Q88pDJma0xCAd5QuJ0YV-VpJ_8LVyDHX9YN1k0fQZ8Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:36:39 GMT
etag: "d37ad0f40bc1f3f0022467dd0af2478980bd858a"
content-type: image/jpeg
age: 73022
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c5f23f94270a39081bb9d749a97d5704
97e18938c56b7d7c43bddac19abc7dbd2eccc952
dfefc859840a50bfc0eaa8e38dadae38a65514f0060af98cad8c1ab0892b1330
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 18:25:20 GMT
Expires: Thu, 22 Sep 2022 18:25:19 GMT
Etag: "97e18938c56b7d7c43bddac19abc7dbd2eccc952"
Cache-Control: max-age=602497,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b3910c4c40b4f9-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 2.6 kB IP 139.45.195.8:0
Hash 9f198d46e28dffb2fc7a95f31234998b
04cc6bf5c27e44ae6726db178fb26fbe21b3f2ec
aad92c8af7702c337fa854a51d56059751d441b45e52b50d94dd78a010b2d734
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2d32363347804168ba8d43212ce54ce8; expires=Fri, 15 Sep 2023 18:53:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-72DT1JGQ0Z>m=2oe9e0&_p=1817485046&cid=1252061426.1663268005&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663268005&sct=1&seg=0&dl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&dt=SoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-72DT1JGQ0Z>m=2oe9e0&_p=1817485046&cid=1252061426.1663268005&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663268005&sct=1&seg=0&dl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&dt=SoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-72DT1JGQ0Z>m=2oe9e0&_p=1817485046&cid=1252061426.1663268005&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663268005&sct=1&seg=0&dl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&dt=SoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ar.moddroid.co
date: Thu, 15 Sep 2022 18:53:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.trust-provider.cn/
47.246.44.205200 OK 283 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a033bec2d27f8b3d69a6ad99eb6e2a20
865fbfdc4db9fa80bc67888397deec59a72c46af
cd708a3f1f070f64a82b3f543d0de54511b2d731861d76e6f01143ff00425aaa
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Thu, 15 Sep 2022 18:38:23 GMT
last-modified: Thu, 15 Sep 2022 09:55:03 GMT
expires: Thu, 22 Sep 2022 09:55:02 GMT
etag: "865fbfdc4db9fa80bc67888397deec59a72c46af"
cache-control: max-age=589941,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb4
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 74b37aa4b8749189-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1663267103
via: cache23.l2de2[0,0,304-0,H], cache4.l2de2[2,0], cache7.se1[0,0,200-0,H], cache1.se1[2,0], cache3.se1[4,0]
age: 918
x-cache: HIT TCP_MEM_HIT dirn:3:276760723
x-swift-savetime: Thu, 15 Sep 2022 18:48:47 GMT
x-swift-cachetime: 1176
timing-allow-origin: *, *
eagleid: 2ff62c9716632680214338297e, 2ff62c9716632680214338297e
goomaphy.com/500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 goomaphy.com/500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:41 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Thu, 15 Sep 2022 18:41:12 GMT
expires: Thu, 15 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 749
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
etpweb.happymod.io/event/report/web
43.134.152.57200 OK 14 B URL HTTP/2 etpweb.happymod.io/event/report/web
IP 43.134.152.57:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type JSON data\012- , ASCII text, with no line terminators
Hash 886be12a79c0b1bd90e23851bce11841
233d6221d8c9f4971eb1c8a9e76d8d21b0e99bb8
d76b81313242d55a46cabc4b8da69f512aa3a94a9be70924be9a0b1bfc96f52e
POST /event/report/web HTTP/1.1
Host: etpweb.happymod.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 878
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: application/json; charset=utf-8
content-length: 14
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Requested-With, AccessKey,Timestamp
access-control-allow-methods: POST, GET
access-control-allow-origin: https://ar.moddroid.co
access-control-expose-headers: Timestamp
X-Firefox-Spdy: h2
etpweb.happymod.io/event/report/web
43.134.152.57200 OK 14 B URL HTTP/2 etpweb.happymod.io/event/report/web
IP 43.134.152.57:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type JSON data\012- , ASCII text, with no line terminators
Hash 886be12a79c0b1bd90e23851bce11841
233d6221d8c9f4971eb1c8a9e76d8d21b0e99bb8
d76b81313242d55a46cabc4b8da69f512aa3a94a9be70924be9a0b1bfc96f52e
POST /event/report/web HTTP/1.1
Host: etpweb.happymod.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 826
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: application/json; charset=utf-8
content-length: 14
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Requested-With, AccessKey,Timestamp
access-control-allow-methods: POST, GET
access-control-allow-origin: https://ar.moddroid.co
access-control-expose-headers: Timestamp
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (45449)
Hash f9659609c46b660ef317e6b69da34ed7
30b35697bd5a73064de73cac7e206f92899dea6f
292af2b26a9573e2d1877b0048f08ab8bb4ab6013bcddc72e7851809fd1ef9ef
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27687
date: Thu, 15 Sep 2022 18:53:41 GMT
expires: Thu, 15 Sep 2022 18:53:41 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1335 / 822 of 1000 / last-modified: 1663240024"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ar.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F
216.58.207.194200 OK 138 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ar.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F
IP 216.58.207.194:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ad1b511c41568cff34d4015aeb9155f4
7bf4e34a3b5503582e9c03469549514e19780641
b561959984c7d9855a5c551e7f9c528f98ad97c9579049bd4471a3e304c3ebd3
GET /pagead/ppub_config?ippd=ar.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Thu, 15 Sep 2022 18:53:41 GMT
expires: Thu, 15 Sep 2022 18:53:41 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 138
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:41 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
offerimage.com/www/images/3ef316842349308dfa69b2337a1f2f26.png
104.22.33.172200 OK 97 kB URL HTTP/2 offerimage.com/www/images/3ef316842349308dfa69b2337a1f2f26.png
IP 104.22.33.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3ef316842349308dfa69b2337a1f2f26
cfb295c74af7d2432c8f0dde1819e1aa35b2ab89
88d7d3964d36d102797d185fb23dab82ac6142c12a5119497b95d2dc018c5bcd
GET /www/images/3ef316842349308dfa69b2337a1f2f26.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: image/png
content-length: 96644
last-modified: Fri, 06 Nov 2020 13:23:01 GMT
etag: "5fa54e35-17984"
expires: Fri, 16 Sep 2022 13:44:58 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 18523
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b391100d1d9936-ARN
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ar.moddroid.co
216.58.207.194200 OK 113 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ar.moddroid.co
IP 216.58.207.194:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e3629297c221be46e142c6bf2639a989
73a8d0e9ae40661ff3e1d7ff0e1aa776b567d366
9f3911b5ff77cb93ba86e363cece3f1a643783cb4ae284b3fcf7247c58b2b166
GET /pagead/ppub_config?ippd=ar.moddroid.co HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Thu, 15 Sep 2022 18:53:41 GMT
expires: Thu, 15 Sep 2022 18:53:41 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 113
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:41 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/gpt/pubads_impl_2022091201.js
216.58.207.194200 OK 131 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022091201.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (65439)
Size 131 kB (131208 bytes)
Hash 74e4514f52abf92dc43966f700a6be22
1e001f63e5c0c0b70b436f37d2f423234d7aa721
e344fe1a3fc4b3cd3a6869c77c6b1adf1002224292e98cbe3240cb47a1a5f17c
GET /gpt/pubads_impl_2022091201.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 131208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 10:48:36 GMT
expires: Tue, 12 Sep 2023 10:48:36 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Mon, 12 Sep 2022 08:37:16 GMT
content-type: text/javascript
age: 288305
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash e235f7fa7276382ea5216c5a4cb5a62e
eb28d368e7528abcce53805f837a0dabab34a79b
adb38c177a024fe3505f24444c4dd008a1decd31b6fc4f043f8e94eb851dbd56
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:41 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 19 Sep 2022 15:21:19 GMT
ETag: "eb28d368e7528abcce53805f837a0dabab34a79b"
Last-Modified: Thu, 15 Sep 2022 15:21:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2413
