go.games-universe.online/return?domain=bwm.games-universe.online&init_id=in0.3153665015&payed=K7Ka0chJyER1wN-2FioZoFim1vlwacd5EU-2F-2FpglTzX1Bc-3D&country=bw&operator=mondia&status=failed&service_id=17494&wb_subscription_id=8738392061&order_id=in0.3153665015&abonent=N/A&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.55%20Safari/537.36%20Edg/96.0.1054.43&ip=107.178.232.186&redirect_ip=107.178.232.186&error_code=400
188.114.97.1302 Found 0 B URL HTTP/1.1 go.games-universe.online/return?domain=bwm.games-universe.online&init_id=in0.3153665015&payed=K7Ka0chJyER1wN-2FioZoFim1vlwacd5EU-2F-2FpglTzX1Bc-3D&country=bw&operator=mondia&status=failed&service_id=17494&wb_subscription_id=8738392061&order_id=in0.3153665015&abonent=N/A&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.55%20Safari/537.36%20Edg/96.0.1054.43&ip=107.178.232.186&redirect_ip=107.178.232.186&error_code=400
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /return?domain=bwm.games-universe.online&init_id=in0.3153665015&payed=K7Ka0chJyER1wN-2FioZoFim1vlwacd5EU-2F-2FpglTzX1Bc-3D&country=bw&operator=mondia&status=failed&service_id=17494&wb_subscription_id=8738392061&order_id=in0.3153665015&abonent=N/A&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/96.0.4664.55%20Safari/537.36%20Edg/96.0.1054.43&ip=107.178.232.186&redirect_ip=107.178.232.186&error_code=400 HTTP/1.1
Host: go.games-universe.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 19 Jan 2023 08:14:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://go.teebox.info/?e=8B-2FBaDpq0BOzS-2Fov0-2B-2FoKQ-3D-3D&sub1={code]&sub3=cascadebez
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pRNjvLWBMFE9BdOTHkludMqw%2FAaCdC%2Bp80%2B49t3bYkVRlSvjXJL3tVWOHzpNtrRCTK7gQe14QqeN9dC2yGsoGL465G1xECTtFkKCRZdhMu6HYmTxc5EH7d%2BFRXS46OaPzp%2Bulccb9sGE45Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78be1d816a27fac0-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 648bf42163c5d645d8a33cd0a9afebd0
9b9ac85435c4e90647e8379bca54c689058a8929
060757fb4857858d4d01a715824ea6771d0137e73a24bf75e2844d0f346380fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060757FB4857858D4D01A715824EA6771D0137E73A24BF75E2844D0F346380FA"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13273
Expires: Thu, 19 Jan 2023 11:55:23 GMT
Date: Thu, 19 Jan 2023 08:14:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc07d664b5dadee6f9120d54904dfa57
df75a55b0b2019684a6c512bee528c51a2c4a756
14a1bd6315a3256468edafedfd1c02a6ba147914c0f01e8504e7d8cc67781c34
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14A1BD6315A3256468EDAFEDFD1C02A6BA147914C0F01E8504E7D8CC67781C34"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17256
Expires: Thu, 19 Jan 2023 13:01:46 GMT
Date: Thu, 19 Jan 2023 08:14:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6c8239f3894cfba54d1f3a9ea1c85db5
a70f2b3bf79f2aa26b0cc0340dd182565c3eb946
64dc0508d3fcea1ec92fb60310e9b3f5454c0b69f61e8453fd443bc46ab9471b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64DC0508D3FCEA1EC92FB60310E9B3F5454C0B69F61E8453FD443BC46AB9471B"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12747
Expires: Thu, 19 Jan 2023 11:46:37 GMT
Date: Thu, 19 Jan 2023 08:14:10 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 19 Jan 2023 07:49:26 GMT
content-type: application/json
age: 1484
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wkFsoyWra8srvpyuYGxKOsjT/KzPDOWLXhhpTE6z3un2rpnxstmVvjmXoYkAjrU1BQf62mJsMgA=
x-amz-request-id: WS3X6WG9GQ08VVWB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 19 Jan 2023 07:17:07 GMT
age: 3423
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
go.teebox.info/?e=8B-2FBaDpq0BOzS-2Fov0-2B-2FoKQ-3D-3D&sub1={code]&sub3=cascadebez
