Report - ae.continuetoplay.com/9csm9

Report Overview

Submitted URL
ae.continuetoplay.com/9csm9
IP
54.230.111.19
ASN
#16509 AMAZON-02
Submitted
2023-01-30 15:23:31
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
track.fkg.tv	unknown	2016-10-05T16:44:06Z	2023-03-13T05:12:47Z	5.2 kB	12 kB	80.74.141.5
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.36.23.49
lookup.tpay.me	161678	2017-01-29T12:17:51Z	2023-03-06T06:55:50Z	647 B	595 B	41.178.51.21
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	1.3 kB	451 B	216.239.32.36
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	530 B	451 B	173.194.221.154
ae.continuetoplay.com	unknown	2022-06-04T10:02:38Z	2023-02-08T21:31:26Z	2.7 kB	34 kB	54.230.111.8
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	1.4 kB	2.4 kB	139.45.195.8
basebonecdn.com	unknown	2018-05-03T19:05:33Z	2023-03-13T00:03:59Z	1.0 kB	57 kB	172.67.190.201
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	522 B	578 B	142.250.74.163
api.basebone.com	756673	2013-04-18T14:15:14Z	2023-03-13T00:03:48Z	408 B	296 B	80.74.141.5
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.4 kB	4.9 kB	142.250.74.131
www.googleoptimize.com	1604	2019-07-16T12:17:19Z	2023-03-13T07:14:58Z	389 B	44 kB	142.250.74.78
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	386 B	62 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-30 15:23:33	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-01-30 15:23:33	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-01-30 15:23:33	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-01-30 15:23:33	high	Client IP	80.74.141.5	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW	111 kB	2023-03-13	2023-03-13
Pretty URL www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 5d56b8b8c37b99c257b2effb2e1b7d77 abf02fd37d4f192877356d33fa7561476a09be94 78642bd2939a4cce866c13be473ee5e74b3e1f59cd82f7bc8568c98e05aeea11 Loading...

	www.googletagmanager.com/gtag/destination?id=G-LF1R1KY13H&l=dataLayer&cx=c	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/destination?id=G-LF1R1KY13H&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 4afb700937548e4b8c4904847c30b396 6b5bbc2e28f991fe1dc8d00dc6f3527cdcfa880a 02c70e89306f7c3b3bd1d1a54858efcc4f60e2397229823abcd4bf23a5bdcb7f Loading...

	www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H&l=dataLayer&cx=c	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 60c0608765224f35518b8d82b7f5a044 561b5a6182fb70e9c55e350661b74ae4b7606097 5d175a5bc86612b10067710348f712855738bae0d94498862200190ae63b5238 Loading...

	www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash c882bf14948b7d83c0f7e98e1d3e039c d9ffaf479e78ea36656e93a1d30cd1b07f995a60 82b534320952fb405137a25ba8a67bd6c76011768a40718a83e56c64c4dde93d Loading...

	track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	2.1 kB	2023-03-13	2023-03-13
Pretty URL track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 98fc905829689cd23827ceae4ca92857 cd48c4f286175bbc913372a3928caa483c8649fe 40aaa66e62f43a77b55b48825b47950db8e7b4d7fd4ddc1d60b6d8623c12bb8a Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	14 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash fdaaa98a981c6dadf11cd843f644a48b a78c05dcbdbc3a9ce3851284c25cf1bfcec91b97 6aaf6cf73585cee8b2cba604943855836158468b3408c1c70dee63763b1384ba Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155	697 B	2023-03-08	2023-08-11
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:09:58 Last Seen2023-08-11 04:20:15 Times Seen16 Hash a6d255f2eb0b2c7d64159cef20667aec 14c29b6145a612e72bd1dc59bb0ccb55415c530b 910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9 Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	675 B	2023-03-08	2023-06-06
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:58:21 Last Seen2023-06-06 05:00:02 Times Seen15 Hash b0a7578e3564240e524b33523c26891e ed4e31db82c9078f4f633fed9433d1bbd55ca420 159c3fec61c7a05c404ff8845d52ea7d62d55b100093c20abd9753b52cd1ddf4 Loading...