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74b3911079330b3d-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 39aa25d8411997d98f9093c19b0ccbca
3cb31e92d707cd561897042ed1a09de5a79e7108
f1b7b71241b580ec34281f5addc49d716eac9ecc46a3217e646c76e6dc8d4578
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a8b2bb270d78a6dddeb5b7fa01bd896c
eee28c4dd10c090f100c6ed383392b67d9fb9200
5c929c1a5e85ed508916eda62cccedb3ef1a5f407468596fa2726c476e2a9340
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=ar.moddroid.co
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=ar.moddroid.co
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ar.moddroid.co HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Sep 2022 18:53:42 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=ar.moddroid.co
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=ar.moddroid.co
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ar.moddroid.co HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Sep 2022 18:53:42 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
goomaphy.com/500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 73 kB URL HTTP/2 goomaphy.com/500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash b582cc8d80c0ba259f566217b9fddc51
72b9bd6af355c5b1ee802ef1b3a0f947ad4c7a86
329dc25e41580c1015d77fdae42bfc3faa7766527e07d59b6c5881afdc62cf46
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5331011?excludes=&oaid=2d32363347804168ba8d43212ce54ce8&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Cookie: OAID=dfba56996d5e49578099beaf8bc81388
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:41 GMT
content-type: application/javascript
x-trace-id: 4b892a20f78896c62710c7ce4c41e365
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://ar.moddroid.co
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=2d32363347804168ba8d43212ce54ce8; expires=Fri, 15 Sep 2023 18:53:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash db503d6c6780cb1b8dfeffa10a50eada
51a459bdc02f20576031f526be6788f653095d94
b7a653d3c381c6cea5b6838aea01a7de8ea5c2d8bdf5ff92c4cd5c22829c8e8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 39aa25d8411997d98f9093c19b0ccbca
3cb31e92d707cd561897042ed1a09de5a79e7108
f1b7b71241b580ec34281f5addc49d716eac9ecc46a3217e646c76e6dc8d4578
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
propu.sh/pfe/current/universal.min.js?v=3.1.393
139.45.197.250200 OK 61 kB URL HTTP/2 propu.sh/pfe/current/universal.min.js?v=3.1.393
IP 139.45.197.250:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9c3673d88c7ae9be569552a60d8b65c0
e2b70a280240d181b943f1c289f4642ce4953c2e
5ceb1885d2542590697d3139ecebaefc63fd90fd87abbac206b73ba0c2ccbf6a
Analyzer Verdict Alert fortinet Phishing
GET /pfe/current/universal.min.js?v=3.1.393 HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 08:49:51 GMT
etag: W/"6320442f-204ff"
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
142.250.74.65200 OK 3.1 kB URL HTTP/2 60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: 60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 15 Sep 2022 18:53:42 GMT
expires: Fri, 15 Sep 2023 18:53:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 15 Sep 2022 18:53:42 GMT
access-control-allow-origin: *
etag: "63216d10-2b"
expires: Thu, 15 Sep 2022 19:53:42 GMT
accept-ranges: bytes
last-modified: Wed, 14 Sep 2022 08:56:32 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/86638922?wmode=7&page-url=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1679%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A319531695824%3Ahid%3A685071516%3Az%3A0%3Ai%3A20220915185326%3Aet%3A1663268007%3Ac%3A1%3Arn%3A275622728%3Arqn%3A1%3Au%3A1663268007968152801%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663268003521%3Ads%3A0%2C0%2C272%2C2%2C1174%2C0%2C%2C328%2C3%2C%2C%2C%2C1810%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663268007%3At%3ASoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 400 B URL HTTP/2 mc.yandex.ru/watch/86638922?wmode=7&page-url=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1679%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A319531695824%3Ahid%3A685071516%3Az%3A0%3Ai%3A20220915185326%3Aet%3A1663268007%3Ac%3A1%3Arn%3A275622728%3Arqn%3A1%3Au%3A1663268007968152801%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663268003521%3Ads%3A0%2C0%2C272%2C2%2C1174%2C0%2C%2C328%2C3%2C%2C%2C%2C1810%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663268007%3At%3ASoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 6bc7543a04c9d63e75104b5fc3c00e19
b05907221b1c96d9d839b29b0b2dcb80a7de9a96
91604d0a184afd1f5fdda771074de31a0a7dd972725fefce45125ad47ca6c787
GET /watch/86638922?wmode=7&page-url=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1679%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A319531695824%3Ahid%3A685071516%3Az%3A0%3Ai%3A20220915185326%3Aet%3A1663268007%3Ac%3A1%3Arn%3A275622728%3Arqn%3A1%3Au%3A1663268007968152801%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663268003521%3Ads%3A0%2C0%2C272%2C2%2C1174%2C0%2C%2C328%2C3%2C%2C%2C%2C1810%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663268007%3At%3ASoundCloud%20v2022.09.09-release%20MOD%20APK%20(Premium%20Unlocked%2C%20AD-Free)%20Download%20for%20Android&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/86638922/1?wmode=7&page-url=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A1679%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A319531695824%3Ahid%3A685071516%3Az%3A0%3Ai%3A20220915185326%3Aet%3A1663268007%3Ac%3A1%3Arn%3A275622728%3Arqn%3A1%3Au%3A1663268007968152801%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663268003521%3Ads%3A0%2C0%2C272%2C2%2C1174%2C0%2C%2C328%2C3%2C%2C%2C%2C1810%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663268007%3At%3ASoundCloud%20v2022.09.09-release%20MOD%20APK%20%28Premium%20Unlocked%2C%20AD-Free%29%20Download%20for%20Android&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 15 Sep 2022 18:53:42 GMT
access-control-allow-origin: https://ar.moddroid.co
set-cookie: yandexuid=1944704781663268022; Expires=Fri, 15-Sep-2023 18:53:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1944704781663268022; Expires=Fri, 15-Sep-2023 18:53:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=339231611663268022; Path=/; SameSite=None; Secure
i=DjJmBuz1pqTrYJTmAFObnI2q/BBSFASSn8fgL9/PTEabNwf2AlDu1VtGNw5cRXnkvtZCmfxtddUOXRwTb/r3wBEmrTo=; Expires=Sun, 12-Sep-2032 18:53:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694804022.yrts.1663268022#1694804022.yrtsi.1663268022; Expires=Fri, 15-Sep-2023 18:53:42 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 15-Sep-2022 18:53:42 GMT
last-modified: Thu, 15-Sep-2022 18:53:42 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022091201&st=env
142.250.74.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022091201&st=env
IP 142.250.74.2:0
File type JSON data\012- , ASCII text, with very long lines (14709), with no line terminators
Hash a6442252ab729f89afc7084b555e1393
2016a462c8357253b6dec29a9bead32b7bb32857
9800589369ec9234b1435321dafd95320a43850bea4a5a132c5a30a8edea9f6a
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022091201&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 15 Sep 2022 18:53:42 GMT
server: cafe
cache-control: private
content-length: 11165
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal=
23.38.201.200200 OK 3.3 kB URL HTTP/1.1 cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal=
IP 23.38.201.200:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (7951)
Hash b157f17bb8f2bd4cf71cc5440e15a5d6
b060e7ab2e1c0bf90210d4b9e912d680d4164b56
585cc4b3a3784c87adf2bb0ed258915fd9f758ed0fa83491c04734ea3c447205
GET /dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&autt=1&ppid=103&aufilter1=3060631&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 10:17:42 GMT
Accept-Ranges: bytes
ETag: "067d263ecc8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 3315
Date: Thu, 15 Sep 2022 18:53:42 GMT
Connection: keep-alive
cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal=
23.38.201.200200 OK 1.2 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal=
IP 23.38.201.200:0
File type HTML document, ASCII text, with very long lines (536)
Hash fe53dc25629ee5489a237d90f18b1b7c
ad1d6d4e56a809fe8675087e4c0ee2fad111547e
f82df9cd9bdd8a6a38fda6f0bfd4fd17b8998493f2895b7beab8e59e834e96f2
GET /dvbs_src.js?ctx=1828362&cmp=184417&plc=6615336&sid=18330&dvregion=0&unit=728x90&autt=1&ppid=103&aufilter1=3060631&prr=1&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&c1=3060631&auorder=22886445&aulitem=56868964&aucrtv=434279737&auxch=1&pltfrm=1&ausite=960091948452&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&aubndl=&audeal= HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 29 Aug 2022 13:19:47 GMT