104.21.42.2302 Found 1 B URL HTTP/1.1 go.teebox.info/?e=8B-2FBaDpq0BOzS-2Fov0-2B-2FoKQ-3D-3D&sub1={code]&sub3=cascadebez
IP 104.21.42.2:0
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
GET /?e=8B-2FBaDpq0BOzS-2Fov0-2B-2FoKQ-3D-3D&sub1={code]&sub3=cascadebez HTTP/1.1
Host: go.teebox.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 19 Jan 2023 08:14:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Set-Cookie: kt=MzQzNzE0NDMwNdAzhDMB; expires=Fri, 19-Jan-2024 08:14:10 GMT; Max-Age=31536000; path=/; domain=teebox.info
kh=MzQzNzE0NDMwNdAzAAA%3D; expires=Fri, 20-Jan-2023 08:14:10 GMT; Max-Age=86400; path=/; domain=teebox.info
Location: https://loquba.com/cl/6b5521ebcb9a1a03?p1=in0.3153666654&pub_sub_id=5045&cost=0.43
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5oQZvYtDdcsWYxzHEgTwcbh2Ht6lURP5L%2FkxfJWpgIlYtob82qpUiQCNxkCYm6HujXbBUckBLvCOKcEIMitUNWSntWCCoJXwj1ghohNRwn2A5FRRgTR7ye7dQ%2Bqn3dd%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78be1d83fda7b515-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 08:14:10 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 19 Jan 2023 07:48:57 GMT
age: 1513
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 79af32d8e279b4cfec147ab51cb6fcb3
d726903292bd1e08a6d9fe0719d2cd5b33dc5fe6
bfcb2d8f14d89736ac6b771f1618a8fc5e707691d60807a574fb719c8e9393ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4177
Cache-Control: max-age=93734
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 08:14:11 GMT
Etag: "63c7b6a8-1d7"
Expires: Fri, 20 Jan 2023 10:16:25 GMT
Last-Modified: Wed, 18 Jan 2023 09:06:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash b2ce27db5a942e8545ff5ede727f60e3
077bf517cd5e2001aef6237d5a56335ab63997a0
44a7169d1e56e372d1ef466aa45e5e6fe30d226b99afdcd30256ccbebbb11d7a
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 08:14:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 23 Jan 2023 05:31:51 GMT
ETag: "077bf517cd5e2001aef6237d5a56335ab63997a0"
Last-Modified: Thu, 19 Jan 2023 05:31:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 382
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78be1d88eb09fab4-OSL
push.services.mozilla.com/
54.184.253.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.184.253.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: J4SPDIcOMRQNv46s1RHwNw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jhxnOTsezziL2S63+y8UhGynY3s=
p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632
103.56.211.129302 Found 6 B URL HTTP/1.1 p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632
IP 103.56.211.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with CRLF line terminators
Hash ed19ca99581136d44b35bbb2240a6bf6
d0ac1626cb4713dd5e6b3ff63d818efac90ab4b3
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
GET /norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 19 Jan 2023 08:14:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e64014e4bd7b7adc955ef85c0cbcca01_545; path=/
Location: http://103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4249948632%2F
Access-Control-Allow-Origin: *
103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4249948632%2F
103.56.211.129302 Found 0 B URL HTTP/1.1 103.56.211.129/he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4249948632%2F
IP 103.56.211.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /he_test/getHeaderForDhiragu.php?url=https%3A%2F%2Fp.hungama.com%2Fnorway_mm_play%2Findex.php%2Fpromotion%2Fpreview%2F3%3Faff_id%3D1641%26click_id%3D4249948632%2F HTTP/1.1
Host: 103.56.211.129
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 19 Jan 2023 08:14:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/8.0.11
Location: https://p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632/&mdnreturn=WDNadlpHRnRiM289