	track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	89 B	2023-03-08	2023-04-05
Pretty URL track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:58:21 Last Seen2023-04-05 02:02:28 Times Seen5 Hash 138b7256b1fd0427304ea55dd510203e e00bcb9ea8ab35d276f12d123728fd6d973203ab d61908d60930cfa2bb5eae44e4a28de0c26375a3427fd48d6da3148d53dbd390 Loading...

	track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	1.3 kB	2023-03-13	2023-03-13
Pretty URL track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash c4214a238af18ef441ff37c3915d77e1 4b1e8ac676b7847d262ab1f57f1a27c1a3dcfebd f9aa072a74be3359d54e811923aa7230404876760a3b8583a19258fde85ebf63 Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	8.3 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 6329d3de2bdb425cb391fbe052c2a98e 58dc16cd73a93d5839e6720ff4c47aaf67ba6277 68bdd95c598986e68a5fc11f19e3110b02be4da0de15d51b1260e1f74a4c139d Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	1.3 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash f023175bb6b2c65646c14e3d2d3f7a28 e58ab6dd9a95992b360c502ef14138395c4fd1f8 fe6c9896a8154083241d2a86e04961b3ab1c25a88887b2a67114dbb2ac2c3a51 Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	49 B	2023-03-08	2023-08-27
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:58:21 Last Seen2023-08-27 23:38:32 Times Seen46 Hash a7e996682c93b4ec672497e5ab58f19e e735feeb2126261122fe38efd9e27286aebcf195 460a77a747e0fc9bbfbc8e338c44a2e50a81a5f099c0904ef8b6de6ba455350f Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	38 kB	2023-03-12	2023-03-14
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:19:27 Last Seen2023-03-14 19:51:27 Times Seen1 Hash 0a86f0747b981f6e99f3fc82b414225e 00929cb38c1157d90ecc488d4849fd15f079a1e8 e8700eee0f13a8f08451e00e720b382152722dbf405c99cb066189db9bc45164 Loading...

	track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	23 kB	2023-03-12	2023-04-05
Pretty URL track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:24:47 Last Seen2023-04-05 02:02:28 Times Seen5 Hash 86760093e4da2e8e65cbd9f8c0164cf3 79ab19d69477cb1a4707052892da91b682501b36 5a474840c2bf82727f649e7e047eba0b50b0d03671445a74abd6e1fc88837ed4 Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	594 B	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 099e56edae49347728564bc2bbdb1741 601cac8421a29559858dba7abb97d8a578784395 fced778b0a62b483eaec9c9a6f08f1c81157d9567b3f7bcd0f0442d0aa01370e Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MF387SN	198 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MF387SN IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 12:30:54 Times Seen1 Hash 4252d48fd1f9891c3fc4ededa67c2b9e 6fbe5cc6dff7c12fd86ba99b9f0f601ce4a24c71 5b39b54d4fbc9fdea9e6d6278da54c584d9be59e8468b0f970a3a51e16230d4f Loading...

	ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323	770 B	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323 IP 54.230.111.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 88147278bf2eb949c9a0c21c238828de 9dca357268c747435bec95f4026af3467353ed65 043a76ff3875847600313e1540e0e5c94719dd0f39abbf26d21a654a7c52f0d2 Loading...