Accept-Ranges: bytes
ETag: "f128ce2aabbd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Timing-Allow-Origin: *
Content-Length: 1170
Date: Thu, 15 Sep 2022 18:53:42 GMT
Connection: keep-alive
googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYuaqKzwEwAQ&v=APEucNUYLFhr2Z5cfxkJcTLYfHDQoVdM3L89WNNqYpo869IvuDmQahbaKXe1J4B9lDgbMkWyGIx6zkDwnqVDF1OHat43_mOF7ZOrLK5OMdzFJ72A9ILpVHI3mlkCMKxKUQXmbbs83mjeCzeAMFcTqKZjYjJcXnyp2t03Hm6NqozDRpeOg4wdBas
142.250.74.130200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYuaqKzwEwAQ&v=APEucNUYLFhr2Z5cfxkJcTLYfHDQoVdM3L89WNNqYpo869IvuDmQahbaKXe1J4B9lDgbMkWyGIx6zkDwnqVDF1OHat43_mOF7ZOrLK5OMdzFJ72A9ILpVHI3mlkCMKxKUQXmbbs83mjeCzeAMFcTqKZjYjJcXnyp2t03Hm6NqozDRpeOg4wdBas
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CJfnugEQpvPq4AIYuaqKzwEwAQ&v=APEucNUYLFhr2Z5cfxkJcTLYfHDQoVdM3L89WNNqYpo869IvuDmQahbaKXe1J4B9lDgbMkWyGIx6zkDwnqVDF1OHat43_mOF7ZOrLK5OMdzFJ72A9ILpVHI3mlkCMKxKUQXmbbs83mjeCzeAMFcTqKZjYjJcXnyp2t03Hm6NqozDRpeOg4wdBas HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Sep 2022 18:53:42 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Sep 2022 18:53:42 GMT
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 377139fa706b038c106d663d1c7c402a
7337cfac49077bc4fd74b2e4a405d4391176f585
9aa6fb206804f92cadb70ef6a3cf1b0d0b117be62166923c98b25c8a9c66bb3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20220912/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220912/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1494)
Hash 34b2553c81f6d1c9657279fb7b442ed4
d9d429ce26701d5a3066c7afb317325142335e7a
84de9c76b4119c9999898bce7580862de9972f7bbb856b31fa312de599d3c719
GET /pagead/js/r20220912/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 7572
x-xss-protection: 0
date: Thu, 15 Sep 2022 18:53:02 GMT
expires: Thu, 29 Sep 2022 18:53:02 GMT
cache-control: public, max-age=1209600
etag: 3190241002381566568
content-type: text/javascript; charset=UTF-8
age: 40
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOKfzGJuv5N2W4ER4nypRxOlPyB8s-TqgRCOdg8zVwx8ge8jf6br5mywyj1XZ8r_GMD63cTFRWiETHZQ8-CyzOBIvbH9msjn8_XlWkaWTUIXLoigJp_w7ZBQ-K5mY4tEyTds77a1AznSoiH0_AFs2hJDnOFFGcZSEJiY8n52cUAOQZBww&cry=1&dbm_d=AKAmf-DQguvTs_AqdMSA3BY2RHJOYqWtROBmqWUIe29GdHGHzz4tF53ZVFV_sVRXa3Fcm6Z53DYIoRPgJuqSD7ziQXLpBt4lqlV0jBskhfOlI6bEBKBoez8j1CjzmM9YqHXY99oe6TJPBdO57fJP49c0JMvFj28WTYBXk9-o-0GFHSHupylf6ghQODlgVpkFaJsDfWwDpjXTyU-BFr0ggDsUmG3GnahnhD7fJbxakW-StMXa7UfPJkQYImvAvZmhuT6dasiS0_Dk8LVTYC-TaQKdOuHS1PylePrqtIq5cEP00ooaPXNS0BFP2CDekz9GQdbm4F81EUNwBM1Q4iRct3arPCy7WMpZQcE2LEpAQcJLoveLnPn0aK7SKtMOg1r2rd6_he1yK6SaaeJJ82YfPT_Kn4Qd7HT2is8QjOHdf7Kd4_cirH8PojTlmGdsqTYm0qkz_SJmUDLayRln86iCa-dRPs7zBXS9xwZKOO_Igl0H6_vYtnv7jrDNOB1Pb5bWKcSqIX3jvCVgM_xZSoeg8ZEDhXAUsY7-DXmTuASYyqv2kkhmJWHmSq1neG-R-DrX5RHgfKTk_E3Z5OgFCR7IR4DHMLjy5_5mhVA82AjGWf0ZeiZYFUuGPCMRYVpJAdDlT836JwEew9N_ogL_yDsbUZiWaVvF9cKx9jbO8_c99nka7JCxG33zheIMeTxNpsKd0_6-Lz0CdAGgnfgu8xxCQKmfntY0cm7255G-sSye3nqkB1CrSve9GN2IoSkEfkQl5664aXCDO_dnhiBfUG1JyxecjZIfWp4E2FzNGt8Qpm7MWiWzg-o6K0RB85T1sRYQdn-ea4jwn4-na5UdbHUV-WCtE1D22PpWLRPODavzmRYF5Etv8P0hNMjps6jAiXEx4L04oIcGp537h83QTOScvRKk53TETICAGbw7GVUeEvYH1iTJIvfqUCPBcsJTD195WFtjYLcEi2tuheIpC6baJAn_ph4aapAScAksf2EdQT7vPWfaPWnUGY7pBQgS6S8rv5bNOl4dpQ7jRxaNaAn8JBnrF7VR1tz8G2afPMVuVdrh1P1eRM9BY3IRULU5TB0y4eHLvvyICaQ7mcUMrFSyLht9RjERYFU-P_O125qCXBxx_PGchOHm7A5R1rQtpemp3J3Ew_yAnOG8MMozmIUspsw0jwmPnPccmI_T2efWg5ZqRev0D4yFJTU5PJCGo4l1d-2c09SPmF2vFdjuea_JN3qUDnf3ZKM6H2UOMMUzBIkHBEFZeWT612ovVQqOYNdIL2vFP4vIFfJkJvuJEz8VdWdLstOatOcLFpn6848ZmyODpCNGuK2KxcuOUckpM8XmIn_j2Mm3OriMveHiDBYzBMEvHTC_qyg-p5WPvlqBcqtGlgl9GA4ZszSnQxEcGznDO0E5hXK3jkAzstWyp5FFZS0f76sRgv4bBXOH_oMq5do_gUGLCSMkWlnnQH3cB7MnGis9_WHJoa1OmJsH7EAt9dyy93Bz5Rveg2px6vEjCd2rTueLouyvsdN-Ayu6QcoX_bJNVGikvr3zJ60HiY6PSV6sntMT62TKPBxFumVGFj0Pd10xsL1kyKxrMu74nX0L2qr4P0LNaamP4_bG3fbuRD1aFI6s6EKRaY_uCXSZ50vsRDTec7MUSkda8BS3Xvs-d0HcPAnE3q9EkViGg9y6TfK_cY8YtOOw1vemA8N4zEAI54gLVD1vQ27mKL61rYZeZwfsfxvVZLtITm0hir57d4Gf1ji3qm0Z-ZNL9rA3s8PKKd4PVOWzWPPOncnqoaZV4zOq0dM9np9o-u6W1YHoai61GHR6CQ-xN6g_48mPsRlWRFL4ytn8LN9DpSxbhZKNps2HD6p5fqBh3AG0GpjDP3NtDAPaJwtE_RoSMTBwbtYi96LUXFgGG7bOB6qdsHLb7XaxucQFbR7VX62KSKUsetm75HcrjbQJsbOZ0c6GBIXJS-PUPVnZ039IYw25ip0G3ged4ZdURS3DkG724GCiH_evzOm0Ft_My9GvtsvDhI_7UacYgushLyr3jWQc0EUgKQRmDD2sIaWFwyDmPbci2onYvy5DJzO_kXJoqiOXSVf_ruu6pFe35nsngnti-o1SC-5_5H_F19BKMn2nQsXyVuEUW0bKTNDGR-yr_wua46VTm3l4TQOBaIyNptKOnqzPslyO-VptfKe6E7TtWGbfn5GWwPtjlnftfLkbfqcZqag7z6Iy4QXA161M-T9uhzTLpdjytPpAkbRZ1X2LrBE8Oj3vlW9lUjQXUKXJLg15kZvzAmSaCwOmQjeUxrccII5IVR7pAskFatfIsVMAVtyOEQfA-YiVAXNDprMo0WbjkJb-lwnZ-NzAhCWtGMcM9g1RQPxxps0RGWsJ-MH3I9aW5GpOdTuRIa5otLMqKGo977JsxBQcJ6ph7fb40j27g_PWB_hyrD7mP1ob4y1GSL4vRiyDTnGOXr7mqKcLqRUyHz-xgPmoPdog45tsHIpEnAtRDcsq1LtsuLtg_p3u1YjLbRPJ6CNBZcdlPhXhaD8Jo-4GJp0b9eHNXxS-lBrtpUkxNh3q4n2zQ3C3QMxE_YnhWN4HmbpsZfFVohWOPxz1nkujlNoWTTHU277y68XU8yqB9gjBYmGYmbHKCwEC0GkUVqUde6xXfFujncwJf8u-msMTzZadNvcg_MbeehDOl9jhvYKXAoljOkmtET5pw5M2uL6kdglkUlsBLmucSKwLMOdbyGAOLG_Lr-pPJ2bvS-SnhNO94UJshpYd9N7mKL_XakoblbiyjbyfSJXxAooNljgr9zaCJiEP_ZuB7qQQJJTkMV_SChnL1_2gO75vhxmyN070RmTqeaL25kabF0NMgNBhshH5ozIVEftDr_T1smsJrAOHOdXRN_YTI6RDgC6JJijjQJ4IfG_ptn0RvjpEOAH33wRLHRWr6sUtbKM4KYToufY57yi3e_Ihs9xixLy69LtFo6KqPjjJXCwbwHlYT8kYasn369bjXY9rqKIQuTxIkqfGQOtycDT0hXVmswivpUSA5OFjq53P3ns1dmA3DaKXTa9cuEPV5Gc4gKnV0idN65UQFePqZ8cyhxpERY70M_CLtF4YK0NlNGO-CZE870QcCkb5FwJYeidSPeBIx3FoihstM8FtyqmtlGrVfDJhOoBmoP9_jUY1srSeC-M2h515DLQ1PTI-voVs7gbUnIId45nQAUisBM6CLT-FonNDPXWeHWYql6Ch0A&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&rfl=2%2Chttps%253A%252F%252Far.moddroid.co%252F%240
142.250.74.130200 OK 11 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOKfzGJuv5N2W4ER4nypRxOlPyB8s-TqgRCOdg8zVwx8ge8jf6br5mywyj1XZ8r_GMD63cTFRWiETHZQ8-CyzOBIvbH9msjn8_XlWkaWTUIXLoigJp_w7ZBQ-K5mY4tEyTds77a1AznSoiH0_AFs2hJDnOFFGcZSEJiY8n52cUAOQZBww&cry=1&dbm_d=AKAmf-DQguvTs_AqdMSA3BY2RHJOYqWtROBmqWUIe29GdHGHzz4tF53ZVFV_sVRXa3Fcm6Z53DYIoRPgJuqSD7ziQXLpBt4lqlV0jBskhfOlI6bEBKBoez8j1CjzmM9YqHXY99oe6TJPBdO57fJP49c0JMvFj28WTYBXk9-o-0GFHSHupylf6ghQODlgVpkFaJsDfWwDpjXTyU-BFr0ggDsUmG3GnahnhD7fJbxakW-StMXa7UfPJkQYImvAvZmhuT6dasiS0_Dk8LVTYC-TaQKdOuHS1PylePrqtIq5cEP00ooaPXNS0BFP2CDekz9GQdbm4F81EUNwBM1Q4iRct3arPCy7WMpZQcE2LEpAQcJLoveLnPn0aK7SKtMOg1r2rd6_he1yK6SaaeJJ82YfPT_Kn4Qd7HT2is8QjOHdf7Kd4_cirH8PojTlmGdsqTYm0qkz_SJmUDLayRln86iCa-dRPs7zBXS9xwZKOO_Igl0H6_vYtnv7jrDNOB1Pb5bWKcSqIX3jvCVgM_xZSoeg8ZEDhXAUsY7-DXmTuASYyqv2kkhmJWHmSq1neG-R-DrX5RHgfKTk_E3Z5OgFCR7IR4DHMLjy5_5mhVA82AjGWf0ZeiZYFUuGPCMRYVpJAdDlT836JwEew9N_ogL_yDsbUZiWaVvF9cKx9jbO8_c99nka7JCxG33zheIMeTxNpsKd0_6-Lz0CdAGgnfgu8xxCQKmfntY0cm7255G-sSye3nqkB1CrSve9GN2IoSkEfkQl5664aXCDO_dnhiBfUG1JyxecjZIfWp4E2FzNGt8Qpm7MWiWzg-o6K0RB85T1sRYQdn-ea4jwn4-na5UdbHUV-WCtE1D22PpWLRPODavzmRYF5Etv8P0hNMjps6jAiXEx4L04oIcGp537h83QTOScvRKk53TETICAGbw7GVUeEvYH1iTJIvfqUCPBcsJTD195WFtjYLcEi2tuheIpC6baJAn_ph4aapAScAksf2EdQT7vPWfaPWnUGY7pBQgS6S8rv5bNOl4dpQ7jRxaNaAn8JBnrF7VR1tz8G2afPMVuVdrh1P1eRM9BY3IRULU5TB0y4eHLvvyICaQ7mcUMrFSyLht9RjERYFU-P_O125qCXBxx_PGchOHm7A5R1rQtpemp3J3Ew_yAnOG8MMozmIUspsw0jwmPnPccmI_T2efWg5ZqRev0D4yFJTU5PJCGo4l1d-2c09SPmF2vFdjuea_JN3qUDnf3ZKM6H2UOMMUzBIkHBEFZeWT612ovVQqOYNdIL2vFP4vIFfJkJvuJEz8VdWdLstOatOcLFpn6848ZmyODpCNGuK2KxcuOUckpM8XmIn_j2Mm3OriMveHiDBYzBMEvHTC_qyg-p5WPvlqBcqtGlgl9GA4ZszSnQxEcGznDO0E5hXK3jkAzstWyp5FFZS0f76sRgv4bBXOH_oMq5do_gUGLCSMkWlnnQH3cB7MnGis9_WHJoa1OmJsH7EAt9dyy93Bz5Rveg2px6vEjCd2rTueLouyvsdN-Ayu6QcoX_bJNVGikvr3zJ60HiY6PSV6sntMT62TKPBxFumVGFj0Pd10xsL1kyKxrMu74nX0L2qr4P0LNaamP4_bG3fbuRD1aFI6s6EKRaY_uCXSZ50vsRDTec7MUSkda8BS3Xvs-d0HcPAnE3q9EkViGg9y6TfK_cY8YtOOw1vemA8N4zEAI54gLVD1vQ27mKL61rYZeZwfsfxvVZLtITm0hir57d4Gf1ji3qm0Z-ZNL9rA3s8PKKd4PVOWzWPPOncnqoaZV4zOq0dM9np9o-u6W1YHoai61GHR6CQ-xN6g_48mPsRlWRFL4ytn8LN9DpSxbhZKNps2HD6p5fqBh3AG0GpjDP3NtDAPaJwtE_RoSMTBwbtYi96LUXFgGG7bOB6qdsHLb7XaxucQFbR7VX62KSKUsetm75HcrjbQJsbOZ0c6GBIXJS-PUPVnZ039IYw25ip0G3ged4ZdURS3DkG724GCiH_evzOm0Ft_My9GvtsvDhI_7UacYgushLyr3jWQc0EUgKQRmDD2sIaWFwyDmPbci2onYvy5DJzO_kXJoqiOXSVf_ruu6pFe35nsngnti-o1SC-5_5H_F19BKMn2nQsXyVuEUW0bKTNDGR-yr_wua46VTm3l4TQOBaIyNptKOnqzPslyO-VptfKe6E7TtWGbfn5GWwPtjlnftfLkbfqcZqag7z6Iy4QXA161M-T9uhzTLpdjytPpAkbRZ1X2LrBE8Oj3vlW9lUjQXUKXJLg15kZvzAmSaCwOmQjeUxrccII5IVR7pAskFatfIsVMAVtyOEQfA-YiVAXNDprMo0WbjkJb-lwnZ-NzAhCWtGMcM9g1RQPxxps0RGWsJ-MH3I9aW5GpOdTuRIa5otLMqKGo977JsxBQcJ6ph7fb40j27g_PWB_hyrD7mP1ob4y1GSL4vRiyDTnGOXr7mqKcLqRUyHz-xgPmoPdog45tsHIpEnAtRDcsq1LtsuLtg_p3u1YjLbRPJ6CNBZcdlPhXhaD8Jo-4GJp0b9eHNXxS-lBrtpUkxNh3q4n2zQ3C3QMxE_YnhWN4HmbpsZfFVohWOPxz1nkujlNoWTTHU277y68XU8yqB9gjBYmGYmbHKCwEC0GkUVqUde6xXfFujncwJf8u-msMTzZadNvcg_MbeehDOl9jhvYKXAoljOkmtET5pw5M2uL6kdglkUlsBLmucSKwLMOdbyGAOLG_Lr-pPJ2bvS-SnhNO94UJshpYd9N7mKL_XakoblbiyjbyfSJXxAooNljgr9zaCJiEP_ZuB7qQQJJTkMV_SChnL1_2gO75vhxmyN070RmTqeaL25kabF0NMgNBhshH5ozIVEftDr_T1smsJrAOHOdXRN_YTI6RDgC6JJijjQJ4IfG_ptn0RvjpEOAH33wRLHRWr6sUtbKM4KYToufY57yi3e_Ihs9xixLy69LtFo6KqPjjJXCwbwHlYT8kYasn369bjXY9rqKIQuTxIkqfGQOtycDT0hXVmswivpUSA5OFjq53P3ns1dmA3DaKXTa9cuEPV5Gc4gKnV0idN65UQFePqZ8cyhxpERY70M_CLtF4YK0NlNGO-CZE870QcCkb5FwJYeidSPeBIx3FoihstM8FtyqmtlGrVfDJhOoBmoP9_jUY1srSeC-M2h515DLQ1PTI-voVs7gbUnIId45nQAUisBM6CLT-FonNDPXWeHWYql6Ch0A&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&rfl=2%2Chttps%253A%252F%252Far.moddroid.co%252F%240