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16698
Expires: Thu, 19 Jan 2023 12:52:30 GMT
Date: Thu, 19 Jan 2023 08:14:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16698
Expires: Thu, 19 Jan 2023 12:52:30 GMT
Date: Thu, 19 Jan 2023 08:14:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16698
Expires: Thu, 19 Jan 2023 12:52:30 GMT
Date: Thu, 19 Jan 2023 08:14:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f344d-12b3-4719-9ecf-6191897f233e.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f344d-12b3-4719-9ecf-6191897f233e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b015242ebdda9cc22cfe6741d2e926f1
76072223007cd11c6f7b9fda8f01818ab0fea740
b7a72c737cac91c83c39718de999bc6ff0ec4ede63342e86407190d95e60d9a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe34f344d-12b3-4719-9ecf-6191897f233e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6908
x-amzn-requestid: 5f0a0b3b-1d4c-450e-bcd5-481bda79f4e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eq1qQHwYIAMF-IQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1030e-62d053e35c8ab2374fd2fe35;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 07:06:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1eiEXaC2jHawVVHg6KAlFvdV7ZMpXdCaN8o36sbYL9WwPvXejGobKA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 17:36:56 GMT
age: 52636
etag: "76072223007cd11c6f7b9fda8f01818ab0fea740"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dca732f3b0a525c0689d566633effb47
9b12e4ce9f936ccb2203807886765e5b0c6e0339
cb5b0faffd9a609aa7f9af0458d032b30d32894b412ecd6d8aa18c90dc0448bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6489
x-amzn-requestid: 8290bd7c-4fb9-4149-b82a-dde38ba2afca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewag5H5EoAMFV-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c33e05-6ad6ec63583c8d511f1b6425;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 23:43:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: splv2LTI5lvHrhvTcF5T0t15iXeLQ2FFZ5uPopDoYxFaa8LE5U9uxA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 12:34:58 GMT
age: 70754
etag: "9b12e4ce9f936ccb2203807886765e5b0c6e0339"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
loquba.com/cl/6b5521ebcb9a1a03?p1=in0.3153666654&pub_sub_id=5045&cost=0.43
188.114.97.1302 Found 4.5 kB URL HTTP/2 loquba.com/cl/6b5521ebcb9a1a03?p1=in0.3153666654&pub_sub_id=5045&cost=0.43
IP 188.114.97.1:0
Hash fc21a6f418773ff2202816319bf972c4
cbf21795ff6c41dc28ab5cc0a3cca3e9158d28d0
39248a3af0aab5a359ccee9b3040ab390ac2b63cb1cbb9a8f178877922adfc37
GET /cl/6b5521ebcb9a1a03?p1=in0.3153666654&pub_sub_id=5045&cost=0.43 HTTP/1.1
Host: loquba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 19 Jan 2023 08:14:10 GMT
content-type: text/html; charset=UTF-8
location: https://p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632
x-powered-by: PHP/8.1.14
cache-control: no-cache
x-frame-options: DENY
set-cookie: sbc6b5521ebcb9a1a03=eyJpdiI6ImxGNEVlY0JHK2JZZEpYKzZTVTdHdWc9PSIsInZhbHVlIjoiS3BVSHczNUt1SysyOXJNQ3BkRHJYdz09IiwibWFjIjoiN2MxYjQ3Zjk4ZmI2NDRjZDIwOTY2MTJhODVkZDQ3MGRkMWZiYjAzMjk0YTk5OTBlMmZhOTRiYjMwMmNhZmQxMCIsInRhZyI6IiJ9; expires=Thu, 19 Jan 2023 09:14:10 GMT; Max-Age=3600; path=/; httponly; samesite=lax
smrt6b5521ebcb9a1a03=eyJpdiI6IjB6YlhmeGtoYlZ4T0NqRDFucW51ekE9PSIsInZhbHVlIjoiL0cyTUZiNWpqSS9DNnlSaXQ3TlMzU3JVbGFBNCtFN0N4aUFHMUUrYWJRWT0iLCJtYWMiOiI0YmE0ODcyM2NmMmJiM2QxMmRjMjQ0ZjYxYWRhOWJhMDE1ZjM1NGQ5YjVlMjA0NWM5NGRiYmJlYWI1ODY2Y2MyIiwidGFnIjoiIn0%3D; expires=Fri, 20 Jan 2023 08:14:10 GMT; Max-Age=86400; path=/; httponly; samesite=lax
vis=eyJpdiI6InBobm00WjFvWENZRWU2L3dVTlNGbmc9PSIsInZhbHVlIjoiS2w1WWhBeWhzQzZiRG15T09TbkhZdz09IiwibWFjIjoiMmY0NTVjNjE0ZTY0NTg5YjNiOTU0MDUwYTc5Njg0NTBhOTQyZDJkYjBhODBhMjg2YzAxMTRlMGUzY2M5NzZkYyIsInRhZyI6IiJ9; expires=Wed, 19 Apr 2023 08:14:10 GMT; Max-Age=7776000; path=/; httponly; samesite=lax