HTTP Transactions (53)

URL IP Response Size

ae.continuetoplay.com/9csm9

54.230.111.8

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/9csm9
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9csm9 HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Date: Mon, 30 Jan 2023 15:23:19 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Location: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:19 GMT; Max-Age=604800; path=/
LPSID=CB7; path=/
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: w5c934yqSGGq0cnjmPwWs8OsXRwwmZO8lg_Str5m9TGnw6DduQIRlw==

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10221
Expires: Mon, 30 Jan 2023 18:13:41 GMT
Date: Mon, 30 Jan 2023 15:23:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9795
Expires: Mon, 30 Jan 2023 18:06:35 GMT
Date: Mon, 30 Jan 2023 15:23:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 14:43:12 GMT
content-type: application/json
age: 2408
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4247
Expires: Mon, 30 Jan 2023 16:34:07 GMT
Date: Mon, 30 Jan 2023 15:23:20 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bfuLplQMRlihgElSxbQ8M8O3r05w1B/tmc2ByKRcMBx0uwLJ2wqCm1ll1kzq5KBwpqGaJUsDJ2U=
x-amz-request-id: WPREQMAT5NZ6EBXW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 15:21:50 GMT
age: 90
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9

80.74.141.5

200 OK

7.3 kB

URL HTTP/1.1
track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (23109)
Size
7.3 kB (7316 bytes)
Hash
ce6084bc7fa1ffaf8bc708fccdecd209
08e343017cfd692bb075a99cc212c3f66517cfb5
da7dd44a3cf2dc4c134ba2a52a10d1b3f717cd99b859fb2fe06ef3416a3cb1e2

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7316
Content-Type: text/html; charset=UTF-8
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
LPSID=CB4; path=/
Cache-control: private

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:23:20 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

track.fkg.tv/ui/etag

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/etag
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ui/etag HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 14:41:41 GMT
age: 2499
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

track.fkg.tv/ui/auth

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/auth
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

HTTP Headers

GET /ui/auth HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

track.fkg.tv/ui/cache

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/cache
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ui/cache HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

track.fkg.tv/favicon.ico

80.74.141.5

200 OK

1.4 kB

URL HTTP/1.1
track.fkg.tv/favicon.ico
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Last-Modified: Tue, 13 Dec 2022 16:15:06 GMT
ETag: "57e-5efb7ec4cd30e"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: image/vnd.microsoft.icon

track.fkg.tv/ui/etag

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/etag
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
08746bc0c147eb325bd72ceedeeb61ae
76f9c3ddc3e2a5e7b9ad9d6394433a2e12d72af6
745f7a54798db45871b30b2c8d712f93c69710574ef1e13b0516595194f1269e

HTTP Headers

GET /ui/etag HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
X-BXP-CID: 874eb068770ab3828004ff2ad08b742e
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4; I=874eb068770ab3828004ff2ad08b742e

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
ETag: "874eb068770ab3828004ff2ad08b742e"
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

track.fkg.tv/ui/cache

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/cache
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
08746bc0c147eb325bd72ceedeeb61ae
76f9c3ddc3e2a5e7b9ad9d6394433a2e12d72af6
745f7a54798db45871b30b2c8d712f93c69710574ef1e13b0516595194f1269e

HTTP Headers

GET /ui/cache HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
X-BXP-CID: 874eb068770ab3828004ff2ad08b742e
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4; I=874eb068770ab3828004ff2ad08b742e

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
Last-Modified: Wed, 30 Jun 2010 21:36:48 GMT
Expires: Tue, 31 Dec 2030 23:30:45 GMT
Cache-Control: public, max-age=630720000
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

track.fkg.tv/ui/auth

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/auth
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
08746bc0c147eb325bd72ceedeeb61ae
76f9c3ddc3e2a5e7b9ad9d6394433a2e12d72af6
745f7a54798db45871b30b2c8d712f93c69710574ef1e13b0516595194f1269e

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

HTTP Headers

GET /ui/auth HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Authorization: Basic ODc0ZWIwNjg3NzBhYjM4MjgwMDRmZjJhZDA4Yjc0MmU6bm9wYXNz
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4; I=874eb068770ab3828004ff2ad08b742e