IP 142.250.74.130:0
File type ASCII text, with very long lines (15069), with no line terminators
Hash 33353187d7cf304d7ed605d7ad22d255
baa0eff3ee7d7c546fbf887f81c12b5b815da0d3
83d172c802f9bf6130b0431a392fdd0d0ce282aaeb0fadec34f0ef6dee15ce64
GET /dbm/ad?dbm_c=AKAmf-BOKfzGJuv5N2W4ER4nypRxOlPyB8s-TqgRCOdg8zVwx8ge8jf6br5mywyj1XZ8r_GMD63cTFRWiETHZQ8-CyzOBIvbH9msjn8_XlWkaWTUIXLoigJp_w7ZBQ-K5mY4tEyTds77a1AznSoiH0_AFs2hJDnOFFGcZSEJiY8n52cUAOQZBww&cry=1&dbm_d=AKAmf-DQguvTs_AqdMSA3BY2RHJOYqWtROBmqWUIe29GdHGHzz4tF53ZVFV_sVRXa3Fcm6Z53DYIoRPgJuqSD7ziQXLpBt4lqlV0jBskhfOlI6bEBKBoez8j1CjzmM9YqHXY99oe6TJPBdO57fJP49c0JMvFj28WTYBXk9-o-0GFHSHupylf6ghQODlgVpkFaJsDfWwDpjXTyU-BFr0ggDsUmG3GnahnhD7fJbxakW-StMXa7UfPJkQYImvAvZmhuT6dasiS0_Dk8LVTYC-TaQKdOuHS1PylePrqtIq5cEP00ooaPXNS0BFP2CDekz9GQdbm4F81EUNwBM1Q4iRct3arPCy7WMpZQcE2LEpAQcJLoveLnPn0aK7SKtMOg1r2rd6_he1yK6SaaeJJ82YfPT_Kn4Qd7HT2is8QjOHdf7Kd4_cirH8PojTlmGdsqTYm0qkz_SJmUDLayRln86iCa-dRPs7zBXS9xwZKOO_Igl0H6_vYtnv7jrDNOB1Pb5bWKcSqIX3jvCVgM_xZSoeg8ZEDhXAUsY7-DXmTuASYyqv2kkhmJWHmSq1neG-R-DrX5RHgfKTk_E3Z5OgFCR7IR4DHMLjy5_5mhVA82AjGWf0ZeiZYFUuGPCMRYVpJAdDlT836JwEew9N_ogL_yDsbUZiWaVvF9cKx9jbO8_c99nka7JCxG33zheIMeTxNpsKd0_6-Lz0CdAGgnfgu8xxCQKmfntY0cm7255G-sSye3nqkB1CrSve9GN2IoSkEfkQl5664aXCDO_dnhiBfUG1JyxecjZIfWp4E2FzNGt8Qpm7MWiWzg-o6K0RB85T1sRYQdn-ea4jwn4-na5UdbHUV-WCtE1D22PpWLRPODavzmRYF5Etv8P0hNMjps6jAiXEx4L04oIcGp537h83QTOScvRKk53TETICAGbw7GVUeEvYH1iTJIvfqUCPBcsJTD195WFtjYLcEi2tuheIpC6baJAn_ph4aapAScAksf2EdQT7vPWfaPWnUGY7pBQgS6S8rv5bNOl4dpQ7jRxaNaAn8JBnrF7VR1tz8G2afPMVuVdrh1P1eRM9BY3IRULU5TB0y4eHLvvyICaQ7mcUMrFSyLht9RjERYFU-P_O125qCXBxx_PGchOHm7A5R1rQtpemp3J3Ew_yAnOG8MMozmIUspsw0jwmPnPccmI_T2efWg5ZqRev0D4yFJTU5PJCGo4l1d-2c09SPmF2vFdjuea_JN3qUDnf3ZKM6H2UOMMUzBIkHBEFZeWT612ovVQqOYNdIL2vFP4vIFfJkJvuJEz8VdWdLstOatOcLFpn6848ZmyODpCNGuK2KxcuOUckpM8XmIn_j2Mm3OriMveHiDBYzBMEvHTC_qyg-p5WPvlqBcqtGlgl9GA4ZszSnQxEcGznDO0E5hXK3jkAzstWyp5FFZS0f76sRgv4bBXOH_oMq5do_gUGLCSMkWlnnQH3cB7MnGis9_WHJoa1OmJsH7EAt9dyy93Bz5Rveg2px6vEjCd2rTueLouyvsdN-Ayu6QcoX_bJNVGikvr3zJ60HiY6PSV6sntMT62TKPBxFumVGFj0Pd10xsL1kyKxrMu74nX0L2qr4P0LNaamP4_bG3fbuRD1aFI6s6EKRaY_uCXSZ50vsRDTec7MUSkda8BS3Xvs-d0HcPAnE3q9EkViGg9y6TfK_cY8YtOOw1vemA8N4zEAI54gLVD1vQ27mKL61rYZeZwfsfxvVZLtITm0hir57d4Gf1ji3qm0Z-ZNL9rA3s8PKKd4PVOWzWPPOncnqoaZV4zOq0dM9np9o-u6W1YHoai61GHR6CQ-xN6g_48mPsRlWRFL4ytn8LN9DpSxbhZKNps2HD6p5fqBh3AG0GpjDP3NtDAPaJwtE_RoSMTBwbtYi96LUXFgGG7bOB6qdsHLb7XaxucQFbR7VX62KSKUsetm75HcrjbQJsbOZ0c6GBIXJS-PUPVnZ039IYw25ip0G3ged4ZdURS3DkG724GCiH_evzOm0Ft_My9GvtsvDhI_7UacYgushLyr3jWQc0EUgKQRmDD2sIaWFwyDmPbci2onYvy5DJzO_kXJoqiOXSVf_ruu6pFe35nsngnti-o1SC-5_5H_F19BKMn2nQsXyVuEUW0bKTNDGR-yr_wua46VTm3l4TQOBaIyNptKOnqzPslyO-VptfKe6E7TtWGbfn5GWwPtjlnftfLkbfqcZqag7z6Iy4QXA161M-T9uhzTLpdjytPpAkbRZ1X2LrBE8Oj3vlW9lUjQXUKXJLg15kZvzAmSaCwOmQjeUxrccII5IVR7pAskFatfIsVMAVtyOEQfA-YiVAXNDprMo0WbjkJb-lwnZ-NzAhCWtGMcM9g1RQPxxps0RGWsJ-MH3I9aW5GpOdTuRIa5otLMqKGo977JsxBQcJ6ph7fb40j27g_PWB_hyrD7mP1ob4y1GSL4vRiyDTnGOXr7mqKcLqRUyHz-xgPmoPdog45tsHIpEnAtRDcsq1LtsuLtg_p3u1YjLbRPJ6CNBZcdlPhXhaD8Jo-4GJp0b9eHNXxS-lBrtpUkxNh3q4n2zQ3C3QMxE_YnhWN4HmbpsZfFVohWOPxz1nkujlNoWTTHU277y68XU8yqB9gjBYmGYmbHKCwEC0GkUVqUde6xXfFujncwJf8u-msMTzZadNvcg_MbeehDOl9jhvYKXAoljOkmtET5pw5M2uL6kdglkUlsBLmucSKwLMOdbyGAOLG_Lr-pPJ2bvS-SnhNO94UJshpYd9N7mKL_XakoblbiyjbyfSJXxAooNljgr9zaCJiEP_ZuB7qQQJJTkMV_SChnL1_2gO75vhxmyN070RmTqeaL25kabF0NMgNBhshH5ozIVEftDr_T1smsJrAOHOdXRN_YTI6RDgC6JJijjQJ4IfG_ptn0RvjpEOAH33wRLHRWr6sUtbKM4KYToufY57yi3e_Ihs9xixLy69LtFo6KqPjjJXCwbwHlYT8kYasn369bjXY9rqKIQuTxIkqfGQOtycDT0hXVmswivpUSA5OFjq53P3ns1dmA3DaKXTa9cuEPV5Gc4gKnV0idN65UQFePqZ8cyhxpERY70M_CLtF4YK0NlNGO-CZE870QcCkb5FwJYeidSPeBIx3FoihstM8FtyqmtlGrVfDJhOoBmoP9_jUY1srSeC-M2h515DLQ1PTI-voVs7gbUnIId45nQAUisBM6CLT-FonNDPXWeHWYql6Ch0A&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&rfl=2%2Chttps%253A%252F%252Far.moddroid.co%252F%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 18:53:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 11208
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.doubleverify.com/dvbs_src_internal109.js
23.38.201.200200 OK 20 kB URL HTTP/1.1 cdn.doubleverify.com/dvbs_src_internal109.js
IP 23.38.201.200:0
File type ASCII text, with very long lines (2581), with CRLF, LF line terminators
Hash ed91f1e6cf14d6661fcf683a8d031c95
fb0c088dfceeacb3150c1b7d13a94836236278bc
e93902bb2edca1fe7472e34ea840c94fa8529979dd6ee33139c5bef944944f68
GET /dvbs_src_internal109.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 29 Aug 2022 13:20:14 GMT
Accept-Ranges: bytes
ETag: "03bb312aabbd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 19455
Date: Thu, 15 Sep 2022 18:53:42 GMT
Connection: keep-alive
propu.sh/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Content-Type: application/json
Origin: https://ar.moddroid.co
Content-Length: 746
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:42 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0830451b0364c37d3e381275f0f3083e
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0dfd060e0fb8dec42e8f52f8db247b61
d6f33b6390aa9a4b34375d58009977926bc1fff3
17e3d9698e2cd4caf0cbf66b71393b473300fb9a8a4b6f7b97f421e93d54ec44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Thu, 15 Sep 2022 18:53:42 GMT
expires: Thu, 15 Sep 2022 18:53:42 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 979014a2d4b501776633e545cb609b6e
2389a69c87bcb1b5d962361cec5a71bd43ba0b3b
26f3609adf40f444aa7770872be9a73c083ffe711a6caed25208c1fc00d709b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 139e378901d235e2c96688ce148599f7
e5b95d854ec3e671a28d939e5047c358d8090a79
07a77605a3f24898f8fe953b9d38f459c46bfabeb4893fc08a59de60d886a5b2
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 15 Sep 2022 18:53:42 GMT
date: Thu, 15 Sep 2022 18:53:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-yXt9KcTz6I8RY-HhqsqRgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c51675fd352c7db13261c905bfaa8342
85ac07e4592d413c55c204d4e52118be5bdd39cb
ffcbfefcb252a9ed446122906b75c29ca2aa64460ddbd912542d12bc68be9fd5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0dfd060e0fb8dec42e8f52f8db247b61
d6f33b6390aa9a4b34375d58009977926bc1fff3
17e3d9698e2cd4caf0cbf66b71393b473300fb9a8a4b6f7b97f421e93d54ec44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/18250399769905272899?sqp=-oaymwENCMACEDIgAUhkUAFYAQ&rs=AOga4qlg6loh2oP4SUavkcvnJnBFkW4NpQ
216.58.211.6200 OK 9.6 kB URL HTTP/2 s0.2mdn.net/simgad/18250399769905272899?sqp=-oaymwENCMACEDIgAUhkUAFYAQ&rs=AOga4qlg6loh2oP4SUavkcvnJnBFkW4NpQ
IP 216.58.211.6:0
File type PNG image data, 320 x 50, 8-bit/color RGB, non-interlaced\012- data
Hash be13e20389a99787226cf08bae8147de
91bc56e524c81bb2bfd93b84e82a4776065f7298
b1891c6bf494db40e7d282130a1cb1119e8ca20d00562ec60dfb8ee1573ac96b
GET /simgad/18250399769905272899?sqp=-oaymwENCMACEDIgAUhkUAFYAQ&rs=AOga4qlg6loh2oP4SUavkcvnJnBFkW4NpQ HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 9629
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 02:18:58 GMT
expires: Sat, 09 Sep 2023 02:18:58 GMT
cache-control: public, max-age=31536000
age: 578084
last-modified: Thu, 16 Jun 2022 18:20:42 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.netsolssl.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 45731e4629f69a521e216a6554916c30
977b3c1934e01f420489b9431321cb402300f108
8a11fa882485529641d55f4a7fde614d9b7c88de150b68c1099c05a0c5ce65da
POST / HTTP/1.1
Host: ocsp.netsolssl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 15 Sep 2022 00:10:18 GMT
Expires: Thu, 22 Sep 2022 00:10:17 GMT
Etag: "977b3c1934e01f420489b9431321cb402300f108"
Cache-Control: max-age=536794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74b391163ff2fac8-OSL
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20220912.91485&adurl=
142.250.74.34200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20220912.91485&adurl=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20220912.91485&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Thu, 15 Sep 2022 18:53:43 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Sep 2022 18:53:43 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=231&vt=11&dtpt=228&dett=2&cstd=0&cisv=r20220912.91485&adurl=