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apIA0MPGivuLfqg9%2FCAXMc1v%2Bo3GH1%2Fm6hQRqhG8molXKFYqzE7lOOypIurmpmHcEoz%2F6D991N0F8nYJMzEirtwrVsDbFn1lUg6cVDM6e6nAMmNZ1yKwgNvY2LPd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78be1d84999fb518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60b96714-9b31-441b-a346-5099f350e204.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60b96714-9b31-441b-a346-5099f350e204.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 115c22a4d18aebbb8ffb5fdd8da8c8ba
6f77d73abc59ca903e2a7fd514b559c60931c4d7
74ef77f35165e40f1d9e2c68924a797a8f1b586c325c2d053f830a6f4163ca97
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60b96714-9b31-441b-a346-5099f350e204.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8388
x-amzn-requestid: 01537ac7-e1b1-4fe8-96dd-e6abd92c4a16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9TegGC7IAMF-BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c865f6-0838524e1f33c0f53b548205;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BFn5gcxvAZWydXMPSEYOJIr6zBTAu8elKbwd90734RSpSNnO-GXunQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:53:12 GMT
age: 37260
etag: "6f77d73abc59ca903e2a7fd514b559c60931c4d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13457311f170ebcd637e77aa48873488
a51ef5eb01736824f382541c5a4ad025ae35c09e
f57f95cc9f18b2e41951f1fcd9c278ca0f522e98dbf57aeb4c59b4b59deeb605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6235
x-amzn-requestid: 919a5e9d-11c0-4b12-a718-f5a256f4fda2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3RXBG8xoAMFW1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5fc2c-2398fc8910eb707e4c15b416;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 01:38:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MKOZeVCOBgny84FGH7fem1LQnV756ylBS2sGbZSdTpJQ2TNM2qJKFQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:54:10 GMT
age: 37202
etag: "a51ef5eb01736824f382541c5a4ad025ae35c09e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac1e9ae8dfefbc1932d060052188c0b
73e01cd7b75bb0768df616c1a0ebf02df8de5443
bdfbd218becc507160f4e4a162e345300b49aaf0a05effa900b15f757f0ccb3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11511
x-amzn-requestid: 8f92a31a-a233-4f35-9aac-b7b60a105021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3vgjF9MIAMFlpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c62c69-7844213f4c220b0b140cabe0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 05:04:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AvKbDGfVG3LVkWi1R2W02OfdD5-rC0LsjwMMDxUp0JPhpA6_Dfk1QQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:54:10 GMT
age: 37202
etag: "73e01cd7b75bb0768df616c1a0ebf02df8de5443"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632/&mdnreturn=WDNadlpHRnRiM289
103.56.211.129302 Found 6 B URL HTTP/1.1 p.hungama.com/norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632/&mdnreturn=WDNadlpHRnRiM289
IP 103.56.211.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with CRLF line terminators
Hash ed19ca99581136d44b35bbb2240a6bf6
d0ac1626cb4713dd5e6b3ff63d818efac90ab4b3
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
GET /norway_mm_play/index.php/promotion/preview/3?aff_id=1641&click_id=4249948632/&mdnreturn=WDNadlpHRnRiM289 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=e64014e4bd7b7adc955ef85c0cbcca01_545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 19 Jan 2023 08:14:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e64014e4bd7b7adc955ef85c0cbcca01_545; path=/
Location: https://p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
Access-Control-Allow-Origin: *