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
WWW-Authenticate: Basic realm="My Realm"
Last-Modified: Wed, 30 Jun 2010 21:36:48 GMT
Expires: Tue, 31 Dec 2030 23:30:45 GMT
Cache-Control: public, max-age=630720000
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8447
Expires: Mon, 30 Jan 2023 17:44:07 GMT
Date: Mon, 30 Jan 2023 15:23:20 GMT
Connection: keep-alive

track.fkg.tv/ui/rcx

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/rcx
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ui/rcx HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=b89cfcc4bd858c4&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Db89cfcc4bd858c4%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Content-Type: application/json
Content-Length: 77
Origin: http://track.fkg.tv
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB4; I=874eb068770ab3828004ff2ad08b742e

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:20 GMT
Server: Apache
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:20 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

push.services.mozilla.com/

52.36.23.49

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.36.23.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HmIvn0AAe7X2gfOMcT3q3w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bovNunmZTzClljtcAMtkTSvcSJg=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4779
Expires: Mon, 30 Jan 2023 16:43:01 GMT
Date: Mon, 30 Jan 2023 15:23:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4779
Expires: Mon, 30 Jan 2023 16:43:01 GMT
Date: Mon, 30 Jan 2023 15:23:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4779
Expires: Mon, 30 Jan 2023 16:43:01 GMT
Date: Mon, 30 Jan 2023 15:23:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 17:35:56 GMT
age: 78446
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10997 bytes)
Hash
65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 62065
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7679 bytes)
Hash
3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 63120
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:19:57 GMT
age: 61405
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12507 bytes)
Hash
5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XABaoZCqUulmnfZOXx6XTLSUMS5Mie6u0OfkqozmBzCf3Qjzf-fbRA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:32 GMT
age: 62930
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8464 bytes)
Hash
fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:27 GMT
age: 62635
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ae.continuetoplay.com/t/17844/?a=9csm9&w=2182323&router_id=b89cfcc4bd858c4&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout

54.230.111.8

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?a=9csm9&w=2182323&router_id=b89cfcc4bd858c4&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/17844/?a=9csm9&w=2182323&router_id=b89cfcc4bd858c4&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB7
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Date: Mon, 30 Jan 2023 15:23:23 GMT
Server: Apache
Set-Cookie: __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9
router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:23 GMT; Max-Age=604800; path=/
SES=4802782244; expires=Tue, 31-Jan-2023 15:23:23 GMT; Max-Age=86400; path=/t/17844/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Location: http://lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-01-30+15%3A23%3A23Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ad85479a670be6383028ba6b043c5d0143d9f75458aa15e6d2f2140f066ef3c3f
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kQuQ65u5fB9EfUi0VhbgOHJcu_yBWyGfQjkoYaahqUaTNNKIILisWQ==

lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-01-30+15%3A23%3A23Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ad85479a670be6383028ba6b043c5d0143d9f75458aa15e6d2f2140f066ef3c3f

41.178.51.21

302 Found

0 B

URL HTTP/1.1
lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-01-30+15%3A23%3A23Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ad85479a670be6383028ba6b043c5d0143d9f75458aa15e6d2f2140f066ef3c3f
IP
41.178.51.21:0
ASN
#24863 LINKdotNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /idxml.ashx/getmsisdn?date=2023-01-30+15%3A23%3A23Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ad85479a670be6383028ba6b043c5d0143d9f75458aa15e6d2f2140f066ef3c3f HTTP/1.1
Host: lookup.tpay.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Location: http://ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=
Server: Kestrel
Access-Control-Allow-Origin: http://track.fkg.tv
Access-Control-Expose-Headers: _tkn
Request-Context: appId=cid-v1:fa05ee09-d179-496d-9c47-4e844b3db080
X-Powered-By: ASP.NET, ASP.NET
Date: Mon, 30 Jan 2023 15:18:35 GMT
Content-Length: 0

ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=

54.230.111.8

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/17844/?SES=4802782244&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId= HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/
Connection: keep-alive
Cookie: SES=4802782244; __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9; router_id=b89cfcc4bd858c4; LPSID=CB7
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Date: Mon, 30 Jan 2023 15:23:23 GMT
Server: Apache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: frame-ancestors 'none'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:23 GMT; Max-Age=604800; path=/
SES=4802782244; expires=Tue, 31-Jan-2023 15:23:23 GMT; Max-Age=86400; path=/t/17844/
uv=1; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, no-transform
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Location: http://ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6uF_LQQKcBry6nNS4np-mBTXTppFWxpwdaGxfRs-wdCwrad7iDJ-6w==

ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323

54.230.111.8

200 OK

26 kB

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (29697), with CRLF, LF line terminators
Size
26 kB (25572 bytes)
Hash
ad7ca60c2666d605858ff87cf5ce9a91
c3aadd8f5414419bae3acfa32ecac010780062a6
83ac66bc19f1dbd591cc6dd1b3a7495bfdab33ddcc946e3123957f7aba893494

HTTP Headers

GET /t/17844/?SES=4802782244&a=9csm9&w=2182323 HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Cookie: SES=4802782244; __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9; router_id=b89cfcc4bd858c4; LPSID=CB7; uv=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 25572
Connection: keep-alive
Date: Mon, 30 Jan 2023 15:23:24 GMT
Server: Apache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: frame-ancestors 'none'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Set-Cookie: router_id=b89cfcc4bd858c4; expires=Mon, 06-Feb-2023 15:23:24 GMT; Max-Age=604800; path=/
SES=4802782244; expires=Tue, 31-Jan-2023 15:23:24 GMT; Max-Age=86400; path=/t/17844/
token=74543f97fdae0370935b677e394004bb3f9d9bfaaf8ac41772d40c9aaf789785; expires=Mon, 30-Jan-2023 16:23:24 GMT; Max-Age=3600; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, no-transform
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iB9A99c3d8O9tROhTkWviRl82GhZGDrcGkUR8noaKSNuKZ2aztHQCQ==

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155

139.45.195.8

302 Moved Temporarily

138 B

URL HTTP/1.1
my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 30 Jan 2023 15:23:24 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *

www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW

142.250.74.78

200 OK

43 kB

URL HTTP/2
www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
43 kB (43261 bytes)
Hash
36cdd5852ff80269a0f46d40a75676e1
678d565ed966b794b42d6dca4c5b357c1d89ed10
d3913119458ab3651f757317e593a3590dc7eb9c467d329d4b811542ec6cf84f

HTTP Headers

GET /optimize.js?id=OPT-WTX2SLW HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 15:23:24 GMT
expires: Mon, 30 Jan 2023 15:23:24 GMT
cache-control: private, max-age=900
last-modified: Mon, 30 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43261
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-MF387SN

142.250.74.168

200 OK

61 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-MF387SN
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40004)
Size
61 kB (61172 bytes)
Hash
67d42c2e9820e7cff2ad8a74660c1635
de0ec2ca6b8d65863842479acad4e86db77bcaba
8d5337a454a011bc5ae7c1ca48651806753a0e0aa129b040671202d59c361798

HTTP Headers

GET /gtm.js?id=GTM-MF387SN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 15:23:24 GMT
expires: Mon, 30 Jan 2023 15:23:24 GMT
cache-control: private, max-age=900
last-modified: Mon, 30 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61172
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

basebonecdn.com/media/images/download/download_pinlock_3.png

172.67.190.201

200 OK

3.2 kB

URL HTTP/1.1
basebonecdn.com/media/images/download/download_pinlock_3.png
IP
172.67.190.201:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 109 x 106, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3189 bytes)
Hash
5d1ee9008bce301ddd6fa74571b3e17c
9b621b76e35b4911655794eb47740a925acb3ed9
dcd1d8d9427dcf544e5cf3a6fa44018f7cda51f34074316cb9bd0e2572cb8426