142.250.74.34200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=231&vt=11&dtpt=228&dett=2&cstd=0&cisv=r20220912.91485&adurl=
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvbIf68od-vvh2LeXNPufBoQD2HUPjO3EyZ49nX5lcPVm_7RZ60tzJbZtE5ARUJsS6YQUhVmd1Z1Q4ruUw2_LJDcwirAL6sbpoVzzmtHFQvJMoVTfsTmFGdjBVsgSahtIfm49RcBICiQh5QIIF1Dr81QTfzCkyx03PcS__uIp6bn1hDIXslBXcAgLgD9PR8YyXioAS5uG5ev4MoXa5A2xtjcqlX8ZBv3e5MjrN646k4J44DWUVOdz3775jeyrGq8LDQsQQDdy-DKn6rQSxz-v7QNz5xgX-qnmNZcKOe3JsPfZhR5aL-VOmw5PheuXIrJID8pXMNoAdVmoLOhu1qzRewl-84plFRm4VU0v69eAu85VxF-cmye3g8MdDRC4N2dHyktleu4ARUgawXfT-aAFvQTHs_1MQmOu5ne2R_JPJZCCXKcZAjxHluNwwY0GIImpZW9MtbNf7A_ZYIyLTT0XBMGwkicxLlOfzS51mKZnQzbIXWTlNHLbJBV1q6SSXd-JQyIH-MQHKjOVFwluSuXqrlWZusLhNqRrXp4tzM2rlljwqpOGGkI-DuUGvJ76PN-xnxFXjvJJYpwg2VNQknqcmGgFb3ymaOmkwRRXF8I9VZbEtsi1BtU_5i1hof6faa5IelnUg7XBx218l-Wt-BU2D9JeiTqM4qpf_2njWzjoP474x3BQgpb-4dxdARNAlK_mgeYV6wPr8Oz1bWbLhi7XKfoZt7jqQ1e-7FmKUY_vtzePJIEkXpVfOvBimMPScZ7dz-AoOvZaakL5EtXwjnKL1uloa2PsWYdMWrNjmsjr4YAXkqHt8h5ule8XxRuDxUB14a_peddauWxdO1Jf7SEjVeK56iNkDVX2HB1e50Tj4Rj0nmMTZ9ny6ilpeMwYohauzMMIZ_G5TdYThTj7HgWaB_hFM12Q933XykIBi-tt7d-Tqd6nabrN2zVrDiBSqkqiqZNOulCyQ2Z6WviKe42K8RdcQBdf5PY-GpnTArPyuY-TAObTboWErbIM-T3I8L7QE1Y4e-r7kJYAIdxnqFT-bemkXgeD0mvN3QitIJ2Rs7Z9Df-cr8YALbujNjnLPinFxbHq6Dw1gKl66zI6Gn3kh8AcLOVmmkRQ4UqGtDJ1m3ydf2ZmEF7n77-CNUjBucReJzKg&sai=AMfl-YQplZCC5cHOw5tXR-n6zkXbYsy4mcPDAZnbvvnelEUn-l0Xt1LiZowKFwZsr-O2LGYPqtOJG1micbBzlOAIxNh28R17obFnBch4I8k-WXtu79TChotMnph_5lrHJCXImEOIGcJiD3r2xDIrfqfeBHfEo4VSWSiaryiDx1mTCZBAWhIEc0qQ30CLTb4j7ieAllOtnBMWXeFOeM_GdtY4gYmnpAYoP4nzRjMN2HPbfhvgJ2Z7g-q6YDwWWmk8L9PDTGkp-7g77uWFkegfH-DrBeicwxAg-y_c8HKMbxGKx06AoMi5eb-Ig9iUkuXwxr7dumyZEOP9L0W-iFnBH6g65lnwZh9BY527Oq-GmunsuXw1kLFG1Oi0FVNw8QiaqvNRD2ttFy-9qN1GXME&sig=Cg0ArKJSzJZkMO6QEgvdEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=231&vt=11&dtpt=228&dett=2&cstd=0&cisv=r20220912.91485&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Thu, 15 Sep 2022 18:53:43 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:43 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Sep 2022 18:53:43 GMT
X-Firefox-Spdy: h2
rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_687838281312&jsTagObjCallback=__tagObject_callback_687838281312&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=687838281312&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&chro=0&hist=1&winh=90&winw=1005&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=4&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=157&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&dvp_exetime=8.00&aubndl=&audeal=&callbackName=__verify_callback_687838281312
213.254.244.112200 OK 1.4 kB URL HTTP/1.1 rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_687838281312&jsTagObjCallback=__tagObject_callback_687838281312&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=687838281312&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&chro=0&hist=1&winh=90&winw=1005&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=4&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=157&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&dvp_exetime=8.00&aubndl=&audeal=&callbackName=__verify_callback_687838281312
IP 213.254.244.112:0
File type ASCII text, with very long lines (1533)
Hash 0e21233ce85c63d1ec4e92578d72da9c
b43919a51ac1304508eeaf44002f95e06b87d1f9
7f8c525862d7198640a73dd9a6f786747696412ce89caeb4474e990ca079dc97
GET /verify.js?flvr=0&jsCallback=__verify_callback_687838281312&jsTagObjCallback=__tagObject_callback_687838281312&num=6&ctx=1828362&cmp=184417&plc=6615336&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=687838281312&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Linux%20x86_64&dvp_strhd=1.00&dvpx_strhd=1.00&brid=0&brver=&bridua=2&dup=null&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&c1=3060631&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&chro=0&hist=1&winh=90&winw=1005&wouh=1024&wouw=1280&scah=1002&scaw=1280&srcurlD=0&ssl=1&refD=2&htmlmsging=1&prr=1&aUrlD=-1&m1=13&noc=16&fcifrms=4&brh=1&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=157&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&dvp_exetime=8.00&aubndl=&audeal=&callbackName=__verify_callback_687838281312 HTTP/1.1
Host: rtb0.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:40 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 09/14/2022 18:53:43
Pragma: no-cache
Vary: Accept-Encoding
X-DV-Response: 1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c51675fd352c7db13261c905bfaa8342
85ac07e4592d413c55c204d4e52118be5bdd39cb
ffcbfefcb252a9ed446122906b75c29ca2aa64460ddbd912542d12bc68be9fd5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 54bd2af71210a73e2f5491611491beb4
8579f437d31aabd2a677b4529093b0d891cf6f02
e4b959a4c103a84aed15da70fd3074dc6ccd55300efa86e4b59a7cf1682200b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c86fc6649c7c512abb52fcd62d51ee26
bf241d6c1779668447df444a239d715b6ed46f6d
822cb499ea058f2c40ce4942048528575fadc172d3669007f5f34fae41c7ea49
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=90.265;sz=728x90;u_sd=1;dc_adk=456480826;ord=9em95a;dc_rfl=2,https%3A%2F%2Far.moddroid.co%2F$0;xdt=1;crlt=kIZCG'4KLh;stc=1;sttr=82;prcl=s
216.58.207.198200 OK 26 kB URL HTTP/2 ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=90.265;sz=728x90;u_sd=1;dc_adk=456480826;ord=9em95a;dc_rfl=2,https%3A%2F%2Far.moddroid.co%2F$0;xdt=1;crlt=kIZCG'4KLh;stc=1;sttr=82;prcl=s
IP 216.58.207.198:0
File type ASCII text, with very long lines (56898), with no line terminators
Hash 73a29150d519a6f6463421b147c8795e
18a9610838189354c4287733f0a9979678da80ce
f52871df27f723fc836a13c14d5785dcc49c7a51b61cd78d1663d35511abfd0e
GET /ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=90.265;sz=728x90;u_sd=1;dc_adk=456480826;ord=9em95a;dc_rfl=2,https%3A%2F%2Far.moddroid.co%2F$0;xdt=1;crlt=kIZCG'4KLh;stc=1;sttr=82;prcl=s HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 Sep 2022 18:53:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 25833
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Sep-2022 19:08:43 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c86fc6649c7c512abb52fcd62d51ee26
bf241d6c1779668447df444a239d715b6ed46f6d
822cb499ea058f2c40ce4942048528575fadc172d3669007f5f34fae41c7ea49
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e669093dc2c285ce41d74ad82e5c3d2
1e65ded94e2b8c575979da362ce8dc2e304c5d5f
5a3c12851ee84e69a6ff8f0707d036d36827c77011af12aeabc187220e0fc79c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 54bd2af71210a73e2f5491611491beb4
8579f437d31aabd2a677b4529093b0d891cf6f02
e4b959a4c103a84aed15da70fd3074dc6ccd55300efa86e4b59a7cf1682200b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e669093dc2c285ce41d74ad82e5c3d2
1e65ded94e2b8c575979da362ce8dc2e304c5d5f
5a3c12851ee84e69a6ff8f0707d036d36827c77011af12aeabc187220e0fc79c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
142.250.74.10200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
IP 142.250.74.10:0
Hash 400022f274701c5f732b246e037f6f02
f1f9f20751ab679a492cddd1166c30c0784a15c7
e1c62f89bccb31f07e814011fa0b120831b7976bd9b2e5f92f915727787826cd
GET /css?family=Google%20Sans%3A400%2C500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 15 Sep 2022 18:53:43 GMT
date: Thu, 15 Sep 2022 18:53:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
142.250.74.163200 OK 604 B URL HTTP/2 www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
IP 142.250.74.163:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 7bd42e5a35b5fb3ff852d6ea9191ca83
8a141eb392a05a2dea3dcd83b97940ef70a81ebc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
GET /images/icons/material/system/2x/settings_grey600_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 06:20:49 GMT
expires: Fri, 15 Sep 2023 06:20:49 GMT
cache-control: public, max-age=31536000
age: 45174
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.doubleverify.com/dv-measurements3068.js
23.38.201.200200 OK 107 kB URL HTTP/1.1 cdn.doubleverify.com/dv-measurements3068.js
IP 23.38.201.200:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 107 kB (106967 bytes)
Hash 174a26fc9c43cd5a6fcc4ce4a1df27ee
a20c52e0348ffabb834b14bbd5fcf5461ecacc36
0c594a6b144f735a3778341966aad0cd02d8aa9565cef2673b8bd25ae9250fd0
GET /dv-measurements3068.js HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=946080900
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 13 Sep 2022 16:36:13 GMT
Accept-Ranges: bytes
ETag: "807cceef8ec7d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 106967
Date: Thu, 15 Sep 2022 18:53:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.242200 OK 503 B IP 23.36.76.242:0
ASN #20940 Akamai International B.V.