p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
103.56.211.129302 Found 6 B URL HTTP/1.1 p.hungama.com/norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641
IP 103.56.211.129:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with CRLF line terminators
Hash ed19ca99581136d44b35bbb2240a6bf6
d0ac1626cb4713dd5e6b3ff63d818efac90ab4b3
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
GET /norway_mm_play/index.php/plan/pack_purchase/164/0/22843?aff_id=1641 HTTP/1.1
Host: p.hungama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=e64014e4bd7b7adc955ef85c0cbcca01_545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Thu, 19 Jan 2023 08:14:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=e64014e4bd7b7adc955ef85c0cbcca01_545; path=/
Location: http://gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
Access-Control-Allow-Origin: *
gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
84.17.170.222200 2.3 kB URL HTTP/1.1 gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
IP 84.17.170.222:0
ASN #33873 Arvato Systems GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 99b50d6ba168d82241a6e35910e487b1
f6fc2deeb3c5ac829c9609562d680504dc01aa94
e179eac24ffa5a57264cbe046f6ef40962619926f08437a07130373523cb8215
GET /v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6 HTTP/1.1
Host: gateway.mondiapay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Thu, 19 Jan 2023 08:14:15 GMT
Expires: 0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-MM-CORRELATION-ID: 70A77DC3-581B-0142-B60D-0CD4A81C6236, 70A77DC3-581B-0142-B60D-0CD4A81C6236
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Server: unknown
gateway.mondiapay.com/favicon.ico
84.17.170.222200 946 B URL HTTP/1.1 gateway.mondiapay.com/favicon.ico
IP 84.17.170.222:0
ASN #33873 Arvato Systems GmbH
File type MS Windows icon resource - 1 icon, 16x13, 32 bits/pixel\012- data
Hash 0488faca4c19046b94d07c3ee83cf9d6
02fb8c5e4c3d113f310651a4d021aecc68f79d54
a3fe67e3549fdbc5819762b43c7efd93b1caea734f87a33c909a4e4b2ba4e32b
GET /favicon.ico HTTP/1.1
Host: gateway.mondiapay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
HTTP/1.1 200
X-MM-CORRELATION-ID: C3AFE011-D476-3248-B3ED-118AD24F5D3F
Last-Modified: Thu, 13 Dec 2018 16:04:02 GMT
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 946
Date: Thu, 19 Jan 2023 08:14:15 GMT
Server: unknown
gateway.mondiapay.com/v1/web/purchase/validate/40af15cb-3408-48e6-88c7-e679ac5f64b6
84.17.170.222200 19 B URL HTTP/1.1 gateway.mondiapay.com/v1/web/purchase/validate/40af15cb-3408-48e6-88c7-e679ac5f64b6
IP 84.17.170.222:0
ASN #33873 Arvato Systems GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 7371f4549137912d2f797e976caa3f7a
a6dbc3ae0138f2a5b50371323a7d8e3744f261ef
8519ccdbef3d14c543b2079d16bcc9c10e50ca44613391b0deb904a290ebe5ee
GET /v1/web/purchase/validate/40af15cb-3408-48e6-88c7-e679ac5f64b6 HTTP/1.1
Host: gateway.mondiapay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
HTTP/1.1 200
Date: Thu, 19 Jan 2023 08:14:17 GMT
Expires: 0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-MM-CORRELATION-ID: 04BB81DF-35FB-2F2D-6816-121A701FCEDA, 04BB81DF-35FB-2F2D-6816-121A701FCEDA
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Server: unknown
gateway.mondiapay.com/mondiapay-strex-no-v1/web/purchase/subscription/40af15cb-3408-48e6-88c7-e679ac5f64b6
84.17.170.222302 0 B URL HTTP/1.1 gateway.mondiapay.com/mondiapay-strex-no-v1/web/purchase/subscription/40af15cb-3408-48e6-88c7-e679ac5f64b6
IP 84.17.170.222:0
ASN #33873 Arvato Systems GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mondiapay-strex-no-v1/web/purchase/subscription/40af15cb-3408-48e6-88c7-e679ac5f64b6 HTTP/1.1
Host: gateway.mondiapay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gateway.mondiapay.com/v1/web/purchase/initiate/40af15cb-3408-48e6-88c7-e679ac5f64b6
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Thu, 19 Jan 2023 08:14:18 GMT
X-MM-CORRELATION-ID: C85ED12B-F8B3-138C-872A-58F0E7A22623, C85ED12B-F8B3-138C-872A-58F0E7A22623
Location: https://track.greentropolo.com/g/4625709cd492e17ee2?next_url=http%3A%2F%2Fgateway.mondiapay.com%2Fmondiapay-strex-no-v1%2Fweb%2Fpurchase%2Fsubscription%2F40af15cb-3408-48e6-88c7-e679ac5f64b6%3Fclickid%3D%7Bclick_id%7D%26opt%3D%7BOPT%7D%26opt-hmac%3D%7BOPT-HMAC%7D&hmac=QgT0BDi_i3-gFuLpTOcMJbI85KLtIW9biRVCLIMq6Qs&external_id=40af15cb-3408-48e6-88c7-e679ac5f64b6&var1=7714&var2=77140001
Transfer-Encoding: chunked
Server: unknown
e1.o.lencr.org/
23.33.119.10200 OK 344 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash f6b2a77529b45ef4beea0dbf79b05b32
67a8bded6f9d1473308fded994ad439f20998bec
86b450fa209c170aff1fe064157af548afca61a21e115238656a730359a45674
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "86B450FA209C170AFF1FE064157AF548AFCA61A21E115238656A730359A45674"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13249
Expires: Thu, 19 Jan 2023 11:55:07 GMT
Date: Thu, 19 Jan 2023 08:14:18 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.10200 OK 344 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash f6b2a77529b45ef4beea0dbf79b05b32
67a8bded6f9d1473308fded994ad439f20998bec
86b450fa209c170aff1fe064157af548afca61a21e115238656a730359a45674
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "86B450FA209C170AFF1FE064157AF548AFCA61A21E115238656A730359A45674"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13249
Expires: Thu, 19 Jan 2023 11:55:07 GMT
Date: Thu, 19 Jan 2023 08:14:18 GMT
Connection: keep-alive
track.greentropolo.com/g/4625709cd492e17ee2?next_url=http%3A%2F%2Fgateway.mondiapay.com%2Fmondiapay-strex-no-v1%2Fweb%2Fpurchase%2Fsubscription%2F40af15cb-3408-48e6-88c7-e679ac5f64b6%3Fclickid%3D%7Bclick_id%7D%26opt%3D%7BOPT%7D%26opt-hmac%3D%7BOPT-HMAC%7D&hmac=QgT0BDi_i3-gFuLpTOcMJbI85KLtIW9biRVCLIMq6Qs&external_id=40af15cb-3408-48e6-88c7-e679ac5f64b6&var1=7714&var2=77140001
104.21.78.194200 OK 0 B URL HTTP/2 track.greentropolo.com/g/4625709cd492e17ee2?next_url=http%3A%2F%2Fgateway.mondiapay.com%2Fmondiapay-strex-no-v1%2Fweb%2Fpurchase%2Fsubscription%2F40af15cb-3408-48e6-88c7-e679ac5f64b6%3Fclickid%3D%7Bclick_id%7D%26opt%3D%7BOPT%7D%26opt-hmac%3D%7BOPT-HMAC%7D&hmac=QgT0BDi_i3-gFuLpTOcMJbI85KLtIW9biRVCLIMq6Qs&external_id=40af15cb-3408-48e6-88c7-e679ac5f64b6&var1=7714&var2=77140001
IP 104.21.78.194:0
GET /g/4625709cd492e17ee2?next_url=http%3A%2F%2Fgateway.mondiapay.com%2Fmondiapay-strex-no-v1%2Fweb%2Fpurchase%2Fsubscription%2F40af15cb-3408-48e6-88c7-e679ac5f64b6%3Fclickid%3D%7Bclick_id%7D%26opt%3D%7BOPT%7D%26opt-hmac%3D%7BOPT-HMAC%7D&hmac=QgT0BDi_i3-gFuLpTOcMJbI85KLtIW9biRVCLIMq6Qs&external_id=40af15cb-3408-48e6-88c7-e679ac5f64b6&var1=7714&var2=77140001 HTTP/1.1
Host: track.greentropolo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gateway.mondiapay.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 19 Jan 2023 08:14:18 GMT
content-type: text/html;charset=utf-8
cache-control: private, max-age=0, no-cache, must-revalidate
pragma: no-cache
accept-ch: Width, Viewport-Width, Viewport-Height, Device-Memory, Content-DPR, DPR, Save-Data, Downlink, ECT, RTT, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
vary: Accept-Encoding, User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=biNuWyvb1SXrl24fSq6Af4XHdN5HsxuK%2F7sJT86oErFH%2FDHfzuhdXnjBtAICI%2B7Mp4GiSdHPM2iuixTi3UvKaj5tVaCr49bCejnl0fPq750zd4YJnVMK6ra%2BcBbLSZZQtkTLy%2BaUloX9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78be1db4aaf1b518-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2