HTTP Headers

GET /media/images/download/download_pinlock_3.png HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:24 GMT
Content-Type: image/png
Content-Length: 3189
Connection: keep-alive
Last-Modified: Wed, 01 Jun 2022 07:34:32 GMT
x-amz-version-id: .tWJTcT0wSu34VKPzFpcHLVSfG.ygeJt
ETag: "5d1ee9008bce301ddd6fa74571b3e17c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LbNRqaAHqjBf4kDPvnKAukG8iy3ahXDKKQxeGwAo7yip35NAZiCc4A==
Cache-Control: max-age=86400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSGP%2B0QSsH5hBInKCuv3EZOVU2wHGa%2BFUqMH6J0xSkR7UERes3T%2FfHN4YVQ5HKvNh%2BF5ZmrUHQa%2FP4Lr7f7zz5WhBkX2sHuF6YqU47D4uaaRBYEA7CI4gNQrvgptEpvvD%2BA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791b3564bc03fac4-OSL
alt-svc: h2=":443"; ma=60

basebonecdn.com/media/images/logos/2022/games.baseplay.co_logo_white.svg

172.67.190.201

200 OK

3.3 kB

URL HTTP/1.1
basebonecdn.com/media/images/logos/2022/games.baseplay.co_logo_white.svg
IP
172.67.190.201:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (7221), with no line terminators
Size
3.3 kB (3282 bytes)
Hash
f7f3046b1d2b3a613fa3665cca511d17
5a46738f82faae852045cd6b76b87bfab95049ad
b11a797775add50160154ce389dee8ef2c5cf63e6b27934540299676c7a79466

HTTP Headers

GET /media/images/logos/2022/games.baseplay.co_logo_white.svg HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:24 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 03 May 2022 06:55:44 GMT
x-amz-version-id: ugN9qMzqnDLrUO3WWb5eWYaX1SM9HzLN
Content-Encoding: gzip
ETag: W/"4acf5bbac675a722da47d4d2150eeced"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NN-4zmfof0jTrKdkh3XQKtkFFYNoUO6VTYCvDxTCyPbzMbC_6bKFqA==
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5FXDwRA3bvdvA%2BRMCVBUL7U4ZqvkvTk9GzETfZUR9CKBuJL2go1IhWGZLVLgQNWoeBgCLWy92r8wjt%2BPsrVbCwkLh%2BzECTQxyaB8mME41L%2FokeycxdYLr7xYffpldWhlFA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791b3564bfb2b505-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f90597ac725c17232fb0e807e80359b2
6d88f61dd41cce96246caa8ed81b7593455e4671
2456263dd21986d49ea478d5a5d69ee7b741b3291bb456e9cc4f9cf0cf2a5cb2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2456263DD21986D49EA478D5A5D69EE7B741B3291BB456E9CC4F9CF0CF2A5CB2"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7342
Expires: Mon, 30 Jan 2023 17:25:46 GMT
Date: Mon, 30 Jan 2023 15:23:24 GMT
Connection: keep-alive

basebonecdn.com/media/images/antivirus/antivirus_lp_za_26.jpg

172.67.190.201

200 OK

48 kB

URL HTTP/1.1
basebonecdn.com/media/images/antivirus/antivirus_lp_za_26.jpg
IP
172.67.190.201:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 480x317, components 3\012- data
Size
48 kB (47883 bytes)
Hash
1a8414abd9e7991ed9cdaf2a65266162
f7c475d3bc6a28f2e93fea88b7142586915b0e4b
39e05d3bc5426bbb8bf22aef88e1eb5b16d4e51f26035da25058823343e2fc47

HTTP Headers

GET /media/images/antivirus/antivirus_lp_za_26.jpg HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:24 GMT
Content-Type: image/jpeg
Content-Length: 47883
Connection: keep-alive
Last-Modified: Thu, 08 Oct 2020 09:01:53 GMT
x-amz-version-id: 46LHVJpFrKp3z61HEhiKHz6wgouOP.E8
ETag: "1a8414abd9e7991ed9cdaf2a65266162"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VwBDBAWhZ0wG54eI2HX-FWeLGO4k2l-n56baGsI90X_AFQ715rVy3w==
Cache-Control: max-age=86400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ipupTaUoikmw57zs29Ls1%2FRCdsxQYddPHuEiZhQKaRTIsMx3asix3CtR9TOG4WfdrAwn1rlVPMPaCdJCRmKBK2IXvksLNfvRTIugjH2ddI0FvGaZ36VtfIwBQY9%2FcSTnCM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791b3564ba1a1c06-OSL
alt-svc: h2=":443"; ma=60

my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
a6d255f2eb0b2c7d64159cef20667aec
14c29b6145a612e72bd1dc59bb0ccb55415c530b
910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9