Hash a5afe42cc71d8ffd764c594daf3f9e65
cd40468d966eb30662e7ffd6cb7722a79cb03bb2
ef7c7f7a00ceb3ff1c2e4d75a5e5aef51cbc9cc66339a4dd5af283f639d45ea7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF7C7F7A00CEB3FF1C2E4D75A5E5AEF51CBC9CC66339A4DD5AF283F639D45EA7"
Last-Modified: Tue, 13 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Thu, 15 Sep 2022 22:57:49 GMT
Date: Thu, 15 Sep 2022 18:53:43 GMT
Connection: keep-alive
hal9000.redintelligence.net/zone/iy8ik46abdx9?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D
94.130.102.164200 OK 4.1 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/iy8ik46abdx9?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D
IP 94.130.102.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1622), with CRLF line terminators
Hash 3fdef23f6e7b2a091de159d36303a3d7
6232db971679747ba3bba7b7d8729b9edfa1102f
563d43b51afae7a0f7066996adaf4ab8b01f9bcfb978135365df3903cd747270
GET /zone/iy8ik46abdx9?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:43 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4055
Connection: close
Content-Type: text/html; charset=UTF-8
tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=313&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&srcurlD=0&aUrlD=-1&ssl=https:&uid=1663268008431541&jsCallback=dvCallback_1663268008431564&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3068&tgjsver=3068&lvvn=28&m1=13&refD=2&fcifrms=9&brh=1&sdf=2&dvp_epl=158&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=626751598.9871135&dvp_tukv=363515214656.2661&dvp_uuid=3400805623.5477877&dvp_tuid=783384193614
213.254.244.112200 OK 1.0 kB URL HTTP/1.1 tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=313&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&srcurlD=0&aUrlD=-1&ssl=https:&uid=1663268008431541&jsCallback=dvCallback_1663268008431564&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3068&tgjsver=3068&lvvn=28&m1=13&refD=2&fcifrms=9&brh=1&sdf=2&dvp_epl=158&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=626751598.9871135&dvp_tukv=363515214656.2661&dvp_uuid=3400805623.5477877&dvp_tuid=783384193614
IP 213.254.244.112:0
File type ASCII text, with very long lines (2179), with no line terminators
Hash e2858bec094495c636e8ab4cd6d8ba03
18d4ae5209ae2c417fca562bddccbaf9d71b3a36
3eea887f9f57446948b615a49a2e1b2eeafce5e03856e0aa2ef8586504c092f0
GET /visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=313&ttfrms=17&bridua=2&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40TauU2%26C%3Dl9EEADTbpTauTau2C%5D%3E%4055C%40%3A5%5D4%40Tau2AADTauG%3A56%40%3EFD%3A4TauD%40F%3F54%3D%40F5Tau&srcurlD=0&aUrlD=-1&ssl=https:&uid=1663268008431541&jsCallback=dvCallback_1663268008431564&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&htmlmsging=1&chro=0&hist=1&winh=90&winw=728&wouh=1024&wouw=1280&scah=1002&scaw=1280&jsver=3068&tgjsver=3068&lvvn=28&m1=13&refD=2&fcifrms=9&brh=1&sdf=2&dvp_epl=158&noc=16&nav_pltfrm=Linux%20x86_64&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://ar.moddroid.co/apps/videomusic/soundcloud/&c1=3060631&errorURL=https://tps.doubleverify.com/visit.jpg&ppid=103&auevent=ABAjH0iGcWe86zs6Po7bFjqJQQhI&aucrtv=434279737&auorder=22886445&ausite=960091948452&auxch=1&aulitem=56868964&pltfrm=1&aufilter1=3060631&autt=1&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=626751598.9871135&dvp_tukv=363515214656.2661&dvp_uuid=3400805623.5477877&dvp_tuid=783384193614 HTTP/1.1
Host: tps.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:42 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Cache-Control: max-age=0
Content-Encoding: br
Expires: 09/14/2022 18:53:43
Pragma: no-cache
Vary: Accept-Encoding
cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=a02f3fb4d3f6467ea5facb86f792a8a3&cbust=1663268008620821
23.38.201.200302 Moved Temporarily 0 B URL HTTP/1.1 cdn.doubleverify.com/redirect/?host=tpsc-frc¶m=akipv6&impid=a02f3fb4d3f6467ea5facb86f792a8a3&cbust=1663268008620821
IP 23.38.201.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect/?host=tpsc-frc¶m=akipv6&impid=a02f3fb4d3f6467ea5facb86f792a8a3&cbust=1663268008620821 HTTP/1.1
Host: cdn.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&akipv6=
Date: Thu, 15 Sep 2022 18:53:43 GMT
Connection: keep-alive
hal900011.redintelligence.net/request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
138.201.64.38302 Found 0 B URL HTTP/1.1 hal900011.redintelligence.net/request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
IP 138.201.64.38:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP/1.1
Host: hal900011.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Thu, 15 Sep 2022 18:53:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Sep 2022 19:53:43 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c; expires=Wed, 14-Dec-2022 18:53:43 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
Location: request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
rtbc-frc.doubleverify.com/bsevent.gif?flvr=0&impid=e567786f7bbf48298b7b6ed3d4654a01&dvpx_gfbc=1&cbust=1663268007703472&google_error=3
213.254.244.112204 No Content 0 B URL HTTP/1.1 rtbc-frc.doubleverify.com/bsevent.gif?flvr=0&impid=e567786f7bbf48298b7b6ed3d4654a01&dvpx_gfbc=1&cbust=1663268007703472&google_error=3
IP 213.254.244.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bsevent.gif?flvr=0&impid=e567786f7bbf48298b7b6ed3d4654a01&dvpx_gfbc=1&cbust=1663268007703472&google_error=3 HTTP/1.1
Host: rtbc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Thu, 15 Sep 2022 18:53:42 GMT
Cache-Control: max-age=0
Expires: 09/14/2022 18:53:43
Pragma: no-cache
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdUmEu-5DziWc_g3NhsG8rWUdJGBF7R7B7UP8bn26H4iPgO51ZBep0nT9GeNBFGqKc2eZw4CigKxm3-YmYi9DmNrjqzw5WB52XuY9Q8qCn2QPsx578c1FVdUL7WHGhMAGMmwgqvLw&sai=AMfl-YT9OjcWZpMXoXrvZ2prZClZlijKgKKqBEXQBtJwCNFpFNTwyThTiy1C-kkQwG20U2KgHWIxVZj2LK0-BDggL2DXHTQn726TX8uKLkdke-4DsJXPtRUkChR5MkZXXXM&sig=Cg0ArKJSzPdQ4pIul5xOEAE&cid=CAASJ-RoXPohGCBwXL9dt0H1f4fJvGrGdrdPjhIxxf2kYmvTXWYG1Ka3Pw&id=lidar2&mcvt=1030&p=93,474,143,794&mtos=1030,1030,1030,1030,1030&tos=1030,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3497377981&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007348&rpt=290&isd=0&lsd=0&met=ie&wmsd=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdUmEu-5DziWc_g3NhsG8rWUdJGBF7R7B7UP8bn26H4iPgO51ZBep0nT9GeNBFGqKc2eZw4CigKxm3-YmYi9DmNrjqzw5WB52XuY9Q8qCn2QPsx578c1FVdUL7WHGhMAGMmwgqvLw&sai=AMfl-YT9OjcWZpMXoXrvZ2prZClZlijKgKKqBEXQBtJwCNFpFNTwyThTiy1C-kkQwG20U2KgHWIxVZj2LK0-BDggL2DXHTQn726TX8uKLkdke-4DsJXPtRUkChR5MkZXXXM&sig=Cg0ArKJSzPdQ4pIul5xOEAE&cid=CAASJ-RoXPohGCBwXL9dt0H1f4fJvGrGdrdPjhIxxf2kYmvTXWYG1Ka3Pw&id=lidar2&mcvt=1030&p=93,474,143,794&mtos=1030,1030,1030,1030,1030&tos=1030,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3497377981&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007348&rpt=290&isd=0&lsd=0&met=ie&wmsd=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjstdUmEu-5DziWc_g3NhsG8rWUdJGBF7R7B7UP8bn26H4iPgO51ZBep0nT9GeNBFGqKc2eZw4CigKxm3-YmYi9DmNrjqzw5WB52XuY9Q8qCn2QPsx578c1FVdUL7WHGhMAGMmwgqvLw&sai=AMfl-YT9OjcWZpMXoXrvZ2prZClZlijKgKKqBEXQBtJwCNFpFNTwyThTiy1C-kkQwG20U2KgHWIxVZj2LK0-BDggL2DXHTQn726TX8uKLkdke-4DsJXPtRUkChR5MkZXXXM&sig=Cg0ArKJSzPdQ4pIul5xOEAE&cid=CAASJ-RoXPohGCBwXL9dt0H1f4fJvGrGdrdPjhIxxf2kYmvTXWYG1Ka3Pw&id=lidar2&mcvt=1030&p=93,474,143,794&mtos=1030,1030,1030,1030,1030&tos=1030,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3497377981&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007348&rpt=290&isd=0&lsd=0&met=ie&wmsd=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 15 Sep 2022 18:53:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&akipv6=
213.254.244.112204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&akipv6=
IP 213.254.244.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&akipv6= HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Thu, 15 Sep 2022 18:53:44 GMT
Cache-Control: max-age=0
Expires: 09/14/2022 18:53:44
Pragma: no-cache
hal900011.redintelligence.net/request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
138.201.64.38200 OK 512 B URL HTTP/1.1 hal900011.redintelligence.net/request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
IP 138.201.64.38:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 29819b5e4da45f60b203692958a574cb
f6041b5ba9921a239ad7db775ee2e676516db620
0b36f7e139a49d4e51139696c6d6bda8dda8c54d4a209b796c944502025f6c39
GET /request.php?zone=iy8ik46abdx9&nw=20&renderingType=javascript&namespace=2cf5f85c3e&subid=&uid=d34e12b58d4616f3&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCysAXtnQjY-K6Oe2UxdwPu-m22AXJuaKcabyvzc7VD_AuEAEgmd-1kQFgw4SAgJgYyAEJqQKwi0qUnMewPqgDAaoE4wFP0IXIJ84L8hgpsnl1wAxCBkM3p1QVdLnCz1usCWFO7Px_7mHkum8OmIOHt8_DiUrk6pH_8TenwoB9zJern26U4JeTRbGKcCgvw-japwnxCulPZb65HDcZO7_mmIQ6I4pgL_3L9QI8bYZl-UXxe_KqocI_VNN7LljiG5FKoObBA8DTlLDRCid4ZClzfP94GlT4yRtGcbT3pki6DJvW3OHj5EA9Zco1paLrciZ3MFhjF5lCcwbToqASILeN84BAraa5iWa6vAfYceRDC98-g-dBjOIbJRx4whHH1MulJp-VAqOS3sAEwb2U_PMD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgOYCwHICwGADAGwE5yizQ7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ%26sig%3DAOD64_0uEBkXKsTunPVJZb6iNwOPIcqMXw%26client%3Dca-pub-1474415292070496%26dbm_c%3DAKAmf-AsN6nG51RrDfeU8DVKtFL_5yLIjZ1vy7S0dWl36kn26YaDUvk3nl9Gb1U8WbuuHTnQ0zcjx-yu7__yA0uOvjkJICfQQoMPIlZWytHn_LUhJ4IKKjzE1CxgBe2o8L6aZ2lWYxf5r-UWmSn7O0S6lBce9xLE7DzRt8JNBvPpfbQGRg7ehps%26cry%3D1%26dbm_d%3DAKAmf-D08IG-5Qm0euXOzxJAfujNNf6rtD7bA05cNbiKd8_yXJ4QnsnBYMyQWT-ZV5IqJyNtgswqrDRUNHo7Yw_VxmMCGuOuZTV_8ul88s3XjbbGybuxU4Gv7NehNshBmjVdi5jyZ7Z9UMVpRSJInLTsaRVe29GqE7XJ82AcTkSe3x2WrG4xw_L05lKATDw6sKz1g3pTaRnzw6AMMbqEempPGIb9uo2yw-QyWOUiedLdBdiE2hxxipfaks7gon1AqZkkJoqJQLFRYkdHHvh5463l2Oxi_aKhMaKNLwIh5Tztg57OZMYp-Y9DKbu-VjhK3GzcglK4DM_0CXBGNm9e5DueC0haULIEZLajhQZ3XzjM-AkBgTERpHbymp4hdq7OPojGxlmrWdkZcuUqMDoWdIWkvbFtwzu_E4o17gBcLN6vc08hcYx3xLRP9_YantwmATbow_BAZGuHm_3qWW2RtAX5kKLgQ3s5qKW3zjzSasoavcEIAEz3YM6vAnb5JFfbOXfViO1voGIIr-npf6EoS9bWpFn8hkCLVDbafn9no2hWzqP_oTVnM-BWLN5a0rxs05j4EqAsdHP8%26adurl%3D&documentReferer=https%3A%2F%2Far.moddroid.co%2F&ancestorOrigins=null&random=6351411164508&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal900011.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:44 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Sep 2022 19:53:44 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c; expires=Wed, 14-Dec-2022 18:53:44 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 97786900144295604438320012083011
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 512
Connection: close
Content-Type: application/x-javascript; charset=utf-8
hal900011.redintelligence.net/request_content.php?s=97786900144295604438320012083011&a=561dc20e
138.201.64.38200 OK 1.5 kB URL HTTP/1.1 hal900011.redintelligence.net/request_content.php?s=97786900144295604438320012083011&a=561dc20e
IP 138.201.64.38:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 485fae4d978c2a27616dfc9ea5846f3f
505ed2df68acdd352fdf2c9f0e9494238c4ae7e4
4fa08faa575e156c32dfed1a410cabd9ab30996be7964937eecb595ae250eee6
GET /request_content.php?s=97786900144295604438320012083011&a=561dc20e HTTP/1.1
Host: hal900011.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:44 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 15 Sep 2022 19:53:44 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1504
Connection: close
Content-Type: text/html; charset=utf-8
hal900011.redintelligence.net/viewability?s=97786900144295604438320012083011&a=642c4105&vb=m
138.201.64.38200 OK 0 B URL HTTP/1.1 hal900011.redintelligence.net/viewability?s=97786900144295604438320012083011&a=642c4105&vb=m
IP 138.201.64.38:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=97786900144295604438320012083011&a=642c4105&vb=m HTTP/1.1
Host: hal900011.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900011.redintelligence.net/request_content.php?s=97786900144295604438320012083011&a=561dc20e
Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:44 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1663268008620294&google_error=3
213.254.244.112204 No Content 0 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1663268008620294&google_error=3
IP 213.254.244.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvpx_gfbc=1&cbust=1663268008620294&google_error=3 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Thu, 15 Sep 2022 18:53:43 GMT
Cache-Control: max-age=0
Expires: 09/14/2022 18:53:44
Pragma: no-cache
cdn.contentspread.net/24i/content/soberfb/EN/S-300x250.gif
88.99.69.161200 OK 71 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-300x250.gif
IP 88.99.69.161:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Hash d6ba1ff0393a5eb5224cf2416db7ba0b
c73aed3c96fd54b634cf2f38358fb59f99484ae0
fb805ea8e0e2123c713b4613ec92e55d7c11db579417ab8bdbd070d5c18e5104
GET /24i/content/soberfb/EN/S-300x250.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900011.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 Sep 2022 18:53:44 GMT
Content-Type: image/gif
Content-Length: 71110
Last-Modified: Mon, 23 Jul 2018 15:20:14 GMT
Connection: close
ETag: "5b55f22e-115c6"
Accept-Ranges: bytes
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKCdPHiqMCRiHnHA5K4rVzq9EhYO3vW0j5MlC0iC0U4fJhNfoPvVCvZ-9OkH38xpQe7h7k6dibIjXkXh-xNq8&sig=Cg0ArKJSzJk7wRXjhjW5EAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=456480826&rs=6&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1388&wmsd=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKCdPHiqMCRiHnHA5K4rVzq9EhYO3vW0j5MlC0iC0U4fJhNfoPvVCvZ-9OkH38xpQe7h7k6dibIjXkXh-xNq8&sig=Cg0ArKJSzJk7wRXjhjW5EAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=456480826&rs=6&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1388&wmsd=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsvKCdPHiqMCRiHnHA5K4rVzq9EhYO3vW0j5MlC0iC0U4fJhNfoPvVCvZ-9OkH38xpQe7h7k6dibIjXkXh-xNq8&sig=Cg0ArKJSzJk7wRXjhjW5EAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=456480826&rs=6&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1388&wmsd=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 15 Sep 2022 18:53:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssB24yytS7jlkGBRuBup5EymPvwd_3PIe34M1dnqT9c8OlxB1_rCWLwb7v-jy5oQ7lPKtY3E51qo7OGpOk7ylB8fGY8s5qtej4wH2T85nZoKokWzEUSUMdBBtm2TtnzmD0ib08tGh8&sai=AMfl-YSm227fFJ6EVZYRBdznFAj_IITU4y5WseUQ0IyjhjN8m3Ft6f5ZjCGuJqLdT1CjV44cPbhv8LUSyOyLcx7Tk39895WOKDGVMoa8wwVcAxDYrp5qCVAII6F6HewVR3Lv&sig=Cg0ArKJSzILX3wlVPhexEAE&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&id=lidar2&mcvt=1004&p=849,132,943,860&mtos=0,1004,1004,1004,1004&tos=0,1004,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=3194137279&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1382&isd=0&lsd=0&met=mue&wmsd=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssB24yytS7jlkGBRuBup5EymPvwd_3PIe34M1dnqT9c8OlxB1_rCWLwb7v-jy5oQ7lPKtY3E51qo7OGpOk7ylB8fGY8s5qtej4wH2T85nZoKokWzEUSUMdBBtm2TtnzmD0ib08tGh8&sai=AMfl-YSm227fFJ6EVZYRBdznFAj_IITU4y5WseUQ0IyjhjN8m3Ft6f5ZjCGuJqLdT1CjV44cPbhv8LUSyOyLcx7Tk39895WOKDGVMoa8wwVcAxDYrp5qCVAII6F6HewVR3Lv&sig=Cg0ArKJSzILX3wlVPhexEAE&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&id=lidar2&mcvt=1004&p=849,132,943,860&mtos=0,1004,1004,1004,1004&tos=0,1004,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=3194137279&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1382&isd=0&lsd=0&met=mue&wmsd=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjssB24yytS7jlkGBRuBup5EymPvwd_3PIe34M1dnqT9c8OlxB1_rCWLwb7v-jy5oQ7lPKtY3E51qo7OGpOk7ylB8fGY8s5qtej4wH2T85nZoKokWzEUSUMdBBtm2TtnzmD0ib08tGh8&sai=AMfl-YSm227fFJ6EVZYRBdznFAj_IITU4y5WseUQ0IyjhjN8m3Ft6f5ZjCGuJqLdT1CjV44cPbhv8LUSyOyLcx7Tk39895WOKDGVMoa8wwVcAxDYrp5qCVAII6F6HewVR3Lv&sig=Cg0ArKJSzILX3wlVPhexEAE&cid=CAQSPwCsnQUxdxdystDMneKU1i_hN33P1ECGQvPnfklR3Rcfh112wYrkgGm4i3-QWhzy658xR3O1sj30RiFO8knupBgBIA4&id=lidar2&mcvt=1004&p=849,132,943,860&mtos=0,1004,1004,1004,1004&tos=0,1004,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=3194137279&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007103&rpt=1382&isd=0&lsd=0&met=mue&wmsd=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 15 Sep 2022 18:53:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuoA0gUvwMM_jc2cmuOyuXsapRcfjn-BtEwBVZhYlnzoadvl7Qh7W6w6NBEARV-nndQ9vFdM0zf0KBpTZEJk0H9DwBmRVGbAAN8f8rE3b2ndb05NGeSH7bpPEgY2A&sai=AMfl-YQ_RBiZpXkOi4Y5XzmuZvIOqCETcPgKC34iLgIrG45-rxArWXXCjJI1etrlPXp3Y7uU5__9_gm1FWK_wVJ-oGkdJ9iAXbUEp7akSWPwIYRsXdIeosb24usFuKhcVkA&sig=Cg0ArKJSzP2SxMoQGvLCEAE&cid=CAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ&id=lidar2&mcvt=1000&p=671,484,921,784&mtos=453,1000,1000,1000,1000&tos=453,547,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2226504710&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007915&rpt=1056&isd=0&lsd=0&met=mue&wmsd=0
142.250.74.2200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuoA0gUvwMM_jc2cmuOyuXsapRcfjn-BtEwBVZhYlnzoadvl7Qh7W6w6NBEARV-nndQ9vFdM0zf0KBpTZEJk0H9DwBmRVGbAAN8f8rE3b2ndb05NGeSH7bpPEgY2A&sai=AMfl-YQ_RBiZpXkOi4Y5XzmuZvIOqCETcPgKC34iLgIrG45-rxArWXXCjJI1etrlPXp3Y7uU5__9_gm1FWK_wVJ-oGkdJ9iAXbUEp7akSWPwIYRsXdIeosb24usFuKhcVkA&sig=Cg0ArKJSzP2SxMoQGvLCEAE&cid=CAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ&id=lidar2&mcvt=1000&p=671,484,921,784&mtos=453,1000,1000,1000,1000&tos=453,547,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2226504710&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007915&rpt=1056&isd=0&lsd=0&met=mue&wmsd=0
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsuoA0gUvwMM_jc2cmuOyuXsapRcfjn-BtEwBVZhYlnzoadvl7Qh7W6w6NBEARV-nndQ9vFdM0zf0KBpTZEJk0H9DwBmRVGbAAN8f8rE3b2ndb05NGeSH7bpPEgY2A&sai=AMfl-YQ_RBiZpXkOi4Y5XzmuZvIOqCETcPgKC34iLgIrG45-rxArWXXCjJI1etrlPXp3Y7uU5__9_gm1FWK_wVJ-oGkdJ9iAXbUEp7akSWPwIYRsXdIeosb24usFuKhcVkA&sig=Cg0ArKJSzP2SxMoQGvLCEAE&cid=CAASJ-Rol2qc4MQ-HH07fR-rK81befY0A9p_Rl7Emg17oYi5AGnVDnz8JQ&id=lidar2&mcvt=1000&p=671,484,921,784&mtos=453,1000,1000,1000,1000&tos=453,547,0,0,0&v=20220914&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2226504710&rs=4&la=0&cr=0&vs=4&r=v&rst=1663268007915&rpt=1056&isd=0&lsd=0&met=mue&wmsd=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Thu, 15 Sep 2022 18:53:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hal900011.redintelligence.net/viewability?s=97786900144295604438320012083011&a=642c4105&vb=v
138.201.64.38200 OK 0 B URL HTTP/1.1 hal900011.redintelligence.net/viewability?s=97786900144295604438320012083011&a=642c4105&vb=v
IP 138.201.64.38:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=97786900144295604438320012083011&a=642c4105&vb=v HTTP/1.1
Host: hal900011.redintelligence.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900011.redintelligence.net/request_content.php?s=97786900144295604438320012083011&a=561dc20e
Cookie: 8lcfmzhxc8d6_uid=f45196d85052240c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 15 Sep 2022 18:53:45 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
goomaphy.com/impression/hlG9hfZKmWZQMjVH08MtJFHG2yX7BqEE8EYo7lvlXVw6dfNKG02sdTNQ0ZyEcLKaGAV_DpWn6t2bywJriTduLfR_cXUKwLmtXYjY9VHQ0hRB8-OFlybf85W7EH6Iy8VF5UmcAUXzOpjSTkSXwClEJFJHTWE00-GhMGOCEW5AH85AnKvNyaDbLqfiNm1Q6N4IrJaY1y47WGO0nM9eQsOs76VpXI15pQdPo5_rqleFEXSU4lIWGhRrn7dAehwREmbF7kmP90flAvfTSLam5u87MWEHSE4WJp0Y8hodbpEOBLUgJQEGERhkVh340st_xqg8yyXl6iofOor9rOxVS9HWoXzgG4DvDR0sUhth_rJXEq4rPXlSQA37C0kpvnRM64ttRp4WjiaeKOg683XBlVToJTccXWvk3dlx2jPmdgYL_Rx7fhunPcpFtK3YH0g1ohJWPa5dduGIC63fzD4kg8CgsBopEn43_j9J4-eCd2F-5VlEZWjzR-qDBUvttD3rDKpvsh3wkNjLOEQnWkjIyWOLktvNgZ7tpGfsjHcnM2Eahg5O_kpHnvPw9Q5HmJoptvznzfJdadPktrUh0h_I7UXm3m2YHRLpKnE7?_z=5331011&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=8&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 goomaphy.com/impression/hlG9hfZKmWZQMjVH08MtJFHG2yX7BqEE8EYo7lvlXVw6dfNKG02sdTNQ0ZyEcLKaGAV_DpWn6t2bywJriTduLfR_cXUKwLmtXYjY9VHQ0hRB8-OFlybf85W7EH6Iy8VF5UmcAUXzOpjSTkSXwClEJFJHTWE00-GhMGOCEW5AH85AnKvNyaDbLqfiNm1Q6N4IrJaY1y47WGO0nM9eQsOs76VpXI15pQdPo5_rqleFEXSU4lIWGhRrn7dAehwREmbF7kmP90flAvfTSLam5u87MWEHSE4WJp0Y8hodbpEOBLUgJQEGERhkVh340st_xqg8yyXl6iofOor9rOxVS9HWoXzgG4DvDR0sUhth_rJXEq4rPXlSQA37C0kpvnRM64ttRp4WjiaeKOg683XBlVToJTccXWvk3dlx2jPmdgYL_Rx7fhunPcpFtK3YH0g1ohJWPa5dduGIC63fzD4kg8CgsBopEn43_j9J4-eCd2F-5VlEZWjzR-qDBUvttD3rDKpvsh3wkNjLOEQnWkjIyWOLktvNgZ7tpGfsjHcnM2Eahg5O_kpHnvPw9Q5HmJoptvznzfJdadPktrUh0h_I7UXm3m2YHRLpKnE7?_z=5331011&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=8&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/hlG9hfZKmWZQMjVH08MtJFHG2yX7BqEE8EYo7lvlXVw6dfNKG02sdTNQ0ZyEcLKaGAV_DpWn6t2bywJriTduLfR_cXUKwLmtXYjY9VHQ0hRB8-OFlybf85W7EH6Iy8VF5UmcAUXzOpjSTkSXwClEJFJHTWE00-GhMGOCEW5AH85AnKvNyaDbLqfiNm1Q6N4IrJaY1y47WGO0nM9eQsOs76VpXI15pQdPo5_rqleFEXSU4lIWGhRrn7dAehwREmbF7kmP90flAvfTSLam5u87MWEHSE4WJp0Y8hodbpEOBLUgJQEGERhkVh340st_xqg8yyXl6iofOor9rOxVS9HWoXzgG4DvDR0sUhth_rJXEq4rPXlSQA37C0kpvnRM64ttRp4WjiaeKOg683XBlVToJTccXWvk3dlx2jPmdgYL_Rx7fhunPcpFtK3YH0g1ohJWPa5dduGIC63fzD4kg8CgsBopEn43_j9J4-eCd2F-5VlEZWjzR-qDBUvttD3rDKpvsh3wkNjLOEQnWkjIyWOLktvNgZ7tpGfsjHcnM2Eahg5O_kpHnvPw9Q5HmJoptvznzfJdadPktrUh0h_I7UXm3m2YHRLpKnE7?_z=5331011&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=8&pl=https%3A%2F%2Far.moddroid.co%2Fapps%2Fvideomusic%2Fsoundcloud%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Cookie: OAID=2d32363347804168ba8d43212ce54ce8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:45 GMT
content-type: image/gif
content-length: 43
x-trace-id: 18131d38484cfa5961ff74070072535a
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 83978
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ar.moddroid.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 83978
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=142&eoid=11&msrjs=3068&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=104&vltms=142&sei=145&vetms=48&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=36&isumms=35&nvr=6&isgmmims=36&isgmv4mims=36&elmtp=6&isbxdms=2285&b0=100&b11=2251&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2351&sftb=2351&msrdp=4&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1081&isuiabvms=1081&isgmpims=400&isgmv4dpims=1081&ispmxpms=1081&engalms=34&dvp_dpr=1&ttfurm=3203&cbust=1663268011619415
213.254.244.112204 No Content 760 B URL HTTP/1.1 tpsc-frc.doubleverify.com/event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=142&eoid=11&msrjs=3068&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=104&vltms=142&sei=145&vetms=48&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=36&isumms=35&nvr=6&isgmmims=36&isgmv4mims=36&elmtp=6&isbxdms=2285&b0=100&b11=2251&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2351&sftb=2351&msrdp=4&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1081&isuiabvms=1081&isgmpims=400&isgmv4dpims=1081&ispmxpms=1081&engalms=34&dvp_dpr=1&ttfurm=3203&cbust=1663268011619415
IP 213.254.244.112:0
File type gzip compressed data, max compression\012- data
Hash 24badabba487ae623eec35a101f55ecc
1d146f28493e89c1aab6f8f113ed42e4b75c5467
2e20c4a1e248ade5ec10c1cb76ebde7b13d5b8e1bd2de1ae5c3e6962b66d73c7
POST /event.png?impid=a02f3fb4d3f6467ea5facb86f792a8a3&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=142&eoid=11&msrjs=3068&sdf=67108866&vit=2&isvelg=1&rmi=16&tltms=0&tetms=4&msltms=104&vltms=142&sei=145&vetms=48&engms=1&engisel=1&dvp_dtcov=4&msrcanlm=392&msrcannum=3&ismms=36&isumms=35&nvr=6&isgmmims=36&isgmv4mims=36&elmtp=6&isbxdms=2285&b0=100&b11=2251&adhgt=90&adwdth=728&norwdth=728&norhgt=90&vsos=5&dvp_vsosnmr=16&lftb=2351&sftb=2351&msrdp=4&naral=128&vct=512&vphgt=1024&vpwdth=1280&chgt=90&cwdth=728&invcs=false&scrhgt=1024&scrwdth=1280&strp=0&advisonl=false&isiabvms=1081&isuiabvms=1081&isgmpims=400&isgmv4dpims=1081&ispmxpms=1081&engalms=34&dvp_dpr=1&ttfurm=3203&cbust=1663268011619415 HTTP/1.1
Host: tpsc-frc.doubleverify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 204 No Content
Date: Thu, 15 Sep 2022 18:53:46 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0
Expires: 09/14/2022 18:53:47
Pragma: no-cache
my.rtmark.net/gid.js?pub=0&userId=8467847b0641418dbbb3a76c7df1baca&zoneId=5234444&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=8467847b0641418dbbb3a76c7df1baca&zoneId=5234444&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 14a89b78b78954ec9f3295eb52405b31
5f7c5389618863bb6e4a4ffa413c93b03a7f78ae
f72c6bf54594a852918dad9f0fc34f04df4f057c3bd8135942f2bbc1788e6dc5
GET /gid.js?pub=0&userId=8467847b0641418dbbb3a76c7df1baca&zoneId=5234444&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Origin: https://ar.moddroid.co
Connection: keep-alive
Cookie: ID=2d32363347804168ba8d43212ce54ce8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:48 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2d32363347804168ba8d43212ce54ce8; expires=Fri, 15 Sep 2023 18:53:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
propu.sh/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar.moddroid.co/
Content-Type: application/json
Origin: https://ar.moddroid.co
Content-Length: 400
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:48 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f80945d9111cc8d16937bf5b6ca9162b
access-control-allow-origin: https://ar.moddroid.co
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
1558334541.rsc.cdn77.org/nfs/20220713/etp.min.js
185.76.9.16200 OK 0 B URL HTTP/2 1558334541.rsc.cdn77.org/nfs/20220713/etp.min.js
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /nfs/20220713/etp.min.js HTTP/1.1
Host: 1558334541.rsc.cdn77.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/javascript
x-amz-id-2: uTl9q5mk+5nj6j0FjyxAMKNQMXzStS2BD+CzXpqx5xynRM3fUdvDprszT97+26BxXx4CEcAml/M=
x-amz-request-id: 57H4SF3TSZHEJHB4
last-modified: Wed, 13 Jul 2022 11:46:22 GMT
etag: W/"4a6d92884e34440513ee02b5dee9a0cb"
x-accel-expires: @1663994309
server: CDN77-Turbo
x-77-nzt: AblMCQ2NTPL/77wEAA
x-77-nzt-ray: a0FOo5xvmiQ
x-cache: HIT
x-age: 310511
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
goomaphy.com/400/5331011
139.45.197.239200 OK 0 B IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5331011 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/javascript
x-trace-id: c46e2a801fc34907e3f1046899c5b81a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=dfba56996d5e49578099beaf8bc81388; expires=Fri, 15 Sep 2023 18:53:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
IP 142.250.74.10:0
GET /css2?family=Roboto:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://60f6d1b1625c4c99e5c9df0464701bd1.safeframe.googlesyndication.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 15 Sep 2022 18:53:43 GMT
date: Thu, 15 Sep 2022 18:53:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.22.169200 OK 0 B IP 104.21.22.169:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Md7Jgf3U8Bg12XYGPbu9hJbPEHVVuGzmlJiNrUKdfPTFb9RRPIzSshPiUkzUjJltNRAXdrnfb1ADXpIf4Bubm1d1tjNRmryV%2FmtwUdZsAAdy%2FKdQ%2FF%2BogtT5DlTc1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b3910a7fef0af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ar.moddroid.co/apps/videomusic/soundcloud
104.18.20.115301 Moved Permanently 0 B URL HTTP/2 ar.moddroid.co/apps/videomusic/soundcloud
IP 104.18.20.115:0
Analyzer Verdict Alert fortinet Malware
GET /apps/videomusic/soundcloud HTTP/1.1
Host: ar.moddroid.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: text/html; charset=utf-8
location: /apps/videomusic/soundcloud/
vary: Accept, Accept-Encoding
x-powered-by: Express
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74b39103d908b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
propu.sh/ntfc.php?p=5234444
139.45.197.250200 OK 0 B URL HTTP/2 propu.sh/ntfc.php?p=5234444
IP 139.45.197.250:0
GET /ntfc.php?p=5234444 HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ar.moddroid.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 15 Sep 2022 18:53:40 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 08:49:51 GMT
etag: W/"6320442f-3922"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2