HTTP Headers

GET /p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ae.continuetoplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:23:24 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ae.continuetoplay.com/favicon.ico

54.230.111.8

200 OK

1.4 kB

URL HTTP/1.1
ae.continuetoplay.com/favicon.ico
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ae.continuetoplay.com/t/17844/?SES=4802782244&a=9csm9&w=2182323
Connection: keep-alive
Cookie: router_id=b89cfcc4bd858c4; LPSID=CB7; uv=1; token=74543f97fdae0370935b677e394004bb3f9d9bfaaf8ac41772d40c9aaf789785

HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Content-Length: 1406
Connection: keep-alive
Date: Mon, 30 Jan 2023 15:23:24 GMT
Server: Apache
Last-Modified: Thu, 16 Aug 2018 11:13:01 GMT
ETag: "57e-5738b86b699ef"
Accept-Ranges: bytes
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UQhXCwfp6p4R7N8GvgA_S_2CEtfrfR2mLvWUtZsX2tDndgJlTN8trA==

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a369a4445d1fccf2ce045c3c4c3f3d67
d6f618e6150a4f9ac6eb5df4a503141a635605a2
d62c7913686c10d4c4b8d691d533256534da77cecc9fcf3f8aa885380dcc148b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e&z=504094142

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e&z=504094142
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e&z=504094142 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 15:23:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a369a4445d1fccf2ce045c3c4c3f3d67
d6f618e6150a4f9ac6eb5df4a503141a635605a2
d62c7913686c10d4c4b8d691d533256534da77cecc9fcf3f8aa885380dcc148b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.basebone.com/frontend/google/ga4.php

80.74.141.5

200 OK

27 B

URL HTTP/1.1
api.basebone.com/frontend/google/ga4.php
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
399089a5a4aa675f2de0020c0d2dfe56
4bb635c9d4d04ad3937179af9084cbe3b4a01a0a
4f4cc2c452d815cfc35c7cbaa804b74337b980231bc0a0dd1405ac93f80d82bf

HTTP Headers

POST /frontend/google/ga4.php HTTP/1.1
Host: api.basebone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 125
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 15:23:24 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Set-Cookie: LPSID=CB3; path=/

my.rtmark.net/img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 15:23:24 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=eee8720cf65c46aa874d9b664cef7797; expires=Tue, 30 Jan 2024 15:23:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-LF1R1KY13H&gtm=2oe1p0&_p=2141987499&_gaz=1&cid=631543157.1675092217&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675092217&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=874eb068770ab3828004ff2ad08b742e&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4802782244&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-LF1R1KY13H&gtm=2oe1p0&_p=2141987499&_gaz=1&cid=631543157.1675092217&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675092217&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=874eb068770ab3828004ff2ad08b742e&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4802782244&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LF1R1KY13H&gtm=2oe1p0&_p=2141987499&_gaz=1&cid=631543157.1675092217&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675092217&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4802782244%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=874eb068770ab3828004ff2ad08b742e&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4802782244&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://ae.continuetoplay.com
date: Mon, 30 Jan 2023 15:23:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/g/collect?v=2&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e

173.194.221.154

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e
IP
173.194.221.154:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LF1R1KY13H&cid=631543157.1675092217&gtm=2oe1p0&aip=1&uid=874eb068770ab3828004ff2ad08b742e HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://ae.continuetoplay.com
date: Mon, 30 Jan 2023 15:23:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 15:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML